Skip to content

Instantly share code, notes, and snippets.

@mhrubel

mhrubel/Ubuntu Linux - Nginx Web Server - Full

Last active August 10, 2023 12:38
Show Gist options
  • Save mhrubel/6b0a9169765bc569ef2d4547b8354d81 to your computer and use it in GitHub Desktop.
Save mhrubel/6b0a9169765bc569ef2d4547b8354d81 to your computer and use it in GitHub Desktop.
Download ZIP
Install Nginx, PHP7.2-FPM, PHPmyAdmin, MariaDB, IonCube, LetsEncrypt SSL, Proftpd, Pure-FTPD, Postfix, Dovecot, SpamAssassin, Calm-V, Spam filter, Email Encryption, Email Signature, RainLoop and Roundcube Webmail, HTTP/2 on Ubuntu 18.04 / 18.10 Server (with all software's complete configuration)
Raw
Ubuntu Linux - Nginx Web Server - Full
Install Nginx, PHP7.2-FPM, PHPmyAdmin, MariaDB, IonCube, LetsEncrypt SSL, Pure-FTPD, Postfix, Dovecot, Email Encryption,
Email Signature, RainLoop and Roundcube Webmail on Ubuntu 18.04 / 18.10 Server (with all software's complete configuration)
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
This is a complete Ubuntu Linux based web server for website hosting purpose. Built with the below components for good performance.
Also, I tried to make it as secure as possible.
DISCLAIMER: I'm making this guide just for my own purpose and needs. But, If it meets your requirements,
please feel free to use the command with your own responsibility. Remember, I'm not liable if any bad thing happens to your server.
My recommendation is to you that use the command on a testing server before using it in a production server.
Just kidding; do whatever you like, at your own risk. :-P
Please contact me: If you need Linux server maintenance and installation help.
MY CONTACT:
EMAIL: bd.mhrubel@gmail.com
SKYPE: panpiedgroup
MOBILE: +8801734998405 (Bangladesh)
FACEBOOK: www.fb.me/bd.mhrubel
COMPONENT'S USED:
01. Nginx
02. PHP7.2-FPM
03. phpMyAdmin
04. MariaDB
05. IonCube
06. LetsEncrypt
07. Pure-FTPD
08. Postfix
09. Dovecot
10. Email Encryption with Let's Encrypt
11. Email Signature
12. Roundcube
13. RainLoop
14. HTTP/2
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
## Lets Update The Ubuntu Linux Server before creating the web serevr
sudo apt update && sudo apt upgrade -y && sudo apt dist-upgrade && sudo apt autoremove && sudo apt update
01. NGINX
-------------------
## Lets Install Nginx Web Server
sudo apt install nginx -y
# # # # # # # # # # # # # # # # # # # # # #
## Commands below can be used to stop, start and enable Nginx service
sudo systemctl stop nginx.service
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
# # # # # # # # # # # # # # # # # # # # # #
## Let's add a domain .conf file with PHP7.2-FPM enabled
sudo nano /etc/nginx/sites-available/example.com.conf
## Add below lines into the example.com.conf file and save it.
# # # # # # # # # # # # # # # # # # # # # #
server {
listen 80;
listen [::]:80;
root /var/www/html/example.com;
index index.php index.html index.htm;
server_name example.com www.example.com;
client_max_body_size 100M;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# # # # # # # # # # # # # # # # # # # # # #
sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/
sudo systemctl restart nginx.service
02. MariaDB
-------------------
## Lets Install MariaDB Database Server
sudo apt-get install mariadb-server mariadb-client -y
# # # # # # # # # # # # # # # # # # # # # #
## Commands below can be used to stop, start and enable MariaDB service
sudo systemctl stop mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
# # # # # # # # # # # # # # # # # # # # # #
## Secure MariaDB server
sudo mysql_secure_installation
# # # # # # # # # # # # # # # # # # # # # #
## Answer the questions below by following the guide.
Enter current password for root (enter for none): Just press the Enter
Set root password? [Y/n]: Y
New password: Enter password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
Restart MariaDB server
# # # # # # # # # # # # # # # # # # # # # #
sudo systemctl restart mariadb.service
03. PHP7.2-FPM
-------------------
## Add Extra Repository for PHP
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update
## Lets Install php7.2-fpm and few Useful PHP 7.2 Extensions
sudo apt install php7.2-fpm php7.2-common php7.2-cgi php7.2-mbstring php7.2-xmlrpc php7.2-soap php7.2-gd php7.2-xml php7.2-intl php7.2-mysql php7.2-cli php7.2-zip php7.2-curl php7.2-imap php7.2-opcache -y
# # # # # # # # # # # # # # # # # # # # # #
## Check Avaliable PHP7.2 Extensions / Modules
sudo apt-cache search php7.2
# # # # # # # # # # # # # # # # # # # # # #
## Configure PHP.ini file
sudo nano /etc/php/7.2/fpm/php.ini
# # # # # # # # # # # # # # # # # # # # # #
## Make the changes on the following lines below in the file and save...
cgi.fix_pathinfo=0
file_uploads = On
allow_url_fopen = On
memory_limit = 256M
upload_max_filesize = 250M
post_max_size = 500M
max_execution_time = 360
date.timezone = Asia/Dhaka
upload_tmp_dir = /var/tmp
# # # # # # # # # # # # # # # # # # # # # #
## Let's uncomment few PHP module...
## Open php.ini file and search for "Dynamic Extensions" and then uncomment below Extensions
sudo nano /etc/php/7.2/fpm/php.ini
# # # # # # # # # # # # # # # # # # # # # #
## Lists of php Extensions
extension=bz2
extension=curl
extension=gd2
extension=gettext
extension=intl
extension=imap
extension=mbstring
extension=exif
extension=openssl
extension=pdo_mysql
extension=soap
extension=sockets
extension=tidy
extension=xmlrpc
# # # # # # # # # # # # # # # # # # # # # #
## Check installed php extensions
php -m
## Add below custom extensions list (Enable, if you really need it. Otherwise - OPTIONAL)
# # # # # # # # # # # # # # # # # # # # # #
;;;;;;;;;;;;;;;;;;;;;;;;;
; Custom PHP Extensions ;
;;;;;;;;;;;;;;;;;;;;;;;;;
extension=dom
extension=iconv
extension=json
extension=date
extension=calendar
extension=hash
extension=filter
extension=ftp
extension=gd
extension=libxml
extension=PDO
extension=pdo_mysql
extension=session
extension=tokenizer
extension=xml
extension=zip
# # # # # # # # # # # # # # # # # # # # # #
## Lets restart the service
sudo systemctl restart php7.2-fpm.service
04. LetsEncrypt
----------------------
## Let's make sure that the Nginx domain conf is avaliable
sudo nano /etc/nginx/sites-available/example.com.conf
# # # # # # # # # # # # # # # # # # # # # #
server {
...
...
server_name example.com www.example.com;
...
...
}
# # # # # # # # # # # # # # # # # # # # # #
## Let's Install Let’s Encrypt Nginx Client
sudo apt-get install python-certbot-nginx -y
## If python-certbot-nginx isn’t already installed, you may have to add its PPA repository and install the package.
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx -y
## Please repleace the below example.com text with your own domain name.
sudo certbot --nginx --agree-tos --email admin@example.com --redirect --hsts -d example.com -d www.example.com
# # # # # # # # # # # # # # # # # # # # # #
## The commands options above are explained below:
### –nginx: Use the Nginx Let’s Encrypt installer
### –agree-tos: Agree to Let’s Encrypt terms of service
### –redirect: Adds 301 redirect.
### –email: Contact email address.
### –hsts: Adds the Strict-Transport-Security header to every HTTP response.
### – d flag is followed by domains you want to secure.
# # # # # # # # # # # # # # # # # # # # # #
## Now, the SSL client should install the cert and configure your website to redirect all traffic over HTTPS.
## The below highlighted code block should be added to your Nginx site configuration file automatically by Let’s Encrypt certbot.
## Your site is ready to be used over HTTPS.
# # # # # # # # # # # # # # # # # # # # # #
server {
...
...
server_name example.com www.example.com;
...
...
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
# Redirect non-https traffic to https
# if ($scheme != "https") {
# return 301 https://$host$request_uri;
# } # managed by Certbot
...
...
}
# # # # # # # # # # # # # # # # # # # # # #
## Let's add Let’s Encrypt certificate auto renewal process using crontab
sudo crontab -e
## Add the line below and save
# # # # # # # # # # # # # # # # # # # # # #
0 1 * * * /usr/bin/certbot renew & > /dev/null
# # # # # # # # # # # # # # # # # # # # # #
## Manual Let's Encrypt Renewal command is below
sudo certbot renew --dry-run
05. HTTP/2
----------------------
## Requirements
### Nginx version 1.9.5 or greater. You can check your Nginx version by running (nginx -v) command.
### OpenSSL version 1.0.2 or greater. You can check your OpenSSL version by running (OpenSSL version) command.
### SSL/TLS certificate from Let's Encrypt or a self-signed certificate.
### TLS 1.2 or higher protocol enabled. Otherwise, you will not be able to use HTTP/2. Implementations of HTTP/2 must use TLS version 1.2 or higher for HTTP/2 over TLS.
## Open the nginx domain conf file
sudo nano /etc/nginx/sites-available/example.com.conf
## Enable the HTTP/2 protocol by adding the http2 parameter to the listen directive in our virtual host:
listen 443 ssl http2;
## Lets reload nginx service
sudo systemctl reload nginx.service
## Examples of nginx virtual server configuration
# # # # # # # # # # # # # # # # # # # # # #
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
...
...
...
ssl_protocols TLSv1.2;
}
# # # # # # # # # # # # # # # # # # # # # #
## Verify that HTTP/2 is Working from here: https://tools.keycdn.com/http2-test
06. phpMyAdmin
-------------------
## Lets Install phpMyAdmin
sudo apt install phpmyadmin -y
# # # # # # # # # # # # # # # # # # # # # #
## When prompted to choose "Configuring phpmyadmin"
Web server to reconfigure automatically: don’t select anything… just skip and continue.
Configure database for phpmyadmin with dbconfig-common: Yes
Create a password for phpMyAdmin: Please provide a password for phpmyadmin to register with the database…
# # # # # # # # # # # # # # # # # # # # # #
## Lets create phpMyAdmin code snippets
sudo nano /etc/nginx/snippets/phpmyadmin.conf
## Then copy and paste the code below in the file and save...
# # # # # # # # # # # # # # # # # # # # # #
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
# # # # # # # # # # # # # # # # # # # # # #
## Lets create your Nginx site configuration file for your domain
sudo nano /etc/nginx/sites-available/example.com.conf
## Then copy and paste the configurations below and save...
# # # # # # # # # # # # # # # # # # # # # #
server {
listen 80;
listen [::]:80;
root /var/www/html/example.com;
index index.php index.html index.htm;
server_name example.com www.example.com;
client_max_body_size 100M;
autoindex off;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
include snippets/phpmyadmin.conf;
}
# # # # # # # # # # # # # # # # # # # # # #
## Lets enable the site
sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/
sudo systemctl restart nginx.service
sudo systemctl restart php7.2-fpm.service
## Now change your domain DNS (A) record and add your server IP as (A) record value.
## Wait few minutes 1-30 minutes (normally but can take up to 72 hours)
## Now browse yourdomain.com/phpmyadmin and try to use (root) user login and password.
## Can't login there? Because, (root) user login is not permitted! Lets fix it below...
sudo mysql -u root
use mysql;
update user set plugin='' where User='root';
flush privileges;
exit
sudo systemctl restart mariadb.service
07. IonCube
----------------------
## Create a php info file in html folder and use your IP to browse it.
## http://your_server_ip/info.php
sudo nano /var/www/html/info.php
## Then paste the below lines from the box without hashes and save and exit.
# # # # # # # # # # # # # # # # # # # # # #
<?php
phpinfo();
# # # # # # # # # # # # # # # # # # # # # #
## Lets Download and unzip IonCube Loader Zip file inside /tmp directory
cd /tmp && wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
tar xfz ioncube_loaders_lin_*.gz
## Then paste the below lines from the box without hashes and save and exit.
# # # # # # # # # # # # # # # # # # # # # #
## Lets find the PHP extensions directory on the system
php -i | grep extension_dir
## example below of the result and remember the directory
extension_dir => /usr/lib/php/20170718 => /usr/lib/php/20170718
# # # # # # # # # # # # # # # # # # # # # #
## Now copy the ioncube loader inside the above extension_dir
sudo cp /tmp/ioncube/ioncube_loader_lin_7.2.so /usr/lib/php/20170718/
## Lets create a file inside /etc/php/7.2/fpm/conf.d/
sudo nano /etc/php/7.2/fpm/conf.d/00-ioncube.ini
## Then paste the below lines from the box without hashes and save and exit.
# # # # # # # # # # # # # # # # # # # # # #
zend_extension = "/usr/lib/php/20170718/ioncube_loader_lin_7.2.so"
# # # # # # # # # # # # # # # # # # # # # #
## Lets restart the web server to take effect.
sudo systemctl restart nginx.service
sudo systemctl restart php7.2-fpm.service
## Lets Verify the ionCube Installation on browser
## Back on the http://your_server_ip/info.php page, refresh the page and search for the "ionCube" keyword.
## Let's create a directory and copy the ioncube file there
sudo mkdir /var/www/ioncube
sudo cp /tmp/ioncube/ioncube_loader_lin_7.2.so /var/www/ioncube/
## Lets install the ioncube inside the server otherwise encryptrd files with ioncube will not work inside server
sudo nano /etc/php/7.2/fpm/php.ini
## Now search for "; End:" to go the bottom of this php.ini.
## Then paste the below lines from the box without hashes and save and exit.
# # # # # # # # # # # # # # # # # # # # # #
zend_extension = /var/www/ioncube/ioncube_loader_lin_7.2.so
# # # # # # # # # # # # # # # # # # # # # #
## Now restart few service to take effect of the php.ini file
sudo systemctl restart nginx.service
sudo systemctl restart php7.2-fpm.service
## Use the below command to see is it working or not.
php -v
08. Postfix
----------------------
09. Dovecot
----------------------
10. OpenDKIM
----------------------
11. SpamAssassin
----------------------
11. Email Signature
----------------------
12. Roundcube
----------------------
14. Pure-FTPD
----------------------
15. Permission
----------------------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment