Skip to content

Instantly share code, notes, and snippets.

@mizner

mizner/ubuntu.md

Last active August 13, 2018 01:19
Show Gist options
  • Save mizner/f9a9bf2669ebffb8971a4b19ec11e4ee to your computer and use it in GitHub Desktop.
Save mizner/f9a9bf2669ebffb8971a4b19ec11e4ee to your computer and use it in GitHub Desktop.
Download ZIP
Digital Ocean - Ubuntu 16.04 (Simple Web Server)
Raw
ubuntu.md

Server setup for Ubuntu 16.04 on Digital Ocean

Chapter 1: Add User (w/ Security Steps)

Add User

adduser {{username}}

Make user a super user

usermod -aG sudo {{username}}

Set Password

passwd {{username}}

Create user's Secure Shell Directory

mkdir /home/{{username}}/.ssh

Add SSH key to a new authorized_keys file

vi /home/{{username}}/.ssh/authorized_keys

Copy a SSH from your local machine e.g. ~/.ssh/id_rsa.pub Paste into the authorized_keys file on the remote machine

Chapter 2: User Security

Login as new user

ssh {{username}}@{{ip_address}}

Disable SSH access via password

vi /etc/ssh/sshd_config

(generally about halfway down the file)

PasswordAuthentication no

Chapter 3: Packages & Updates

Update System

Note: you may have to run some of this as a Super User $ su

apt-get update && apt-get dist-upgrade -y
apt-get autoremove -y
apt-get update

(optional, but awesome) Install Oh My Zsh

Reference Gist

apt-get install zsh && git-core
wget https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh -O - | zsh
chsh -s `which zsh`

Note: Leave (exit) and re-login (ssh {{username}}@{{ip_address}})

Install packages & dependencies

apt-get install -y build-essential python-software-properties python g++ make fail2ban curl git htop ntp ntpdate unzip nano

Set Timezone

dpkg-reconfigure tzdata

Chapter 4: Apache

Install Apache and Allow in Firewall

sudo apt-get install apache2
sudo ufw app list
sudo ufw allow in "Apache Full"
sudo ufw allow in "OpenSSH"
sudo ufw enable
sudo ufw status verbose

sudo systemctl restart apache2

Change ownership of web root to apache

sudo chgrp -R www-data /var/www/html
sudo find /var/www/html -type d -exec chmod g+rx {} +
sudo find /var/www/html -type f -exec chmod g+r {} +

Adjust Webroot Permissions

sudo chmod 775 -R /var/www/html

Add user to apache group

sudo adduser {{username}} www-data

Configuring Access Control with .htaccess Files

sudo vi /etc/apache2/apache2.conf

Note: Use ? to find in Vim and search for Directory /var/www/

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

Create Apache Access File (while dir)

sudo vi /var/www/html/.htaccess
Options +Indexes

<Files *>
AuthType Basic
AuthName "Please enter your username and password."
AuthUserFile /var/www/html/.htpasswd
Require valid-user
</Files>

Create Apache Password File (while in site dir)

Note: This creates a basic HTTP authorization Ref: MDN HTTP authentication

sudo htpasswd -bc .htpasswd {{user}} {{password}}

Note: Restart Apache for good measure

sudo systemctl restart apache2

Chapter 5: PHP

PHP Installation

sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql

Adjust Apache index file preference

sudo vi /etc/apache2/mods-enabled/dir.conf
  // Change From 
    DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
  // To
    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm

Ref: Helpful Stack Overflow on Permissions

Install php-cli

sudo apt-get install php-cli

Another Setup Example

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment