sl-digital/Ubuntu_16.04_LEMP_Install.txt

## Ubuntu_16.04_LEMP_Install.txt
# CREATE USERS
sudo su <enter root password>
adduser devops
usermod -aG sudo devops

# SSH KEYGEN (LOCAL)
ssh-keygen <follow prompts and save>
cat ~/.ssh/yourkey_rsa.pub <copy contents>

# SSH KEYGEN (SERVER)
su - devops
mkdir ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys <paste key data>
chmod 600 ~/.ssh/authorized_keys

# DISABLE PASSWORD AUTH
sudo nano /etc/ssh/sshd_config
- PasswordAuthentication no
- PubkeyAuthentication yes
- ChallengeResponseAuthentication no
sudo systemctl reload sshd

# INSTALL FIREWALL
sudo ufw app list
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status

# INSTALL NGINX
sudo apt update
sudo apt install nginx

# ADJUST FIREWALL
sudo ufw allow 'Nginx Full'

# INSTALL MYSQL
sudo apt install mysql-server
sudo mysql_secure_installation

# INSTALL PHP REPO
sudo apt-get install -y python-software-properties
sudo add-apt-repository -y ppa:ondrej/php
sudo apt-get update -y

# INSTALL PHP AND FPM
sudo apt-cache search php7.1
sudo apt-get install php-fpm php-mysql

# ADJUST CGI FIX_PATHINFO
sudo nano /etc/php/7.0/fpm/php.ini
cgi.fix_pathinfo=0
sudo systemctl restart php7.0-fpm

# ADJUST NGINX FOR PHP
sudo nano /etc/nginx/sites-available/default
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name server_domain_or_IP;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

# REBOOT AND TEST
sudo nginx -t
sudo systemctl reload nginx

# FIND MORE PHP MODULES
sudo apt-cache search php7
sudo apt install php-whatevs1 php-whatevs2

# SET WEBROOT PERMISSIONS
chown -R www-data:www-data /var/www/html

# ADD USER TO WWW-DATA
usermod -a -G www-data devops

# SET DEFAULT ACL RULES
getfacl /var/www/html
setfacl -Rd -m u:devops:rwx /var/www/html
setfacl -Rd -m g:www-data:rwx /var/www/html

# SET ACL RULES
setfacl -R -m u:devops:rwx /var/www/html
setfacl -R -m g:www-data:rwx /var/www/html

# SET CONTENT DEFAULT
chmod -R g+s /var/www/html

# CHANGE CONTENT PERMISSIONS
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
	# CREATE USERS
	sudo su <enter root password>
	adduser devops
	usermod -aG sudo devops

	# SSH KEYGEN (LOCAL)
	ssh-keygen <follow prompts and save>
	cat ~/.ssh/yourkey_rsa.pub <copy contents>

	# SSH KEYGEN (SERVER)
	su - devops
	mkdir ~/.ssh
	chmod 700 ~/.ssh
	nano ~/.ssh/authorized_keys <paste key data>
	chmod 600 ~/.ssh/authorized_keys

	# DISABLE PASSWORD AUTH
	sudo nano /etc/ssh/sshd_config
	- PasswordAuthentication no
	- PubkeyAuthentication yes
	- ChallengeResponseAuthentication no
	sudo systemctl reload sshd

	# INSTALL FIREWALL
	sudo ufw app list
	sudo ufw allow OpenSSH
	sudo ufw enable
	sudo ufw status

	# INSTALL NGINX
	sudo apt update
	sudo apt install nginx

	# ADJUST FIREWALL
	sudo ufw allow 'Nginx Full'

	# INSTALL MYSQL
	sudo apt install mysql-server
	sudo mysql_secure_installation

	# INSTALL PHP REPO
	sudo apt-get install -y python-software-properties
	sudo add-apt-repository -y ppa:ondrej/php
	sudo apt-get update -y

	# INSTALL PHP AND FPM
	sudo apt-cache search php7.1
	sudo apt-get install php-fpm php-mysql

	# ADJUST CGI FIX_PATHINFO
	sudo nano /etc/php/7.0/fpm/php.ini
	cgi.fix_pathinfo=0
	sudo systemctl restart php7.0-fpm

	# ADJUST NGINX FOR PHP
	sudo nano /etc/nginx/sites-available/default
	server {
	listen 80 default_server;
	listen [::]:80 default_server;

	root /var/www/html;
	index index.php index.html index.htm index.nginx-debian.html;

	server_name server_domain_or_IP;

	location / {
	try_files $uri $uri/ =404;
	}

	location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
	}

	location ~ /\.ht {
	deny all;
	}
	}

	# REBOOT AND TEST
	sudo nginx -t
	sudo systemctl reload nginx

	# FIND MORE PHP MODULES
	sudo apt-cache search php7
	sudo apt install php-whatevs1 php-whatevs2

	# SET WEBROOT PERMISSIONS
	chown -R www-data:www-data /var/www/html

	# ADD USER TO WWW-DATA
	usermod -a -G www-data devops

	# SET DEFAULT ACL RULES
	getfacl /var/www/html
	setfacl -Rd -m u:devops:rwx /var/www/html
	setfacl -Rd -m g:www-data:rwx /var/www/html

	# SET ACL RULES
	setfacl -R -m u:devops:rwx /var/www/html
	setfacl -R -m g:www-data:rwx /var/www/html

	# SET CONTENT DEFAULT
	chmod -R g+s /var/www/html

	# CHANGE CONTENT PERMISSIONS
	find . -type d -exec chmod 755 {} \;
	find . -type f -exec chmod 644 {} \;