sudo add-apt-repository -y ppa:nginx/development
- repository for latest nginxsudo add-apt-repository -y ppa:ondrej/php
- repository for latest phpsudo add-apt-repository -y ppa:chris-lea/redis-server
- for latest redissudo apt-get update
to update the server packagessudo apt-get install -y git tmux vim curl wget zip unzip htop
- basic commands and softwares
UFW
sudo apt-get install ufw
Nginx
sudo apt-get install -y nginx
PHP
sudo apt-get install -y php7.1-fpm php7.1-cli php7.1-mcrypt php7.1-gd php7.1-mysql php7.1-pgsql php7.1-imap php-memcached php7.1-mbstring php7.1-xml php7.1-curl php7.1-bcmath php7.1-sqlite3 php7.1-xdebug
Composer
php -r "readfile('http://getcomposer.org/installer');" | sudo php -- --install-dir=/usr/bin/ --filename=composer
MySQL
sudo apt-get install -y mysql-server
Redis
sudo apt-get install -y redis-server
Folders
sudo mkdir /var/www/app/production
- Create a folder for production envsudo chown -R www-data:www-data /var/www/app
- Set ownage to www-data
Nginx
- Edit the file
/etc/nginx/nginx.conf
for some general nginx configuration, likeclient_max_body_size
, etc - Edit the file
/etc/nginx/sites-available/default
with the configs above:
server {
listen 80 default_server;
root /var/www/myapp/public;
index index.html index.htm index.php;
server_name domain.com;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
}
- To create another virtual server, copy the contents above to anoter config file, like
sudo nano /etc/nginx/sites-available/subdomain.domain.com
- Change the
root
folder, add aserver_name
and remove thedefault
from the listen - Create a simlink to the enabled folder:
sudo ln -s /etc/nginx/sites-available/subdomain.domain.com /etc/nginx/sites-enabled/
PHP-FPM
- Check
/etc/php/7.1/fpm/php.ini
file for php configurationsupload_max_filesize
, etc - Edit the file
/etc/php/7.1/fpm/pool.d/www.conf
with the configs above:
pm.max_children = 10 # Max number of processes of php-fpm (checkout server RAM before calculate)
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 1000 # Max requests before php-fpm restart the worker
MySQL
sudo mysql_secure_installation
Firewall config
- Check if IPV6 is enabled
sudo nano /etc/default/ufw
-IPV6=yes
- Default - deny all incoming
sudo ufw default deny incoming
- Default - allow all outgoing
sudo ufw default allow outgoing
- SSH
sudo ufw allow ssh
- HTTP
sudo ufw allow http
- Enable UFW
sudo ufw enable
Creating a user and add ssh keys
- Create a user
sudo adduser <username>
- Add to sudoers group
sudo adduser <username> sudo
- Go to user folder
cd /home/<username>
- Create the ssh folder
mkdir .ssh
- Add public key to authorized file
nano .ssh/authorized_keys
- Logout and login again to check if user can sudo
Disabled root login
- Edit the file
/etc/ssh/sshd_config
with the parameters above:
# Disallow root login over ssh
PermitRootLogin no
# Disallow password authentication
PasswordAuthentication no
- Restart ssh service
sudo service ssh restart