(Advanced) Deployment on Amazon EC2

To simplify Plesk provisioning in the Cloud for infrastructure providers (including service providers offering dedicated servers, VPS, or IaaS), Plesk provides AMIs (Amazon Machine Images) for deploying on the Amazon EC2 web service (for details, refer to https://aws.amazon.com/ec2/?nc1=h_ls). Each AMI allows deploying a particular instance of Plesk 12.5 optimized for specific needs.

Plesk 12.5 AMIs are shipped in five editions and are available for both Linux and Windows. The provided AMIs are listed below.

Note: The 'Bring Your Own License' (BYOL) instance of Plesk 12.5 allows you to purchase your own license directly from the Plesk Online Store or from a Plesk reseller. Plesk 12.5 licenses are available for two platform types: for dedicated servers and for VPSes. You can use either with your Plesk installed on an Amazon EC2 VPS.

More information about Plesk 12 editions can be found in the following Knowledge Base article: Plesk 12 available editions and differences between them.

Steps to Deploy

To deploy Plesk 12.5 from an AMI, perform the following steps:

1. Log in to the AWS Marketplace, search for the AMI with Parallels as the publisher, then click the selected product.
2. Check the product description to make sure that it suits your needs, and click the Continue button.
3. You can choose one of two tabs: Manual Launch with EC2 console or 1-Click Launch. The 1-Click Launch uses the predefined settings (this option does not allow you to modify the default storage size and type when creating the instance: 10 GB magnetic storage for a Linux AMI, and 30 GB magnetic storage for a Windows AMI. To change the disk storage size after deployment, see the Amazon AWS documentation: Expanding the Storage Space of a Volume).
4. If you select 1-Click Launch (predefined settings):
   • In the Region menu, select the region in which to deploy the instance. Select EC2 Instance Type, depending on your needs (Note: the price can differ for different regions).
   • In VPC settings, select where your instance will be deployed: EC2 classic (recommended), or your personal Virtual Private Cloud (VPC). If you select a VPC network, please make sure that your virtual network is configured to provide internet access to the instance being deployed. For example, enable the Auto-assign Public IP option in the instance details settings. The main differences between EC2-classic and VPC are described here: Amazon EC2 and Amazon Virtual Private Cloud (VPC).
   • In Security Group, select the default options, or create a new Security Group based on seller settings. Pay special attention to the ports that are required for Plesk - see the Knowledge Base article Which ports need to be opened for all Plesk services to work with a firewall?.
   • Select the Key Pair to be used for connecting to the instance (an existing Key Pair is required to connect to the Plesk instance). A Key Pair can be generated in the AWS Management Console.
   • Click the Accept Terms & Launch with 1-Click button.

     Note: By default, instances are deployed with a small root storage (10 GB on Linux and 30 GB on Windows). To deploy instances with larger storage, use Manual Launch with EC2 console. To learn how to change the disk storage size after deployment, check the Amazon AWS documentation: Expanding the Storage Space of a Volume.

5. If you select Manual Launch with EC2 console (adjust additional settings, such as disk space, before launch):
   • Select the Manual Launch tab.
   • In the Region section, click the Launch with EC2 Console button for the region in which the instance is to be deployed.
   • In the EC2 Console, choose an Instance Type corresponding to your requirements, and click the Next: Configure Instance Details button.
   • Set instance details. Here, you can select how many instances to deploy, and select a Network (EC2-classic or VPC). If the VPC network is selected, please make sure that your virtual network is configured to provide internet access to the instance being deployed. For example, enable the Auto-assign Public IP option in the instance details settings. The main differences between EC2-classic and VPC are described here: Amazon EC2 and Amazon Virtual Private Cloud (VPC).
   • Change other options if required, and click Next: Add Storage.
   • Increase storage size of your instance. By default, AMIs on Linux have 10 GB storage, and AMIs on Windows have 30 GB storage (which is the minimum value). It is recommended that you increase your disk storage size to be greater than the default values - your disk will be automatically resized when the instance is deployed. To learn how to change the disk storage size after deployment, check the Amazon AWS documentation: Expanding the Storage Space of a Volume. You can also add more storage to your instance, and change the storage volume types to increase performance. Find more information about storage types and pricing in the Amazon AWS documentaion: Amazon EBS Product Details. Click Next: Tag Instance.
   • Add Tags for the instance. For example, you can define a tag with key = Name and value = Webserver. Learn more about tagging your Amazon EC2 resources in the Amazon documentation: Tagging Your Amazon EC2 Resources. Click Next: Configure Security Group.
   • Configure the security group. A security group is a set of firewall rules that controls the traffic to and from your instance. It is recommended that you configure the security group depending on the services you are going to provide, based on the information in the Knowledge Base article Which ports need to be opened for all Plesk services to work with a firewall?. Click Next: Review Instance Launch.
   • Review your instance launch details. You can go back to make changes, or click Launch to assign a key pair to your instance and complete the launch process.
6. When the instance is deployed, click the Visit Your Software link. The page with your subscription will be opened.
7. Select Manage in the AWS console. In the AWS Management Console, open your instances list (using the Instances link in the left menu) and select the instance.
8. It is recommended to attach your Elastic IP to the instance. In the left menu, select Elastic IPs and Allocate New Address, or select any existing unassociated address to be associated to your instance. After the Elastic IP attachment, reboot the instance and perform additional actions to configure Plesk (see the Changing IP Address section). Learn more about Elastic IP in the Amazon AWS documentation: Elastic IP Addresses
9. To get your Plesk instance admin password:

   On Linux

   Log in via SSH as the EC2-user using the private key of the Key Pair you deployed the instance with.

   For CentOS, use the following command:

   $ ssh -i <path to private key> ec2-user@<elastic or public IP>

   For Ubuntu, use the following command:

   $ ssh -i <path to private key> ubuntu@<elastic or public IP>

   And then run the following command:

   $ sudo plesk bin admin --show-password

   On Windows

   Log in via the remote desktop as the Administrator user with the password taken from the AWS console with the Get Windows Password action. Then, run this command in the command line or or powershell:

   c:\> plesk bin admin --show-password

10. Log in to Plesk at https://<public IP>:8443 using the login "admin" and the password you just retrieved.
11. Configure your server's IP address - there is an autodetected private IP address in the configuration form. 

    Note: Never add your public IP to your Plesk instance - only private IP addresses must be registered in Plesk. You can assign a public IP later, on the Tools & Settings > IP Addresses page (it is done automatically on Windows instances). For details, refer to the Administrator's Guide.

    In Plesk 12.5 "Bring Your Own License", "Web Host", and "Web Pro" editions, there is an option to mark the private IP as either dedicated or shared. The private IP should be shared if you want to host different customers in Plesk (this can be changed later in Tools & Settings > IP Addresses).

12. Specify a hostname. We recommend that you use a domain name that you control, or one controlled by the Amazon instance's Public DNS that will be constant in the case of an Elastic IP.

    Note: Some spam filters (including the default Plesk Greylisting tool) treat mail auto-generated by Amazon hostnames as spam.

13. Change your password.
14. If you chose the "Bring Your Own License" edition, activate the license of the Plesk instance as described in the Install a License Key chapter.
15. (Recommended) For Linux AMI, switch the server to serve any subdomain's DNS records in separate DNS zones for every subdomain. Run the command:
    plesk bin server_pref -u -subdomain-dns-zone own
16. (Recommended) For correct work of site preview on Plesk 12.5 for Linux AMI, register the Public IP of the instance as the Plesk public IP. This can be done by two ways:
    1. Go to Tools & Settings > IP Addresses, click the IP of the instance and fill the Public IP field.
    2. Run the command:
       plesk bin ipmanage -u `curl http://169.254.169.254/latest/meta-data/local-ipv4` -public-ip `curl http://169.254.169.254/latest/meta-data/public-ipv4`

Changing IP address

After every stop/start, your instance changes the public and private IP addresses pair. As a result, you need to perform some additional steps. These steps must also be performed after assigning a new Elastic IP to a configured Plesk instance, but this requires an additional instance restart. For Plesk to operate correctly, all services must be configured to use the private IP, and all A-type DNS records pointing to the local services should point to the public IP.

Steps on Linux

1. Connect to the instance via SSH as the EC2-user.
2. If this is the initial IP configuration (for example, after associating an Elastic IP and rebooting) and there are no domains in Plesk yet, run the following command:

   $ sudo /usr/local/psa/bin/amazon_install_dns_template `curl http://169.254.169.254/latest/meta-data/public-ipv4`

3. If the IP was changed for a Plesk instance that already hosts domains:

• Log in to Plesk and go to Tools & Setting > General Settings > DNS Template.
• Change all A-type DNS records in the server-wide DNS template pointing to the old public IP to the new public IP and synchronize the changes to all zones by clicking Apply DNS Template Changes and selecting Apply the changes to all zones. Keep in mind that all unchanged PTR and A-type DNS records that point to the old public IP in all DNS zones will be changed to the new public IP.

  You can find additional details on the DNS Template synchronization procedure in the Administrator's Guide: DNS Template.

1. Reconfigure all public DNS servers used by the hosted domains to match the machine's new public IP address.
2. If a public IP was configured for Plesk IP, it should be modified after the IP change. This can be done by the following ways:
   1. Change public IP to the new AWS Public (Elastic) IP in Tools & Settings > IP Addresses.
   2. Run the command:
      plesk bin ipmanage -u `curl http://169.254.169.254/latest/meta-data/local-ipv4` -public-ip `curl http://169.254.169.254/latest/meta-data/public-ipv4`

Steps on Windows

In AMIs with Plesk 12.5, automatic reconfiguration of the public IP addresses is enabled by default. It means that you do not need to make any changes after the IP address change except the instance restart. Just make sure that the Plesk public IP has been changed to the new AWS Public (Elastic) IP in Tools & Settings > IP Addresses.

How it works

A number of actions are performed automatically when an instance is deployed, stopped, started, or restarted. You can disable these actions if necessary.

On Linux

After an instance deployment, the following actions are performed automatically:

• The license key is retrieved (for non-BYOL instances). The step requires the instance to have an internet connection.
• Proftpd is configured to work behind NAT by setting up MasqueradeAddress to Amazon Public IP and adding PassivePorts range (60000-65535). The following command is run:
  /usr/local/psa/bin/amazon_setup_ip `curl http://169.254.169.254/latest/meta-data/public-ipv4`
• All A and PTR records in the server-wide DNS template are configured to use the instance's Public IP. The following command is run:
  /usr/local/psa/bin/amazon_install_dns_template `curl http://169.254.169.254/latest/meta-data/public-ipv4`
• The latest Plesk updates are installed.

After an instance stop/start/restart, the following actions are performed automatically:

• Proftpd is configured to work behind NAT by setting up MasqueradeAddress to Amazon Public IP and adding PassivePorts range (60000-65535). The following command is run:
  /usr/local/psa/bin/amazon_setup_ip `curlhttp://169.254.169.254/latest/meta-data/public-ipv4`

To disable there reconfigurations, rename the /etc/rc.local file to /etc/rc.local.bak.

On Windows

After an instance deployment, the following actions are performed automatically:

• The license key is retrieved (for non-BYOL instances). The step requires the instance to have an internet connection.
• The default IIS firewall settings are configured to serve requests to the Amazon Public IP address (siteDefaults.ftpServer.firewallSupport.externalIp4Address) and allowed ports range (60000-65535). The following command is run to configure Plesk's Public IP feature to use the AWS Public IP:
  "%plesk_bin%\amazon\amazon_repair_ip.cmd"
• The latest Plesk updates are installed.

After an instance stop/start/restart, the following actions are performed automatically:

• The default IIS firewall settings are configured to serve requests to the Amazon Public IP address (siteDefaults.ftpServer.firewallSupport.externalIp4Address) and allowed ports range (60000-65535). Plesk's Public IP feature is reconfigured to use the AWS Public IP. All DNS A and PTR records in all existing DNS zones are changed to point to the old Public IP to the new Public IP. Command:
  "%plesk_bin%\amazon\amazon_setup_ip.cmd

To disable these reconfigurations, disable the scheduled task Prepare public IP.

Upgrade or Transfer

Upgrade a Plesk EC2 instance from previous version to Plesk 12.5

If you have already deployed a Plesk instance based on an AMI of a previous version and want to upgrade to Plesk 12.5:

1. Upgrade your Plesk as described in the Upgrading Plesk chapter.
2. Use the utilities described below:

On Linux

• Download the archive ami_linux_utils.zip and unpack its contents to /usr/local/psa/bin/.
• Replace /etc/rc.local content with the following: 

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
 
main()
{
    date
    local amazon_public_ip=`curl http://169.254.169.254/latest/meta-data/public-ipv4`
    if [ -n "$amazon_public_ip" ]; then
        bash /usr/local/psa/bin/amazon_setup_ip $amazon_public_ip
    fi
}
 
main >> /var/log/plesk/amazon_setup.log 2>&1

On Windows

• Download the archive ami_win_utils.zip and unpack its contents to C:\Program Files (x86)\Parallels\Plesk\admin\bin\amazon.
• Import the scheduled task Prepare public IP.xml from the archive. 
• Edit the server's DNS template and replace all IP addresses in the A records pointing to the current public IP with the <ip> placeholder (or click Restore Defaults if you made no customizations to the DNS template).

Go to Tools &Settings > IP Addresses and set the current Amazon Public IP as public IP for the local IP listed in the interface. Alternatively, run the following command: 
%plesk_bin%\ipmanage.exe -u "[local IP listed on interface]" -public_ip "[Amazon Public IP]"
(Here [local IP listed on interface] and [Amazon Public IP] should be changed to the corresponding IP addresses.)

This will enable automatic public IP reconfiguration (for more details, see the How it works section). To disable this reconfiguration, disable the imported scheduled task Prepare public IP. If your Plesk is not configured or its IP address has been changed, refer to the Changing IP address section above.

Plesk transfer to Amazon EC2 instance

To transfer your Plesk server to or from an Amazon instance deployed from a Plesk AMI, follow the instructions provided in the Knowledge Base article How to migrate domains which use custom DNS templates.

Troubleshooting and Limitations

Troubleshooting

• If an AMI of a non-BYOL Plesk edition is deployed, and Plesk shows a message saying that some functions are not accessible due to license limitations, it may mean a failure of license update on the image deployment.
  Symptom: check the /var/log/plesk/amazon_setup.log file (on Linux) or the %plesk_bin%\amazon\amazon_prepare_instance.log file (on Windows) for errors like the following:

  [2015-09-17 06:31:31] ERR [panel] Failed to update key. Attempt: 1

  [2015-09-17 06:32:32] ERR [panel] Failed to update key. Attempt: 2

  [2015-09-17 06:33:34] ERR [panel] Failed to update key. Attempt: 3

  [2015-09-17 06:34:35] ERR [panel] Failed to update key. Attempt: 4

  [2015-09-17 06:35:37] ERR [panel] Failed to update key. Attempt: 5

  exit status 1

  or the error like:

  ERROR: bad arguments (Customizations.php:30)

  Solution: check your network environment and accessibility of ka.plesk.com and installer.plesk.com, and redeploy the instance.

• If one or more services are not available after an IP address change, try to restart the instance or to manually run the reconfiguration scripts:
  • Linux: # bash /etc/rc.local
  • Windows: "%plesk_bin%\amazon\amazon_setup_ip.cmd" 

Known Issues and Limitations

• Plesk 12.5 AMIs are intended to be used on instances with direct access to the Internet, and can be launched in EC2 Classic network or in VPC if the instance with Plesk is the internet gateway for the VPC network (public IP can be returned with the following request: curl http://169.254.169.254/latest/meta-data/public-ipv4). Otherwise, Plesk AMI automatic customizations must be disabled and performed manually for the public IP of network's internet gateway (see the 

  How it works section). In addition, a port redirection for used services must be configured on the network's Internet Gateway to make Plesk services accessible from the Internet (the complete list of ports used by Plesk can be found in the Knowledge Base article Which ports need to be opened for all Plesk services to work with a firewall?).
• An instance restart is required every time an Elastic IP is attached to the instance, even if the same Elastic IP had been attached to the instance before the instance stopped.
• Site preview does not work on Plesk 12.5 for Linux AMI unless the Public IP of the instance is registered as the Plesk public IP. To do this, in Tool & Settings > IP Addresses click the registered IP Address and setup Public IP for IP. Alternatively, use the following command:
  # plesk bin ipmanage --update `plesk db "select ip_address from IP_Addresses" | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}"` -public_ip `curl http://169.254.169.254/latest/meta-data/public-ipv4`
• The Tomcat component is not shipped with the AMIs.
• Some spam filters (including the default Plesk Greylisting tool) treat mail auto-generated by Amazon hostnames as spam. Therefore, you may need to change the hostname.
• After deploying Plesk 12.5 AMI instances for Windows, the Windows Update service is disabled. It is recommended to perform all necessary Windows updates manually after deployment and to turn on automatic updates.