tamzidoronno/lemp fresh server config

## lemp fresh server config
**New User Create**
  adduser romoni_deployer
  usermod -aG sudo romoni_deployer
  su - romoni_deployer

**Initial Server Setup**
ufw allow OpenSSH
ufw enable
ufw status

**Registering SSH Keys**
ssh-keygen
sudo nano ~/.ssh/authorized_keys
Added user public keys to this file
Give ownership of .ssh directory to new user:
chown -R sammy:sammy ~/.ssh

**Nginx Setup**
sudo apt update
sudo apt install nginx
sudo ufw allow 'Nginx HTTP'
sudo ufw status

**MySQL Setup**
sudo apt install mysql-server
sudo mysql_secure_installation
sudo mysql
mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
mysql> FLUSH PRIVILEGES;
mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
mysql -u root -p
Create new user and grant privileges :
CREATE USER 'newuser'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
FLUSH PRIVILEGES;
sudo add-apt-repository universe
sudo apt install php-fpm php-mysql
sudo nano /etc/nginx/sites-available/romoni.com.bd
Added admin,partner,user portal & backend project server blocks
sudo ln -s /etc/nginx/sites-available/example.com.bd /etc/nginx/sites-enabled/
sudo unlink /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl reload nginx

**Disable Root Login**
sudo nano ~/.ssh/sshd_config
To disable root login => PermitRootLogin no
service ssh restart

**Change SSH Port**
Add your public key to ~/.ssh/authorized_keys file in server
To change SSH settings in server edit the file /etc/ssh/sshd_config
To set port 41234 => Port 41234
To disable password authentication for any user => PasswordAuthentication no
Restart ssh => sudo service ssh restart
To login to remote run the following command: ssh user@host_ip_address -p 41234

**Change MySQL port**
sudo systemctl stop mysql.service
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
port      = what port you want (Ex: 3307 )
sudo systemctl restart mysql.service

**Grant remote access to mysql**
mysql> GRANT ALL ON *.* TO fooUser@'1.2.3.4' IDENTIFIED BY 'my_password'; FLUSH PRIVILEGES;
Open the /etc/mysql/mysql.conf.d/mysqld.cnf file and comment the following line:
#bind-address = 127.0.0.1
Allow mysql port from admin portal/ufw

**Gitlab config multiple accounts**
Added a config file in ~/.ssh/config file which looks like
User git
Hostname gitlab.com
IdentityFile ~/.ssh/id_rsa
TCPKeepAlive yes
IdentitiesOnly yes
	New User Create
	adduser romoni_deployer
	usermod -aG sudo romoni_deployer
	su - romoni_deployer

	Initial Server Setup
	ufw allow OpenSSH
	ufw enable
	ufw status

	Registering SSH Keys
	ssh-keygen
	sudo nano ~/.ssh/authorized_keys
	Added user public keys to this file
	Give ownership of .ssh directory to new user:
	chown -R sammy:sammy ~/.ssh

	Nginx Setup
	sudo apt update
	sudo apt install nginx
	sudo ufw allow 'Nginx HTTP'
	sudo ufw status

	MySQL Setup
	sudo apt install mysql-server
	sudo mysql_secure_installation
	sudo mysql
	mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
	mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
	mysql> FLUSH PRIVILEGES;
	mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
	mysql -u root -p
	Create new user and grant privileges :
	CREATE USER 'newuser'@'%' IDENTIFIED BY 'password';
	GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
	FLUSH PRIVILEGES;
	sudo add-apt-repository universe
	sudo apt install php-fpm php-mysql
	sudo nano /etc/nginx/sites-available/romoni.com.bd
	Added admin,partner,user portal & backend project server blocks
	sudo ln -s /etc/nginx/sites-available/example.com.bd /etc/nginx/sites-enabled/
	sudo unlink /etc/nginx/sites-enabled/default
	sudo nginx -t
	sudo systemctl reload nginx

	Disable Root Login
	sudo nano ~/.ssh/sshd_config
	To disable root login => PermitRootLogin no
	service ssh restart

	Change SSH Port
	Add your public key to ~/.ssh/authorized_keys file in server
	To change SSH settings in server edit the file /etc/ssh/sshd_config
	To set port 41234 => Port 41234
	To disable password authentication for any user => PasswordAuthentication no
	Restart ssh => sudo service ssh restart
	To login to remote run the following command: ssh user@host_ip_address -p 41234

	Change MySQL port
	sudo systemctl stop mysql.service
	sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
	port = what port you want (Ex: 3307 )
	sudo systemctl restart mysql.service

	Grant remote access to mysql
	mysql> GRANT ALL ON . TO fooUser@'1.2.3.4' IDENTIFIED BY 'my_password'; FLUSH PRIVILEGES;
	Open the /etc/mysql/mysql.conf.d/mysqld.cnf file and comment the following line:
	#bind-address = 127.0.0.1
	Allow mysql port from admin portal/ufw

	Gitlab config multiple accounts
	Added a config file in ~/.ssh/config file which looks like
	User git
	Hostname gitlab.com
	IdentityFile ~/.ssh/id_rsa
	TCPKeepAlive yes
	IdentitiesOnly yes