Please read the manual carefuly
-
Creating sudoers user (don’t use root)
- do update first
sudo apt-get update
- https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart
- do update first
-
Prevent root user login via SSH and change the SSH port
-
Open and edit /etc/ssh/sshd_config:
PermitRootLogin no Port 10201
-
Restart SSH service
-
-
Allow login via public key SSH (optional)
-
Install ZSH as shell (optional)
-
Add basic list folder aliases (optional: step 4 required)
- Open your
.zshrc
vi ~/.zshrc
- On the bottom of files add new aliases
alias ll='ls -alF' alias la='ls -A' alias l='ls -CF'
- Save and exit
- Open your
-
Install Git (you don't need this if you did step 4)
sudo apt-get update sudo apt-get install git git-core
We are using Apache2, Nginx (as Reserve Proxy) & MySQL for Database
-
Install Apache2
sudo apt-get update # installing apache2 sudo apt-get install apache2 apache2-utils
-
Install PHP 7.2 & MySQL
# installing PHP7.2 sudo add-apt-repository ppa:ondrej/php sudo apt-get update sudo apt-get install php-pear php7.2 php7.2-common php7.2-mysql php7.2-curl php7.2-mbstring php7.2-bcmath php7.2-dba php7.2-bz2 php7.2-dev php7.2-xml php7.2-intl php7.2-opcache php7.2-xmlrpc php7.2-cli php7.2-json php7.2-pgsql php7.2-soap php7.2-xsl php7.2-gd php7.2-sqlite3 php7.2-zip php7.2-cgi php7.2-fpm php7.2-xsl mysql-server sudo mysqld --initialize sudo mysql_secure_installation
- You will asked to enter password for root user MySQL, enter your desired password!
- Your server should can be accessed now
OPTIONAL SECTION : Installing mcrypt on PHP 7.2
## How to install mcrypt in php7.2 ## ## https://lukasmestan.com/install-mcrypt-extension-in-php7-2/ ## # # Check version php and pecl # php -v # if default php is not 7.2 then use /usr/bin/php7.2 instead php pecl version # # Install mcrypt extension # see http://pecl.php.net/package-info.php?package=mcrypt&version=1.0.1 # sudo apt-get -y install gcc make autoconf libc-dev pkg-config sudo apt-get -y install libmcrypt-dev sudo pecl install mcrypt-1.0.1 # # When you are shown the prompt # # libmcrypt prefix? [autodetect] : # Press Enter to autodetect. # # After success installing mcrypt trought pecl, you should add mcrypt.so extension to php.ini, # The output will look like this: # # ... # Build process completed successfully # Installing '/usr/lib/php/20170718/mcrypt.so' ----> this is our path to mcrypt extension lib # install ok: channel://pecl.php.net/mcrypt-1.0.1 # configuration option "php_ini" is not set to php.ini location # You should add "extension=mcrypt.so" to php.ini # # Grab installing path and add to cli and apache2 php.ini # # example: sudo bash -c "echo extension=/usr/lib/php/20170718/mcrypt.so > /etc/php/7.2/cli/conf.d/mcrypt.ini" sudo bash -c "echo extension=/usr/lib/php/20170718/mcrypt.so > /etc/php/7.2/apache2/conf.d/mcrypt.ini" # check that the extension was installed with this command: php -i | grep mcrypt # # The output will look like this: # # /etc/php/7.2/cli/conf.d/mcrypt.ini # Registered Stream Filters => zlib.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk, convert.iconv.*, mcrypt.*, mdecrypt.* # mcrypt # mcrypt support => enabled # mcrypt_filter support => enabled # mcrypt.algorithms_dir => no value => no value # mcrypt.modes_dir => no value => no value
-
Configure Apache2 and PHP
-
Change default port apache2 to
8087
. Edit filesudo vi /etc/apache2/ports.conf
-->Listen 8087
save and exit. shcd sites-available/ sudo vi 000-default.conf
-
Edit virtualhost port so that same with apache2 custom port (
8087
)<VirtualHost *:8087> ... </VirtualHost>
-
Restart apache2 :
sudo service apache2 restart
-
-
Install & Configure Nginx
-
Install Nginx
sudo apt-get install nginx
-
Configure GZip compression
cd /etc/nginx/ sudo vi nginx.conf
-
Edit GZip section become like this:
# Gzip Settings ## gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
Under GZip settings please add proxy cache configuration
# Proxy Cache Settings proxy_cache_path /var/cache levels=1:2 keys_zone=reverse_cache:60m inactive=90m max_size=1000m;
-
Save and exit
-
Create new nginx virtualhost
cd /etc/nginx/sites-available vi mysite.conf
-
Then fill mysite.conf this:
server { listen 80; # Site Directory same in the apache virtualhost configuration root /var/www/html; index index.php index.html index.htm; # Domain server_name www.mysite.com mysite.com; location / { try_files $uri $uri/ /index.php?$query_string; } # Reverse Proxy and Proxy Cache Configuration location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8087; # Cache configuration proxy_cache reverse_cache; proxy_cache_valid 3s; proxy_no_cache $cookie_PHPSESSID; proxy_cache_bypass $cookie_PHPSESSID; proxy_cache_key "$scheme$host$request_uri"; add_header X-Cache $upstream_cache_status; } # Enable Cache the file 30 days location ~* .(jpg|png|gif|jpeg|css|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ { proxy_cache_valid 200 120m; expires 30d; proxy_cache reverse_cache; access_log off; } # Disable Cache for the file type html, json location ~* .(?:manifest|appcache|html?|xml|json)$ { expires -1; } location ~ /\.ht { deny all; } }
-
Save and exit
-
Then enable mysite.conf with
sudo ln -s /etc/nginx/sites-available/mysite.conf /etc/nginx/sites-enabled/
-
Test configuration and restart
sudo nginx -t sudo service nginx restart
-
-
Configure logging
-
We are going to configure apache to log the real ip of the visitor instead of the local IP.
-
Please install the apache module "libapache2-mod-rpaf" and edit the module configuration file:
sudo apt-get install libapache2-mod-rpaf cd /etc/apache2/mods-available/ vi rpaf.conf
-
Add the server IP to the line 10. For the example my server has the IP: 192.168.1.108, so the configuration become:
RPAFproxy_ips 127.0.0.1 192.168.1.108 ::1
-
Restart apache2 service:
sudo service apache2 restart
-
-
Configure date, time, and timezone
sudo dpkg-reconfigure tzdata
and choose your desired timezone