TurnKey GNU/Linux on the AWS marketplace

Table of contents

  1. Registering for bundled support and backup services
  2. Contacting support
  3. Getting started
  4. Logging in for administration
  5. Accessing the main app
  6. Documentation and other helpful resources
  7. Why can't I login as root?
  8. Your voice counts: leave a review on the AWS Marketplace
  9. AWS Marketplace customer agreement
  10. What's new

Registering for bundled support and backup services

To provide the best user experience, each TurnKey solution on the AWS marketplace bundles the following services for no extra charge:

  1. Chat and e-mail support: all your questions, technical issues, arbitrary whims and desires, lovingly attended to by our dedicated staff of Jeremies.
  2. 1-Click cloud backup, restore and migration: saves changes to files, databases and package management to encrypted storage which servers can be automatically restored from.

To benefit:

  1. Sign up for a free TurnKey Hub account if you don't already have one: https://hub.turnkeylinux.org/signup
  2. Activate your AWSMP subscription: https://hub.turnkeylinux.org/billing/awsmp

Contacting support

Web chat and ticketing system: the best way is to log into the Hub and click on the "Support" link. If we're available we'll be able to chat with you in real-time, otherwise this will open an issue so we can get back to you.

E-mail contact: <support AT turnkeylinux.org>. This works best if you're already registered for support.

Getting started

  1. Go to the AWS marketplace page of the TurnKey app you signed up
  2. Create an EC2 instance with 1-Click
  3. Point your browser at the public EC2 IP address for system initialization instructions:
    http://your-ec2-public-dns/

System initialization in a nutshell: a simple interactive step-by-step system initialization process runs the first time you login with your SSH keypair to the admin account.

ssh admin@your-ec2-public-dns

System initialization is required to setup passwords, install security updates, and configure key applications settings. To avoid exposing an unprotected TurnKey system to a hostile Internet, a virtual fence redirects access attempts to potentially vulnerable services until you complete this step.

Read more: System initalization, configuration and preseeding

Logging in for administration

Each TurnKey solution on the AWS marketplace links to an app specific page on the TurnKey website describing product features, notes and integration details.

At the bottom of this page, right after the screenshots, is a "Usage details & Logging in for administration" section you should refer to.

Accessing the main app

After system initialization is completed, the virtual fence is disabled, allowing you to securely access the local web server that was hidden behind the initialization instructions.

Point your browser to your EC2's instance public address: 

http://your-ec2-public-address/

Enabling encryption: If you don't mind ignoring scary browser warnings use https:// instead. This will encrypt your connection:

https://your-ec2-public-address/

SSL browser warning: The reason for the browser warning is that browsers don't like self signed SSL certificates. Unfortunately, this is the only kind that can be generated automatically without paying a commercial Certificate Authority.

You can disable the warning by replacing the random self signed certificate with an SSL certificate purchased from a trusted Certificate Authority.

Documentation and other helpful resources

Documentation and community resources:

  • TurnKey-specific documentation pages: All documentation pages and help resources on the TurnKey GNU/Linux website apply to AWS marketplace versions as well.

    The only AWS marketplace specific customization is that by default you don't login directly as root, but with the admin account instead.

  • Debian documentation: TurnKey GNU/Linux is essentially Debian GNU/Linux with batteries included. See Debian documentation for TurnKey GNU/Linux.

  • Ubuntu documentation: Since Ubuntu is closely based on Debian GNU/Linux most Ubuntu documentation is also useful.

Why can't I login as root?

You can, you just need to enable this yourself:

admin@core ~$ sudo turnkey-sudoadmin off

This will safely disable the admin account and re-enable direct root access.

Will this make my system any less secure?

No. It'll just remove a small unnecessary hassle. For most usage scenarios supported by TurnKey, administrating your system directly as root is no less (or more) secure than administrating it through an admin account with sudo root privileges. 

sudo is the Unix version of Simon Says:

Sorry Dave, I'm afraid I can't do that. You didn't say Simon Says...

So why not allow root logins by default?

We do everywhere else, but we have to make an exception on the AWS marketplace because its security policy doesn't permit vendors to allow direct access to the system root account:

Linux-based AMIs MUST lock/disable root login and allow only sudo access.

After unsuccessfully protesting this requirement we were forced to change the default TurnKey configuration (only on the AWS marketplace) so that instead of the root account an admin account with sudo root privileges is used.

Access to Webmin, the web based system control panel is unaffected. You just need to login with admin instead of root.

With shell access, the main difference is that you need to login as admin and that to execute commands as root you need to explicitly prepend them with the magic word "sudo":

admin@core ~$ sudo whoami
root

This doesn't really improve security. At best it might in some cases protect you from yourself.

It's kind of like if you're a James Bond villain with Tourettes. You don't want to accidentally start the self destruct sequence for your secret base so you train your henchmen not to take you seriously unless you first say Simon Says.

Some people believe strongly that doing things this way is always a good idea. Others find it silly and frustrating. Simon Says you decide.

Your voice counts: leave a review on the AWS Marketplace

TurnKey is a work of love run by a small team of open source enthusiasts, not a big corporation with a sales team and marketing budget. We spend all of our resources developing TurnKey and improving the quality of service we provide.

That means we rely on users like you to spread the word and provide us with valuable feedback. Please consider leaving a review on the AWS Marketplace, and sending an e-mail to support AT turnkeylinux.org so the project's founders can thank you personally.

See also