Skip to content

Instantly share code, notes, and snippets.

@RickJP

RickJP/gist:74608674608c63844d378a9342f41cdd

Created November 24, 2019 01:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save RickJP/74608674608c63844d378a9342f41cdd to your computer and use it in GitHub Desktop.
Save RickJP/74608674608c63844d378a9342f41cdd to your computer and use it in GitHub Desktop.
Download ZIP
CORE => SETUP LAMP STACK ON UBUNTU
Raw
gistfile1.txt
CORE => UBUNTU - ESSENTIALS STEPS
================================================================
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Offending ECDSA key in /Users/rick/.ssh/known_hosts:5
READ LINE TO CONFIRM
sed -n '5 p' ~/.ssh/known_hosts
OR
cat ~/.ssh/known_hosts | head -5 | tail -1
SOLUTION:
ssh-keygen -R <SERVER_IP>
ADD IT BACK
ssh -o ‘StrictHostKeyChecking no’ <USER>@<HOST>
---------------------------------------------------------------------------------------
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for ‘<FILE>.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
SOLUTION
chmod 400 ~/.ssh/<PUB KEY FILE>
---------------------------------------------------------------------------------------
GENERATE SECURE SSH KEY
ssh-keygen -t ed25519 -a 100 -f Lightsail_Ubuntu4me
COPY PUBLIC KEY OVER
ssh-copy-id -i ~/.ssh/Lightsail_Ubuntu4me.pub ubuntu@13.115.225.133
================================================================
UPGRADE UBUNTU
sudo -- sh -c 'apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y; apt-get autoclean -y'
INSTALL APACHE
sudo apt update
sudo apt install apache2
sudo ufw app list
sudo ufw app info “Apache Full”
sudo ufw allow in "Apache Full"
curl http://icanhazip.com
ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
INSTALL MYSQL
sudo apt install mysql-server
sudo mysql_secure_installation
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '
apache2kJP’;
FLUSH PRIVILEGES;
SELECT user,authentication_string,plugin,host FROM mysql.user;
-------------------------------------------------------------
REMOVE MYSQL
sudo service mysql stop
sudo apt-get remove --purge mysql-server mysql-client mysql-common
sudo apt-get autoremove
sudo apt-get autoclean
-------------------------------------------------------------
COMPLETELY UNINSTALL MYSQL ?
sudo -i
service mysql stop
killall -KILL mysql mysqld_safe mysqld
apt-get --yes purge mysql*
apt-get --yes autoremove --purge
apt-get autoclean
deluser --remove-home mysql
delgroup mysql
rm -rf /etc/apparmor.d/abstractions/mysql /etc/apparmor.d/cache/usr.sbin.mysqld /etc/mysql /var/lib/mysql /var/log/mysql* /var/log/upstart/mysql.log* /var/run/mysqld ~/.mysql_history
updatedb
------------------------------------------------------------
INSTALL PHP
sudo apt install php libapache2-mod-php php-mysql
sudo nano /etc/apache2/mods-enabled/dir.conf
Move the PHP index file (highlighted above) to the first position after the DirectoryIndex specification, like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo systemctl restart apache2
sudo systemctl status apache2
SEE AVALIABLE MODULES
apt search php- | less
apt show package_name
sudo nano /var/www/html/info.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<?php
phpinfo();
?>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo rm /var/www/html/info.php
SETUP VURTUAL HOSTS FOR APACHE
sudo mkdir -p /var/www/example.com/public_html
sudo mkdir -p /var/www/english4all.world/public_html
sudo chown -R www-data: /var/www/example.com
/etc/apache2/sites-available/example.com.conf
/etc/apache2/sites-available/english4all.world.conf
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<VirtualHost *:80>
ServerName english4all.world
ServerAlias www.english4all.world
ServerAdmin webmaster@english4all.world
DocumentRoot /var/www/english4all.world/public_html
<Directory /var/www/english4all.world/public_html>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/english4all.world-error.log
CustomLog ${APACHE_LOG_DIR}/english4all.world-access.log combined
</VirtualHost>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CREATE SYMBOLIC LINK
sudo a2ensite example.com
OR
sudo ln -s /etc/apache2/sites-available/example.com.conf /etc/apache2/sites-enabled/
sudo apachectl configtest
sudo systemctl restart apache2
a2dissite 000-default.conf
OBTAINING SSL CERTIFICATE (LET’S ENCRYPT)
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache
sudo nano /etc/apache2/sites-available/english4all.world.conf
sudo apache2ctl configtest
sudo systemctl reload apache2
sudo ufw status
sudo ufw allow 'Apache Full'
sudo ufw delete allow 'Apache'
sudo ufw allow ssh
sudo ufw app list
sudo ufw enable
sudo certbot --apache -d english4all.world -d www.english4all.world
DRY RUN
sudo certbot renew --dry-run
Block direct ip access to your server in Apache
sudo nano /etc/apache2/sites-available/direct.conf
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<VirtualHost *:80>
ServerName xxx.xxx.xxx.xxx
Redirect 403
DocumentRoot /dev/null
</VirtualHost>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sudo a2ensite direct
sudo systemctl reload apache2
================================================
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
ssh-keygen -R 13.115.225.133
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment