Install Ubuntu 22.04
Update all the things
sudo apt update
sudo apt upgrade --yes
sudo apt autoremove --yes
sudo apt autoclean --yes
sudo reboot
See disk make up
lsblk
Add free space to logical volume
sudo lvextend -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv
Fill available space
sudo resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
sudo apt install nginx
sudo systemctl status nginx
sudo apt install mariadb-server -y
sudo apt install php-mysql -y
sudo apt install php-fpm -y
sudo apt install php-curl php-gd php-mbstring php-xml php-xmlrpc php-cli php-redis unzip sqlite3 -y
cd ~
curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php
HASH=`curl -sS https://composer.github.io/installer.sig`
php -r "if (hash_file('SHA384', '/tmp/composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
sudo php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer
sudo apt update
sudo apt install nodejs npm -y
See repo for full instructions.
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash
source ~/.bashrc
cd ~
curl -L https://install.meilisearch.com | sh
chmod +x meilisearch
sudo mv ./meilisearch /usr/local/bin/
cd ~
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp
sudo apt install lsb-release curl gpg -y
curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
sudo apt-get update
sudo apt-get install redis -y
Enable on start
sudo systemctl enable redis-server
Create Certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
Create Diffie-Hellman group
sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
Warning
This is going to take a loooooooooooong time
Create snippet
sudo vim /etc/nginx/snippets/self-signed.conf
Snippet contents
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
Create snippet
sudo vim /etc/nginx/snippets/ssl-params.conf
Snippet content
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling off;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
Tip
The resolver
are DNS resolvers. This is set to Google. Use whatever you'd like.
sudo ufw allow OpenSSH
sudo ufw allow in "Nginx Full"
sudo ufw enable
sudo ufw status
Now Nginx splash page should be visible by visiting IP in web browser.
This is a security tweak that helps prevent malicious code injection by only accept requests to files that exist.
sudo sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/8.1/fpm/php.ini
Access the PHP config file
sudo vim /etc/php/8.1/fpm/pool.d/www.conf
Change the [www]
to [username]
and change the following to the updated user and group.
# early in the file
user = username
group = groupname
# futher down
listen.owner = username
listen.group = groupname
sudo unlink /etc/nginx/sites-enabled/default
Edit config
sudo vim /etc/nginx/nginx.conf
At the top of the file, change the www-data
to username
whichever user you'd like.
user www-data
- Recommend putting this at the user's home directory.
- We'll update the Nginx and PHP users to accommodate
- Create site directories
- Create a site root and web root (example
~/site
and~/site/public
) - clone repo into user root
- Create a site root and web root (example
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/website.dv.conf
This uses the self signed certificate we generated earlier
server {
listen 80;
listen [::]:80;
#access_log /home/username/logs/website-access.log;
error_log /home/username/logs/website-error.log error;
server_name website.dv www.website.dv;
root /home/username/website/public;
index index.php index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
#access_log /home/develop/logs/website-access.log;
error_log /home/develop/logs/website-error.log error;
server_name website.com www.website.com;
root /home/username/website/public;
index index.php index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
sudo ln -s /etc/nginx/sites-available/website.dv.conf /etc/nginx/sites-enabled/
Tip
If you'd prefer not to use an SSL
- skip SSL section above
- in the first
server
section... - change the
listen
port to 80 and removessl
- remove the snippet includes
- remove the 2nd
server
section
sudo nginx -t
sudo mysql_secure_installation
[!info]
- Not necessary to switch to Unix socket authentication
- Not necessary to change root password
- All other questions
Y
(remove anon users, disallow remote root, remove test db, reload privs)
sudo mysql -u root
CREATE DATABASE database_name;
CREATE USER 'homestead'@'localhost' IDENTIFIED BY 'secret';
GRANT ALL ON database_name.* TO 'homestead'@'localhost';
Tip
To exist mysql
type quit
curl https://raw.githubusercontent.com/meilisearch/meilisearch/latest/config.toml > ~/meilisearch.toml
sudo mv ~/meilisearch.toml /etc/meilisearch.toml
sudo vim /etc/meilisearch.toml
env = "development"
master_key = "YOUR_MASTER_KEY_VALUE"
db_path = "/var/lib/meilisearch/data"
dump_dir = "/var/lib/meilisearch/dumps"
snapshot_dir = "/var/lib/meilisearch/snapshots"
sudo mkdir /var/lib/meilisearch /var/lib/meilisearch/data /var/lib/meilisearch/dumps /var/lib/meilisearch/snapshots
sudo chown -R develop:develop /var/lib/meilisearch
sudo chmod 750 /var/lib/meilisearch
sudo vim /etc/systemd/system/meilisearch.service
[Unit]
Description=Meilisearch
After=systemd-user-sessions.service
[Service]
Type=simple
WorkingDirectory=/var/lib/meilisearch
ExecStart=/usr/local/bin/meilisearch --config-file-path /etc/meilisearch.toml
User=develop
Group=develop
[Install]
WantedBy=multi-user.target
cd ~
meilisearch
Clean up
cd ~
rm -rf data.ms
rm -rf dumps
Copy the master key and use that in the following file
sudo vim /etc/meilisearch.toml
sudo systemctl enable meilisearch
sudo systemctl start meilisearch
sudo systemctl status meilisearch
This is for direct access.
sudo vim /etc/nginx/sites-available/meilisearch.conf
Below, change the server_name
to whatever you'd like.
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name meilisearch.dv;
location / {
proxy_pass http://localhost:7700;
}
}
Link
sudo ln -s /etc/nginx/sites-available/meilisearch.conf /etc/nginx/sites-enabled/
Restart all the things
sudo systemctl daemon-reload
sudo systemctl restart nginx
sudo systemctl restart php8.1-fpm
sudo nginx -s reload
sudo systemctl restart meilisearch
ssh-keygen -t ed25519 -C "your@email.com"
git config --global user.name "Your Name"
git config --global user.email "your@email.com"