TJohns.co

Details

Written by Timothy Johns

Category: Server Setup

Published: 02 April 2019

Last Updated: 02 April 2019

Hits: 958

• ssl
• security
• https

Add repository:
sudo add-apt-repository ppa:certbot/certbot

Install CertBot's Apache package:
sudo apt install python-certbot-apache

Make sure you have a server block for your domain:
sudo nano /etc/apache2/sites-available/example.com.conf

Reload Apache:
sudo systemctl reload apache2

Check firewall status:
sudo ufw status

After firewall has been confirmed enabled, configured, add rules:
sudo ufw allow 'Apache Full'
sudo ufw delete allow 'Apache'

Should at least have the following rules:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Apache Full                ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)        

Use Apache CertBot plugin to create & install certificate, keys:
sudo certbot --apache -d example.com -d www.example.com

Test auto-renew:
sudo certbot renew --dry-run

Details

Written by Timothy Johns

Category: Server Setup

Published: 01 April 2019

Last Updated: 18 April 2019

Hits: 1808

• phpmyadmin
• linux
• lamp
• node

Update software

apt-get update && apt-get upgrade

You will be prompted to update or keep local copy of grub... keep the local copy!

Create hostname

hostnamectl set-hostname example
(replace 'example' with something new.  Doesn't matter what you call it)

Edit /etc/hosts

Example:
127.0.0.1 localhost
45.79.74.179 example-domain.com example-hostname
2600:3c01::f03c:91ff:fea5:187e example-domain.com example-hostname
(ipv6 is optional)

Set Time Zone

List time zones:

Preferred Method:

dpkg-reconfigure tzdata

Alternate Method:

timedatectl list-timezones

Set time zone (example):

timedatectl set-timezone 'America/Los_Angeles'

Use 'date' command to check time.

Add New User

adduser example_user

Add to sudo:

adduser example_user sudo

From here on, all commands will be issues by tim (but w/sudo sometimes)

Skipping 'create authentication key-pair' (used to disallow SSH via password)

Install Apache 2.4

sudo apt install apache2

Install MySQL

sudo apt install mysql-server

Install PHP & Additional Dependencies/support

sudo apt install php7.2 libapache2-mod-php7.2

Optional supports can be added to or some removed, depending on your needs.  You may only need a few like mysql & curl.  I usually install all of these to cover bases:

sudo apt-get install php-pear php-curl php-dev php-gd php-mbstring php-zip php-mysql php-xml php-json php-cgi php-mysql

Configure Apache

KeepAlive On
MaxKeepAliveRequests 50
KeepAliveTimeout 5

sudo nano /etc/apache2/apache2.conf
(linode had the correct settings and didn't need modified)

mpm prefork module:
StartServers 4
 MinSpareServers 3
 MaxSpareServers 30
 MaxRequestWorkers 150
 MaxConnectionsPerChild 10000

sudo nano /etc/apache2/mods-available/mpm_prefork.conf

Disable event module & enable prefork:

sudo a2dismod mpm_event
sudo a2enmod mpm_prefork
(found that this was also not necessary as event was already disabled and prefork was already enabled)

Restart apache:
sudo systemctl restart apache2

Setup Virtual Hosts

Make copy of default configuration file, replacing example.com with website:

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.conf

Sudo nano /etc/apache2/sites-available/example.com.conf

Following lines need to be uncommented, added or edited:

        ServerName example.com
        ServerAlias www.example.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/example.com/public_html

        ErrorLog /var/www/html/example.com/logs/error.log
        CustomLog /var/www/html/example.com/logs/access.log combined

You must create the public_html folder.  Also, something that Linode never mentions, you will need to allow yourself write permissions on the folder:

sudo mkdir -p /var/www/html/thecontrolpanel.live/{public_html,logs}

sudo chown -R $USER:$USER /var/www/html/thecontrolpanel.live/public_html
The command above give the logged in user appropriate permissions.

That was also not ideal.  Most of the people, myself included, that write Linux material have no clue when it comes to permissions.
So here's an alternative I'm trying...
sudo chown -R www-data:www-data /var/www/html/eth.blockinetics.io/public_html

...then add your username to www-data:
sudo adduser tim www-data

Link virtual hosts file from sites-available directory to sites-enabled directory:

Enable website

sudo a2ensite example.com

Disable default virtual host

sudo a2dissite 000-default.conf

MySQL Setup

sudo mysql -u root

Create database & user:
CREATE DATABASE webdata;
GRANT ALL ON webdata.* TO 'webuser' IDENTIFIED BY 'password';
(change 'webuser' & 'password' appropriately)

Then exit:
exit;

sudo mysql_secure_installation

Answer yes to:
remove anonymous users
disallow root login remotely
remove test database & access to it
reload privilege tables now

Configure PHP

Edit configuration file:
sudo nano /etc/php/7.2/apache2/php.ini

Following should be set:

error_reporting = E_ALL
max_input_time = 30
error_log = /var/log/php/error.log


Note: for production, error reporting should be:
Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT

Create the log directory/file & give access to apache system user:

sudo mkdir /var/log/php

sudo chown www-data /var/log/php

Restart apache:

sudo systemctl restart apache2

Install PhpMyAdmin

sudo apt-get install mcrypt

sudo service apache2 restart

sudo apt-get install phpmyadmin

create symbolic link:

sudo ln -s /usr/share/phpmyadmin

NODE & NPM

curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -

sudo apt-get install -y nodejs

sudo apt-get install -yq --no-install-recommends libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 libnss3

Details

Written by Timothy Johns

Category: Server Setup

Published: 21 April 2018

Last Updated: 26 September 2018

Hits: 1417

• ubuntu
• linux
• ssh

This is for Ubuntu 16.04/17.10, Nginx, MySQL & PHP (LEMP)

Restart Nginx
sudo systemctl restart nginx
sudo systemctl reload nginx (only reload config file)

Restart PHP
sudo systemctl restart php7.0-fpm

Nginx config file
sudo nano /etc/nginx/nginx.conf

PHP config file
sudo nano /etc/php/7.0/fpm/php.ini

PHP Hosts file (sites-available/default)
sudo nano /etc/nginx/sites-available/default

Check syntax
sudo nginx -t

Firewall Status
sudo ufw status

Extract .tar.gz
sudo tar -xvzf file.tar.gz
optionally add -C destination/

Details

Written by Timothy Johns

Category: Server Setup

Published: 21 April 2018

Last Updated: 26 September 2018

Hits: 1412

• LEMP
• LEMP setup
• install phpmyadmin

Install phpMyAdmin
sudo apt-get update
sudo apt-get install phpmyadmin
You'll get asked which system you want to install phpMyAdmin on. Nginx is not an option, so hit tab & enter to skip this.
Next you'll be asked if you want dbconfig-common to configure a database.  

Create a password for phpMyAdmin & it's database.

Create a symbolic link from the phpMyAdmin application to the public folder.
sudo ln -s /usr/share/phpmyadmin /var/www/html

Enable the mcrypt PHP module.
sudo phpenmod mcrypt

Restart PHP
sudo systemctl restart php7.0-fpm

phpMyAdmin is now set up at your domain or IP (ex: example.com/phpmyadmin)

ToADD: create symbolic link for security (obsure /phpmyadmin from public)

Details

Written by Timothy Johns

Category: Server Setup

Published: 20 April 2018

Last Updated: 26 September 2018

Hits: 1365

• LEMP
• LEMP setup
• Install PHP

These instructions are specifically for Nginx.  Unlike Apache, Nginx doesn't contain a native PHP processor so PHP-FPM (PHP fastCGI processing manager), so it will need to be installed manually.

Install php-fpm, php-mysql, and other modules that may be needed.  Some of these can be left off if they won't be used.  But if not sure, it won't hurt to install all of them as so...
sudo apt-get install php-fpm php-mysql php-curl php-gd php-pear php-imagick php-imap php-mcrypt php-recode php-tidy php-xmlrpc

Php-fpm will need to be configured.  Open the configuration file and edit with nano.
sudo nano /etc/php/7.0/fpm/php.ini

Find cgi.fix_pathinfo.  It will be commented out with a semicolon like:
;cgi.fix_pathinfo=1

Uncomment it and change the value to 0.  This is required for the security of your PHP files.  It should look like this after:
cgi.fix_pathinfo=0
Save and close the file.

Restart the PHP processor.
sudo systemctl restart php7.0-fpm

Configure Nginx to use the new PHP processor (php-fpm)

Open the Nginx default server configuration file with nano.
sudo nano /etc/nginx/sites-available/default
Below is an example of the most recent block regarding php-fpm in the file.  Don't forget to add index.php to the index...

# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;

server_name [your ip should be here];

location / {
   # First attempt to serve request as file, then
   # as directory, then fall back to displaying a 404.
   try_files $uri $uri/ =404;
}


# pass the PHP scripts to FastCGI server listening on ...
#
location ~ \.php$ {
   include snippets/fastcgi-php.conf;

   # With php7.0-fpm:
   fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
   deny all;
}

Details

Written by Timothy Johns

Category: Server Setup

Published: 20 April 2018

Last Updated: 26 September 2018

Hits: 1409

• LEMP
• LEMP setup
• Install MySQL

Code samples for installing MySQL on Ubuntu Server via SSH

Install MySQL
sudo apt-get install mysql-server

You'll be asked for a root password that you want to use for the MySQL system.

Secure the installation.
mysql_secure_installation

You'll need to enter the password you supplied for the MySQL system. Then you'll be asked if you want to VALIDATE PASSWORD PLUGIN.  This is optional, but if don't set it up, you should make sure to use secure passwords.  If you do set it up, be sure you don't have anything like software that tries to create DB credentials with non-secure/simple passwords or it will produce errors.  I personally don't set this up, but I make sure that future credentials use secure passwords.

Next you'll be asked if you want to remove anonymous users, the test database, and disable remote logins.  You can usually answer yes to these questions.  Then also enter 'yes' to enable these rules and MySQL will be setup.

Details

Written by Timothy Johns

Category: Server Setup

Published: 20 April 2018

Last Updated: 26 September 2018

Hits: 1372

• nginx
• LEMP
• LEMP setup

These are the basic commands needed when SSHing into the server to install and configure Nginx.

Update the package manager unless it's already been done.
sudo apt-get update

Install the Nginx package.
sudo apt-get install nginx

If you have UFW(uncomplicated firewall) firewall installed, you'll need to allow connections to Nginx.
sudo ufw allow 'Nginx HTTP'

Verify that it worked.
sudo ufw status
You should see Nginx in the list.

You can test that it worked also by pointing a web browser to the IP or domain (and you should see 'Welcome to nginx!'.