Skip to content

Instantly share code, notes, and snippets.

@saddamhshovon

saddamhshovon/SERVER-CONFIGURATION.md

Last active June 17, 2025 17:52
Show Gist options
  • Save saddamhshovon/ace323c47c74e357a810d012d61e944d to your computer and use it in GitHub Desktop.
Save saddamhshovon/ace323c47c74e357a810d012d61e944d to your computer and use it in GitHub Desktop.
Download ZIP
Server configuration for PHP & Laravel projects.
Raw
SERVER-CONFIGURATION.md

Configuration Guidelines for Servers

Version: 1.1.4 Last Modified: 2025-06-17

This document outlines the guidelines for configuring a new VPS/Cloud server, specifically focusing on Debian 12 (or Ubuntu 24.04 as an alternative). If using a different distribution, commands may vary, and you will need to adjust accordingly.

1. Initial Setup

1.1 Update and Upgrade System

Before proceeding with any configuration, always ensure the system is up to date.

sudo apt update
sudo apt upgrade

If sudo is not installed, switch to root user:

su -

Then check for updates and upgrade the system.

apt update
apt upgrade

2. Sudo Configuration

2.1 Install sudo

By default, sudo is not installed on Debian. First, switch to root user (if current user is not root):

su -

Then, install sudo:

apt install sudo -y

2.2 Create a New User

It is best practice to avoid using the root user for server operations. Create a new user and add them to the sudo group:

adduser admin
usermod -aG sudo admin

You can find more details here.

3. Setting Up a Firewall

3.1 Install UFW and Dependencies

UFW (Uncomplicated Firewall) is our preferred choice for managing firewall rules. UFW automatically installs iptables and netfilter as dependencies, but if needed, you can install them manually:

apt install iptables
apt install ufw

3.2 Verify UFW Requirements

Check if UFW meets the system requirements:

/usr/share/ufw/check-requirements

If something fails, reboot the server and recheck:

reboot now

3.3 Configure UFW

List available applications:

ufw app list

Allow OpenSSH to ensure SSH access after the firewall is enabled:

ufw allow OpenSSH

Enable UFW:

ufw enable

Note: You may be logged out after enabling UFW. Log back in to continue.

Check the UFW status:

ufw status

Logout and relogin as the new sudo user (admin):

logout

4. Installing PHP

Install PHP-FPM (FastCGI Process Manager) and necessary PHP extensions:

sudo apt install php-fpm php-mbstring php-xml php-bcmath php-curl php-gd php-mysql php-zip

4.1 Check PHP Version

To verify PHP installation:

php -v

4.2 Check Installed Extensions

To list installed PHP extensions:

php -m

5. Installing Nginx

To serve web applications, install Nginx:

sudo apt install nginx

5.1 Allow Nginx Through UFW

Nginx integrates with UFW and offers several profiles. List available UFW profiles:

sudo ufw app list

Enable the "Nginx Full" profile, which allows both HTTP and HTTPS traffic:

sudo ufw allow 'Nginx Full'

Check the UFW status:

sudo ufw status

5.2 Managing Nginx Service

  • Check Nginx service status:

    sudo systemctl status nginx

  • Enable Nginx to start on boot:

    sudo systemctl enable nginx

  • Restart Nginx:

    sudo systemctl restart nginx

  • Reload Nginx configuration without stopping the server:

    sudo systemctl reload nginx

You can find more details here.

6. Installing MariaDB Server

MariaDB is a popular, open-source database system. Follow the steps below to install and configure MariaDB on your Debian 12 server.

6.1 Install MariaDB

First, install the MariaDB server package using the following command:

sudo apt install mariadb-server

6.2 Secure MariaDB Installation

Once MariaDB is installed, run the security script to configure it securely:

sudo mysql_secure_installation

You will be prompted with several questions during the process:

  • Enter current root password:
    Since no password is set yet, simply press ENTER to proceed.

  • Switch to unix_socket authentication:
    Type n and press ENTER to skip this step.

  • Change the root password:
    Type n and press ENTER.

  • Afterward, press Y and ENTER to accept the defaults for the remaining prompts. These steps will remove anonymous users, disable remote root logins, and remove the test database, securing your MariaDB setup.

6.3 Create an Administrative User

To manage the database securely, it is recommended to create a new administrative user with full privileges. First, access the MariaDB shell:

sudo mariadb

Then create a new user with root privileges:

GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit;

Be sure to replace 'admin' and 'password' with your desired username and password.

You can find more details here.

6.4 Create a Database and User

Once MariaDB is installed and secured, you can create a new database and user for your application. Follow the steps below to create a database and assign a user to manage it.

  1. Access the MariaDB shell:

    sudo mariadb

  2. Create a new database named example_db with the utf8 character set and utf8_unicode_ci collation:

    CREATE DATABASE example_db DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

  3. Create a new user example_user with a secure password:

    CREATE USER 'example_user'@'localhost' IDENTIFIED BY 'example_pw';

  4. Grant all privileges on the example_db database to the newly created user:

    GRANT ALL PRIVILEGES ON example_db.* TO 'example_user'@'localhost';

  5. Apply the privilege changes by flushing the privileges:

    FLUSH PRIVILEGES;

  6. Exit the MariaDB shell:

    exit;

Make sure to replace example_db, example_user, and example_pw with your desired database name, username, and password.

7. Deploying a Laravel Project

7.1 Directory Setup

Create the directory where your Laravel project will reside:

sudo mkdir /var/www/sub.example.com

Take ownership of the directory:

sudo chown -R $USER /var/www/sub.example.com

7.2 Clone the Project

Navigate to the directory and clone the desired branch from your repository:

cd /var/www/sub.example.com
git clone -b <branchname> <remote-repository-url>

7.3 Install Dependencies

After cloning, install the required Composer dependencies:

composer install

7.4 Set Permissions

Set appropriate ownership for storage and bootstrap/cache directories:

sudo chown -R $USER:www-data storage
sudo chown -R $USER:www-data bootstrap/cache

Set permissions for files (644) and directories (755):

sudo find /var/www/sub.example.com/ -type f -exec chmod 644 {} \;
sudo find /var/www/sub.example.com/ -type d -exec chmod 755 {} \;

Grant read, write, and execute permissions for storage and bootstrap/cache:

sudo chmod -R ug+rwx storage bootstrap/cache

7.5 Laravel Environment Configuration

Copy the .env.example to .env, set up the necessary environment variables, generate an app key, link storage, and run migrations:

cp .env.example .env
php artisan key:generate
php artisan storage:link
php artisan migrate
@hi2tamzid
Copy link

Update the following command:

CREATE DATABASE example_db DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

@saddamhshovon
Copy link
Author

Update the following command:

CREATE DATABASE example_db DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

@hi2tamzid updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment