Developer Tools AWS

Joomla CMS on AWS User Guide

| Product: Joomla CMS on AWS

Overview

This image runs Joomla behind nginx, with PHP FPM 8.3 and OPcache enabled. Site content and configuration are stored in MariaDB on the same instance, bound to the loopback interface only. Joomla's built in task scheduler runs hourly through a systemd timer, so scheduled jobs fire without manual intervention.

Joomla administrator and MariaDB credentials are generated on the first boot of every deployed instance. Two instances launched from the same Amazon Machine Image never share passwords. The initial administrator password and the MariaDB password are written to /root/joomla-credentials.txt with mode 0600 so that only the root user can read them.

Joomla is configured to accept requests on any host, so the site automatically works on whatever public DNS name or IP address visitors reach the instance on. There is no instance metadata lookup and no value to edit on first boot — deployments behind an Application Load Balancer, a private subnet, or a custom domain all work without changes.

Prerequisites

Before you deploy this image you need:

  • An Amazon Web Services account where you can launch EC2 instances
  • IAM permissions to launch instances, create security groups, and subscribe to AWS Marketplace products
  • An EC2 key pair in the target Region for SSH access to the instance
  • A VPC and subnet in the target Region, with a security group allowing inbound port 22 from your management network and inbound ports 80 and 443 from the networks your visitors will use
  • The AWS CLI (version 2) installed locally if you plan to deploy from the command line

Step 1: Launch the Instance from the AWS Marketplace

Sign in to the AWS Management Console, open the EC2 service, and select Launch instance. Under Application and OS Images choose AWS Marketplace AMIs and search for Joomla CMS. Select the cloudimg listing and choose Select, then Continue on the subscription summary.

Pick an instance type of m5.large or larger — the Joomla workload is PHP and MariaDB heavy. Choose your EC2 key pair under Key pair (login). Under Network settings select your VPC and subnet, and either create or select a security group that allows inbound port 22 from your management network and inbound ports 80 and 443 from the networks your visitors use. Leave the root volume at the default size or larger.

Select Launch instance. First boot initialisation takes approximately one minute after the instance state becomes Running and the status checks pass.

Step 2: Launch the Instance from the AWS CLI

The following block launches an instance from the cloudimg Joomla Marketplace AMI into an existing subnet and security group. Replace <ami-id> with the AMI ID shown on the Marketplace listing, <key-name> with your EC2 key pair name, <subnet-id> with your subnet ID, and <security-group-id> with a security group that opens ports 22, 80, and 443 as described above.

aws ec2 run-instances \
  --image-id <ami-id> \
  --instance-type m5.large \
  --key-name <key-name> \
  --subnet-id <subnet-id> \
  --security-group-ids <security-group-id> \
  --block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs":{"VolumeSize":30,"VolumeType":"gp3"}}]' \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=joomla-cms-01}]'

The command prints a JSON document on success. Note the instance ID, then retrieve its public address once it is running with aws ec2 describe-instances --instance-ids <instance-id> --query "Reservations[].Instances[].PublicIpAddress" --output text.

Step 3: Connect and Retrieve Initial Credentials

Connect over SSH with the key pair you selected and the public IP address from step 2. The SSH login user depends on the operating system of the AMI variant you launched:

AMI variant SSH login user
Joomla 6 on Ubuntu 24.04 ubuntu

The first boot service runs before the SSH daemon becomes ready, so the credentials file is always in place when you log in for the first time.

ssh <login-user>@<public-ip>
sudo cat /root/joomla-credentials.txt

You will see a plain text file containing the Joomla URL, the administrator username (admin), the administrator password, and the MariaDB database name, user, and password. Copy these values somewhere secure (a password manager or encrypted vault). Do not commit them to source control.

From the same SSH session you can confirm the deployment is healthy:

curl -fsS -o /dev/null -w 'administrator login HTTP %{http_code}\n' http://127.0.0.1/administrator/

An administrator login HTTP 200 response confirms the full stack — nginx, PHP and MariaDB — is serving Joomla.

Step 4: First Login to the Joomla Administrator Interface

Open a web browser and navigate to http://<public-ip>/administrator/. Joomla presents the administrator sign-in form.

Joomla administrator login page

Enter the administrator username admin and the administrator password from /root/joomla-credentials.txt, then select Log in. The public site itself is reached at http://<public-ip>/.

Step 5: The Administrator Control Panel

After signing in, Joomla shows the control panel — the home dashboard of the administrator interface. The left hand menu gives you every management area: Content for articles, categories and media, Menus for site navigation, Components for built in applications such as contacts and banners, Users for accounts and groups, and System for global configuration, templates, extensions and maintenance.

Joomla administrator control panel

The control panel surfaces the most common tasks, any post installation messages, and the Joomla and PHP versions in use. The System dashboard is the first place to check the health of a deployment.

Step 6: Change the Administrator Password

For a production deployment rotate the administrator password that was generated on first boot. Open Users then Manage, select the admin user, and on the Account Details tab enter a new value in the Password and Confirm Password fields. Select Save.

While you are there, set a real email address on the account so password recovery and system notifications reach you.

Step 7: Create Your First Article

Joomla content is organised as articles within categories. Open Content then Articles, then select New. Give the article a title, write the body in the editor, and assign it a category. Use the Publishing tab to control the publish state and the Featured toggle to promote the article to the site front page.

Joomla article editor

Select Save & Close. Manage the site front page from Content then Site Modules, and the navigation from Menus.

Step 8: Install Extensions and Templates

Joomla's functionality is extended with components, modules, plugins and templates from the Joomla Extensions Directory at https://extensions.joomla.org/. Open System then, under Install, choose Extensions.

Joomla extensions installer

You can upload an extension package directly, install one from a URL, or browse the Install from Web tab. Templates are installed the same way and then assigned under System then Site Templates. Installed extensions are managed under System then Manage then Extensions.

Step 9: Configure Outbound Email

By default Joomla sends mail through the server's PHP mail function. For reliable delivery on a cloud instance route mail through an SMTP provider such as Amazon SES, SendGrid, or Mailgun. Open System then Global Configuration, select the Server tab, and under Mail Settings set the Mailer to SMTP. Enter your provider's SMTP host, port, security, and credentials, then select Save and send a test message.

Step 10: Enable HTTPS with Let's Encrypt

For any production Joomla deployment serve the site over HTTPS so session cookies and authentication tokens cannot be intercepted. The image ships with nginx, which certbot can configure automatically.

The following assumes you have a DNS record pointing your fully qualified domain name at the instance's public IP address.

sudo apt-get update && sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d joomla.your-domain.example \
  --non-interactive --agree-tos -m you@your-domain.example \
  --redirect

After certbot finishes, open System then Global Configuration and set Force HTTPS to Entire Site so Joomla generates HTTPS links throughout.

Step 11: Backups and Maintenance

Joomla has two data sources that must be backed up together: the MariaDB database and the site files in /var/www/joomla (the Joomla code tree, installed extensions, and uploaded media under images/).

sudo mysqldump --single-transaction joomla > /var/backups/joomla-db-$(date +%F).sql
sudo tar --acls --xattrs -czf /var/backups/joomla-files-$(date +%F).tgz -C /var/www joomla

Ship both artifacts to an Amazon S3 bucket or another object store. The task scheduler timer installed with the image runs Joomla's scheduled tasks hourly.

For kernel and package updates, Ubuntu's unattended-upgrades is enabled by default — security patches apply automatically. To update Joomla core and extensions, use the built in updater under System then Update then Joomla.

Step 12: Scaling Beyond a Single Instance

For larger deployments decouple Joomla from the single instance pattern:

  • Move MariaDB to Amazon RDS for MariaDB and update the database host in /var/www/joomla/configuration.php
  • Put the Joomla web tier behind an Application Load Balancer and scale horizontally with an Auto Scaling group, with the images/ directory on Amazon EFS shared storage
  • Offload Joomla caching to Amazon ElastiCache for Redis through Joomla's cache settings
  • Serve static assets and uploaded media through Amazon CloudFront

Each of these is documented in the official Joomla documentation at https://docs.joomla.org/.

Support

cloudimg provides 24/7/365 expert technical support for this image. Guaranteed response within 24 hours, one hour average for critical issues. Contact support@cloudimg.co.uk.

For general Joomla administration questions consult the community at https://www.joomla.org/ and the documentation at https://docs.joomla.org/.