Skip to content

Instantly share code, notes, and snippets.

@guiliredu

guiliredu/#ServerConfigLemp.md

Last active February 19, 2019 14:27
Show Gist options
  • Save guiliredu/b5905436c73d6ccfdca02c78885670b2 to your computer and use it in GitHub Desktop.
Save guiliredu/b5905436c73d6ccfdca02c78885670b2 to your computer and use it in GitHub Desktop.
Download ZIP
Server Management Annotations
Raw
#ServerConfigLemp.md

Server configuration - Basics and LEMP

Installation - Server basics

  • sudo add-apt-repository -y ppa:nginx/development - repository for latest nginx
  • sudo add-apt-repository -y ppa:ondrej/php - repository for latest php
  • sudo add-apt-repository -y ppa:chris-lea/redis-server - for latest redis
  • sudo apt-get update to update the server packages
  • sudo apt-get install -y git tmux vim curl wget zip unzip htop - basic commands and softwares

Installation - Softwares

UFW

  • sudo apt-get install ufw

Nginx

  • sudo apt-get install -y nginx

PHP

  • sudo apt-get install -y php7.1-fpm php7.1-cli php7.1-mcrypt php7.1-gd php7.1-mysql php7.1-pgsql php7.1-imap php-memcached php7.1-mbstring php7.1-xml php7.1-curl php7.1-bcmath php7.1-sqlite3 php7.1-xdebug

Composer

  • php -r "readfile('http://getcomposer.org/installer');" | sudo php -- --install-dir=/usr/bin/ --filename=composer

MySQL

  • sudo apt-get install -y mysql-server

Redis

  • sudo apt-get install -y redis-server

Configurations

Folders

  • sudo mkdir /var/www/app/production - Create a folder for production env
  • sudo chown -R www-data:www-data /var/www/app - Set ownage to www-data

Nginx

  • Edit the file /etc/nginx/nginx.conf for some general nginx configuration, like client_max_body_size, etc
  • Edit the file /etc/nginx/sites-available/default with the configs above:
server {
    listen 80 default_server;

    root /var/www/myapp/public;

    index index.html index.htm index.php;

    server_name domain.com;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
       include snippets/fastcgi-php.conf;
       fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
    }
}
  • To create another virtual server, copy the contents above to anoter config file, like sudo nano /etc/nginx/sites-available/subdomain.domain.com
  • Change the root folder, add a server_name and remove the default from the listen
  • Create a simlink to the enabled folder: sudo ln -s /etc/nginx/sites-available/subdomain.domain.com /etc/nginx/sites-enabled/

PHP-FPM

  • Check /etc/php/7.1/fpm/php.ini file for php configurations upload_max_filesize, etc
  • Edit the file /etc/php/7.1/fpm/pool.d/www.conf with the configs above:
pm.max_children = 10 # Max number of processes of php-fpm (checkout server RAM before calculate)
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 1000 # Max requests before php-fpm restart the worker

MySQL

  • sudo mysql_secure_installation

Server security

Firewall config

  • Check if IPV6 is enabled sudo nano /etc/default/ufw - IPV6=yes
  • Default - deny all incoming sudo ufw default deny incoming
  • Default - allow all outgoing sudo ufw default allow outgoing
  • SSH sudo ufw allow ssh
  • HTTP sudo ufw allow http
  • Enable UFW sudo ufw enable

Creating a user and add ssh keys

  • Create a user sudo adduser <username>
  • Add to sudoers group sudo adduser <username> sudo
  • Go to user folder cd /home/<username>
  • Create the ssh folder mkdir .ssh
  • Add public key to authorized file nano .ssh/authorized_keys
  • Logout and login again to check if user can sudo

Disabled root login

  • Edit the file /etc/ssh/sshd_config with the parameters above:
# Disallow root login over ssh
PermitRootLogin no

# Disallow password authentication
PasswordAuthentication no
  • Restart ssh service sudo service ssh restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment