Concrete CMS on AWS User Guide
Overview
This image runs Concrete CMS, the free, open source content management system designed for teams that build and manage websites without writing code. Its standout feature is in context editing: you edit pages directly on the live site, dragging blocks of content onto the page and seeing changes instantly. The dashboard adds a full sitemap, page versioning and approval, a file manager, reusable stacks, themes and a built in marketplace of add-ons.
Concrete CMS is installed under /var/www/concrete and runs as a standard LAMP application: PHP 8.3 with php-fpm, a MariaDB database, and nginx serving the website and the editing dashboard on port 80. Systemd manages the database, the PHP FastCGI workers and the web server, starting them on boot and restarting them on failure. The content database lives at /var/lib/mysql, which is a dedicated, independently resizable EBS data volume.
Concrete CMS secures the dashboard with its own administrator login. The administrator password is generated on the first boot of every deployed instance, so two instances launched from the same Amazon Machine Image never share a password. It is written to /root/concrete-cms-aws-credentials.txt with mode 0600 so that only the root user can read it. A full sample site is seeded so you can explore the editing experience immediately.
Prerequisites
Before you deploy this image you need:
- An Amazon Web Services account where you can launch EC2 instances
- IAM permissions to launch instances, create security groups, and subscribe to AWS Marketplace products
- An EC2 key pair in the target Region for SSH access to the instance
- A VPC and subnet in the target Region, with a security group allowing inbound port 22 from your management network and port 80 for the website and dashboard
- The AWS CLI (version 2) installed locally if you plan to deploy from the command line
Step 1: Launch the Instance from the AWS Marketplace
Sign in to the AWS Management Console, open the EC2 service, and select Launch instance. Under Application and OS Images choose AWS Marketplace AMIs and search for Concrete CMS. Select the cloudimg listing and choose Select, then Continue on the subscription summary.
Pick an instance type of t3.medium or larger. Choose your EC2 key pair under Key pair (login). Under Network settings select your VPC and subnet, and either create or select a security group that opens port 22 from your management network and port 80 for the website and dashboard. Leave the root volume at the default size or larger.
Select Launch instance. First boot initialisation installs the per instance database and administrator account and takes a minute or two after the instance state becomes Running and the status checks pass.
Step 2: Launch the Instance from the AWS CLI
The following block launches an instance from the cloudimg Concrete CMS Marketplace AMI into an existing subnet and security group. Replace <ami-id> with the AMI ID shown on the Marketplace listing, <key-name> with your EC2 key pair name, <subnet-id> with your subnet ID, and <security-group-id> with a security group that opens ports 22 and 80 as described above.
aws ec2 run-instances \
--image-id <ami-id> \
--instance-type t3.medium \
--key-name <key-name> \
--subnet-id <subnet-id> \
--security-group-ids <security-group-id> \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=concrete-cms}]'
When the instance reaches the Running state and its status checks pass, note its public IP address or DNS name from the EC2 console or with aws ec2 describe-instances.
Step 3: Connect to Your Instance
Connect over SSH using your key pair and the login user for your operating system variant.
| OS variant | SSH login user |
|---|---|
| Ubuntu 24.04 | ubuntu |
ssh -i <key-name>.pem ubuntu@<public-ip>
Step 4: Retrieve the Administrator Password
The dashboard administrator password is unique to your instance and was generated on first boot. Read it as root:
sudo cat /root/concrete-cms-aws-credentials.txt
The file lists the website URL, the login URL, the administrator user (admin) and the generated password. Keep this password somewhere safe.
Step 5: Sign In to the Dashboard
The website and the editing dashboard are served on port 80 by nginx. In a browser, go to the login page:
http://<instance-public-ip>/index.php/login
Sign in as admin with the password from the credentials file. After signing in you land on the dashboard, where the Welcome, Sitemap, Files, Members, Express, Boards, Reports and Pages & Themes sections give you everything you need to build and manage your site.
Step 6: Edit a Page in Context
Concrete CMS lets you edit your website directly on the page. Browse to any page of your site, then open the page menu in the editing toolbar at the top of the screen and choose Edit This Page. The page reloads in edit mode with every content region outlined, so you can drag and drop blocks for text, images, galleries, forms and navigation, rearrange layouts, and publish with one click.
The seeded sample site demonstrates the standard building blocks: a sitewide header with the site title, navigation and search, an image slider, and a three column Bootstrap layout. Click any block to edit its content or use the Add menu in the toolbar to drop new blocks onto the page.
Step 7: Organise Your Site with the Sitemap
Open Sitemap from the dashboard to see the full page tree. From here you add, move, copy and delete pages, manage page versions and approval, and configure page attributes and permissions. The seeded site ships with Home, Services, Portfolio, Team, Blog, Search and Contact pages so you can see how a real site is structured.
Step 8: Confirm Concrete CMS Is Running
Over SSH, confirm the database, the PHP FastCGI workers and the nginx proxy are active and that port 80 is listening:
sudo systemctl is-active mariadb php8.3-fpm nginx
sudo ss -tlnp | grep -E ':80 '
You should see all three services reported as active and nginx listening on port 80. Confirm the application answers on the loopback interface:
curl -s -o /dev/null -w 'login page: %{http_code}\n' http://127.0.0.1/index.php/login
A 200 confirms the login page is served. Check the installed Concrete CMS core version with the bundled console tool:
sudo -u www-data php /var/www/concrete/concrete/bin/concrete c5:info | grep -i 'Core Version'
Step 9: The Database Volume
The content database lives on a dedicated EBS volume mounted at /var/lib/mysql. This keeps the database off the operating system disk and lets you resize or snapshot it independently. Confirm the mount with:
df -h /var/lib/mysql
To grow the database store, expand the EBS volume in the AWS console, then grow the filesystem on the instance with sudo resize2fs on the underlying device. The MariaDB server listens on the loopback interface only and is never exposed to the network.
Step 10: Manage Files, Themes and Add-ons
From the dashboard, open Files to use the file manager for uploading and organising images and documents, Pages & Themes to install and activate themes and switch the look of your site, and Extend Concrete to browse and install add-ons from the Concrete CMS marketplace. Reusable Stacks & Blocks let you define content once and place it across many pages.
Step 11: Add a Custom Domain and Enable HTTPS
First boot pins the site canonical URL to your instance public IP so links and assets resolve correctly out of the box. To serve the site on your own domain, point a DNS record at the instance (or at a load balancer in front of it), then update the canonical URL in the dashboard under System & Settings, SEO & Statistics, URLs and Redirection.
The website is served over plain HTTP on port 80 by nginx. For production use, place it behind TLS. Obtain a certificate for your domain (for example with a managed certificate on an Application Load Balancer in front of the instance, or with Certbot installed on the instance), then configure nginx to listen on 443 with your certificate and proxy to the Concrete CMS front controller exactly as the bundled site does for port 80. Restrict the security group so ports 80 and 443 are reachable only from the networks that need them.
Step 12: Backup and Maintenance
Back up your site by snapshotting the /var/lib/mysql EBS volume, which captures the entire content database, together with the uploaded files under /var/www/concrete/application/files. Apply operating system security updates with sudo apt-get update && sudo apt-get upgrade and reboot when a new kernel is installed; MariaDB, php-fpm and nginx start automatically on boot. Concrete CMS itself is updated from the dashboard or by replacing the application code under /var/www/concrete following the Concrete CMS upgrade documentation.
Support
This image is published and supported by cloudimg. Support covers deployment, theme and add-on installation, page and block editing, user and permission management, the file manager, database tuning, TLS and scaling. Contact cloudimg through the support channel listed on the AWS Marketplace listing.
All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.