Skip to content

Instantly share code, notes, and snippets.

@masiur

masiur/digital_ocean_lamp_setup.md

Forked from linhai86/digital_ocean_lamp_setup.md
Created April 21, 2016 19:45
Show Gist options
  • Save masiur/bd6e83d15a23cb078eaf818c83bb1cb5 to your computer and use it in GitHub Desktop.
Save masiur/bd6e83d15a23cb078eaf818c83bb1cb5 to your computer and use it in GitHub Desktop.
Download ZIP
Digital Ocean LAMP Setup (Ubuntu 14.04)
Raw
digital_ocean_lamp_setup.md

[Initial Server Setup with Ubuntu 14.04] 1

ssh root@SERVER_IP_ADDRESS

adduser demo

# Add the new user to the sudo group
gpasswd -a demo sudo

# Add public key to new remote user
ssh-keygen
nano .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

# Configure SSH
nano /etc/ssh/sshd_config
# Change SSH port
# Modify section: "Port 22" to "Port 4444"
# Restrict root login
# Modify section: "PermitRootLogin yes" to "PermitRootLogin no"
# Disable password authentication: change "PasswordAuthentication yes" to "PasswordAuthentication no"
# Reload SSH
service ssh restart

ssh -p 4444 demo@SERVER_IP_ADDRESS

[Additional Recommended Steps for New Ubuntu 14.04 Servers] 2

  1. [Configuring a Basic Firewall] 7
# Allow ssh at port 4444
sudo ufw allow 4444/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable SMTP email at port 25
sudo ufw allow 25/tcp

sudo ufw show added

sudo ufw enable
  1. Configure Timezones and Network Time Protocol Synchronization
# Select the geographic region of the server
sudo dpkg-reconfigure tzdata

# Configure NTP Synchronization
sudo apt-get update
sudo apt-get install ntp
  1. Create a Swap File
# Allocate the space for swap file
sudo fallocate -l 4G /swapfile
sudo chmod 600 /swapfile

# Format the file for swap
sudo mkswap /swapfile

# Tell the system it can use the swap file
sudo swapon /swapfile

# Modify a system file so that the server will do this automatically at boot
sudo sh -c 'echo "/swapfile none swap sw 0 0" >> /etc/fstab'
  1. Take a Snapshot of your Current Configuration
sudo poweroff

[How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 14.04] 3

  1. Install Apache
sudo apt-get update
sudo apt-get install apache2

# To find the server's public IP address
ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
  1. Install MySQL
sudo apt-get install mysql-server php5-mysql

# Create database directory structure
sudo mysql_install_db

#  Run a simple security script that will remove some dangerous defaults and lock down access to the database system a   little bit
sudo mysql_secure_installation
  1. Install PHP
sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt

# make Apache look for an index.php before index.html
sudo nano /etc/apache2/mods-enabled/dir.conf
# In "<IfModule mod_dir.c> ... </IFModule>" section, put index.php in front of index.html

sudo service apache2 restart

# Install PHP modules
apt-cache search php5-
apt-cache show php5-cli
sudo apt-get install php5-cli
  1. Test PHP Processing on your Web Server

[An Introduction to Securing your Linux VPS] 5

  1. Blocking Access with Firewalls
  2. [UFW] 7
  3. IPTables
  4. IP6Tables
  5. NFTables
  6. [Implement fail2ban to Ban Malicious IP Addresses] 6
sudo apt-get install fail2ban

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

# Configure the defaults in jail.local
sudo nano /etc/fail2ban/jail.local
# Set destemail
# Edit ssh port "port=4444"

sudo service fail2ban restart

# See the rules that fail2ban puts in effect within the IP table
sudo iptables -L
  1. Implement an Intrusion Detection System to Detect Unauthorized Entry
  2. Tripwire
  3. Aide
  4. Psad
  5. Bro
  6. RKHunter

[Set Up Apache Virtual Hosts on Ubuntu 14.04 LTS] 8

  1. Create the Directory Structure
sudo mkdir -p /var/www/example.com/public_html
sudo mkdir -p /var/www/test.com/public_html

# Grant Permissions
sudo chown -R $USER:$USER /var/www/example.com/public_html
sudo chown -R $USER:$USER /var/www/test.com/public_html

sudo chmod -R 755 /var/www
  1. Create Demo Pages for Each Virtual Host
nano /var/www/example.com/public_html/index.html
nano /var/www/test.com/public_html/index.html
  1. Create New Virtual Host Files
# Apache comes with a default virtual host file called 000-default.conf that we can use as a jumping off point
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example.com.conf
sudo nano /etc/apache2/sites-available/example.com.conf
# Change "ServerAdmin webmaster@localhost" to "ServerAdmin admin@example.com"
# Change "DocumentRoot /var/www/html" to "DocumentRoot /var/www/example.com/public_html"
# Add "ServerName example.com"
# Add "ServerAlias www.example.com"
  1. Enable the New Virtual Host Files
sudo a2ensite example.com.conf
sudo a2ensite test.com.conf

sudo service apache2 restart

[Set Up Email Host with Your Domain on DigitalOcean] 9

  1. Sign Up a Free Account at [Zoho] 10 with Domain Name
  2. Verify Domain Ownership by Setting TXT Record
  3. Create Users and Groups (Optional)
  4. Add MX Records to Name Server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment