# Actualización de paquetes
apt-get update
apt-get upgrade
# Instalación doutros paquetes
apt-get install language-pack-es-base
apt-get install git
apt-get install mysql-server
# (opción A) Instalación de apache
apt-get install apache2
apt-get install libapache2-mod-php5
apt-get install libapache2-mpm-itk
# (opción B) Ou podemos instalar nginx
apt-get install nginx
apt-get install php5-fpm
# Instalación do resto de módulos de php
apt-get install php5-cli
apt-get install php5-imagick
apt-get install php5-curl# editar a configuración (ver abaixo)
vi /etc/ssh/sshd_config
# reiniciar ssh
service ssh reloadValores necesarios en sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
Probado en Ubuntu 14.04. Non facer baixo servidores con SSD se non é necesario:
# Crear o arquivo /swapfile de 1GB
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
# Configurar para que se use cada vez que se inicie o sistema
echo "/swapfile none swap sw 0 0" >> /etc/fstab
# Configurar para que só se use cando queda un 10% de RAM libre e a presión ao 50%
sysctl vm.swappiness=10
sysctl vm.vfs_cache_pressure=50
# Editar a configuración para que se manteña ao iniciar o sistema
vi /etc/sysctl.conf
# dentro meter os valores: vm.swappiness=10 / vm.vfs_cache_pressure = 50# Creamos o usuario e asignamoslle un grupo propio e o directorio home
sudo adduser --home /var/www/example.com example
# Engadímolo ao grupo sudo (Ubuntu 16.04)
usermod -aG sudo example
# Crear directorio .ssh e meter a clave pública, deploy key, etc.
su - example
mkdir .ssh
chmod 700 .ssh
ssh-keygen
vi .ssh/authorized_keys
# Crear os directorios necesarios
mkdir www
mkdir logsCREATE USER 'example'@'localhost' IDENTIFIED BY 'example';
GRANT ALL PRIVILEGES ON example.* TO 'example'@'localhost';
FLUSH PRIVILEGES;Para ubuntu 14.04, temos que instalalo manualmente:
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
mv certbot-auto /usr/local/bin/En ubuntu 16.04 pódese instalar con apt-get:
apt-get install letsencryptAgora instalamos o certificado usando letsencrypt ou certbot-auto, dependendo do que instalaramos:
certbot-auto certonly --standalone --agree-tos -d example.com# Activar modulos
a2enmod rewrite
a2enmod ssl
# Configuración da redirección http => https (ver abaixo)
vi /etc/apache2/sites-available/000-default.conf
# Configuración do novo sitio (ver abaixo)
vi /etc/apache2/sites-available/001-example.com.conf
# Activar o novo sitio
ln -s /etc/apache2/sites-available/001-example.com.conf /etc/apache2/sites-enabled/001-example.com.confConfiguración de 000-default.conf
ServerName localhost
<VirtualHost *:80>
Redirect 301 / https://example.com/
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>Configuración de 001-example.com.conf
<VirtualHost *:443>
# Nome do servidor
ServerName example.com
ServerAdmin webmaster@localhost
# Root
DocumentRoot /var/www/example.com/www
# Logs
ErrorLog /var/www/example.com/logs/apache.error
CustomLog /var/www/example.com/logs/apache.log combined
# Directorio
<Directory /var/www/example.com/www>
AllowOverride All
Require all granted
</Directory>
# Usar este usuario
AssignUserId example www-data
# Certificado SSL
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>E finalmente reiniciar apache:
service apache2 restartSe escollemos o servidor de NGINX, debemos crear un novo pool onde se execute php.
sudo vi /etc/php5/fpm/pool.d/example.confNese arquivo metemos o seguinte (cambiando "example" polos nosos valores):
[example]
user = example
group = example
listen = /var/run/php5-fpm-example.sock
listen.owner = www-data
listen.group = www-data
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
php_admin_flag[allow_url_fopen] = off
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
Reiniciamos php-fpm e comprobamos que todo está ok:
service php5-fpm restart- https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-ubuntu-14-04-servers
- https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04
- https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
- https://www.digitalocean.com/community/tutorials/how-to-create-a-new-user-and-grant-permissions-in-mysql
- https://www.digitalocean.com/community/tutorials/how-to-host-multiple-websites-securely-with-nginx-and-php-fpm-on-ubuntu-14-04
- https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04
- https://www.inversoft.com/guides/2016-guide-to-user-data-security
- https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-16-04
- https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-16-04
- https://www.exratione.com/2016/05/a-mailserver-on-ubuntu-16-04-postfix-dovecot-mysql/