Skip to content

Instantly share code, notes, and snippets.

@virbo

virbo/lempp-debian.md Secret

Last active November 29, 2021 03:42
Show Gist options
  • Save virbo/3e4fbe0beda84833947e30a81d7d7b49 to your computer and use it in GitHub Desktop.
Save virbo/3e4fbe0beda84833947e30a81d7d7b49 to your computer and use it in GitHub Desktop.
Download ZIP
Install Linux Debian 10, Nginx, MariaDB, Postgres, PHP 8.0
Raw
lempp-debian.md

Update LANG

Edit file nano /etc/default/locale

LC_CTYPE=en_US.UTF-8
LC_ALL=en_US.UTF-8
LANG=en_US.UTF-8

Run these commands:

locale-gen en_US.UTF-8
dpkg-reconfigure locales

reboot server

Update and Upgrade Package

apt -y update && apt -y upgrade
reboot

Install CSF & LFD

  1. Install dependency
apt install libgd-graph-perl libio-socket-ssl-perl libcrypt-ssleay-perl libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl libwww-perl -y
  1. Change permission sendmail
echo '#!/bin/sh' > /usr/sbin/sendmail
chmod +x /usr/sbin/sendmail
  1. Install CSF
cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Install NGINX

  1. Download the key used to sign NGINX packages and the repository, and add it to the apt program’s key ring
sudo wget https://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key
  1. Edit the nano /etc/apt/sources.list file and add these lines
deb https://nginx.org/packages/mainline/debian/ <CODENAME> nginx
deb-src https://nginx.org/packages/mainline/debian/ <CODENAME> nginx
  1. Install nginx
apt -y update
apt -y install nginx

Install PHP (Multi PHP 8.0, 7.4)

  1. Install dependency
apt install -y curl wget gnupg2 ca-certificates lsb-release apt-transport-https
  1. Import the public using the below commands
wget https://packages.sury.org/php/apt.gpg
apt-key add apt.gpg
  1. Add the SURY repository to your system
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
  1. Install Multi PHP (7.4, 8.0)
apt update
apt install php8.0 php8.0-{mysql,pgsql,gd,cli,common,snmp,ldap,curl,mbstring,zip,fpm,mongodb,intl,xml,imagick,xmlrpc,soap}
apt install php7.4 php7.4-{mysql,pgsql,gd,cli,common,snmp,ldap,curl,mbstring,zip,fpm,mongodb,intl,xml,imagick,xmlrpc,soap}
  1. Set default PHP Version
update-alternatives --set php /usr/bin/php8.0
  1. Edit nano /etc/php/7.4/fpm/pool.d/www.conf (if using php 7.4)
user = nginx
group = nginx
;listen = /run/php/php8.0-fpm.sock
listen = /run/php/php7.4-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
  1. Create default server block
server {
    listen       80;
    server_name  server_domain_or_IP;

    root   /usr/share/nginx/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;

    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Install Postgres (Latest Version)

  1. Add key
curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
  1. Add repo
echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
apt update -y
  1. Install Postgres
apt install postgresql-13 postgresql-contrib
  1. Initdb
mkdir /usr/local/pgsql/data
chown postgres:postgres /usr/local/pgsql/data
/usr/lib/postgresql/13/bin/initdb /usr/local/pgsql/data
  1. Edit nano /var/lib/pgsql/13/data/pg_hba.conf and replace trust to md5 or scram-sha-256
host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5

service postgresql restart
  1. Create Database
su postgres
psql

CREATE DATABASE db_name;
CREATE ROLE username WITH PASSWORD 'password'
GRANT ALL PRIVILEGES ON DATABASE db_name TO username;
ALTER ROLE username WITH LOGIN;

Install MariaDB (Latest Version)

  1. Download repo and enable
wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
chmod +x mariadb_repo_setup
./mariadb_repo_setup
  1. Install MariaDB
apt install mariadb-server
  1. Configuring and Securing MariaDB Server
mysql_secure_installation

This will take you through a series of prompts where you can make some changes to your MariaDB installation’s security options. The first prompt will ask you to enter the current database root password. Since we have not set one up yet, press ENTER to indicate “none”.

The next prompt asks you whether you’d like to set up a database root password. Type N and then press ENTER. In Debian, the root account for MariaDB is tied closely to automated system maintenance, so we should not change the configured authentication methods for that account. Doing so would make it possible for a package update to break the database system by removing access to the administrative account. Later, we will cover how to optionally set up an additional administrative account for password access if socket authentication is not appropriate for your use case.

From there, you can press Y and then ENTER to accept the defaults for all the subsequent questions. This will remove some anonymous users and the test database, disable remote root logins, and load these new rules so that MariaDB immediately respects the changes you have made.

  1. Testing installation
mysqladmin -u root -p version

indicates the installation has been successful like this

mysqladmin  Ver 9.1 Distrib 10.6.5-MariaDB, for debian-linux-gnu on x86_64
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Server version          10.6.5-MariaDB-1:10.6.5+maria~buster
Protocol version        10
Connection              Localhost via UNIX socket
UNIX socket             /run/mysqld/mysqld.sock
Uptime:                 7 min 17 sec

Threads: 1  Questions: 815  Slow queries: 0  Opens: 253  Open tables: 69  Queries per second avg: 1.864

Install Let's Encrypt

  1. Install Certbot
apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface

apt install python3-certbot-nginx
  1. Obtaining an SSL Certificate
certbot --nginx -d your_domain -d www.your_domain
  1. Verifying Certbot Auto-Renewal
certbot renew --dry-run

Referensi

  1. https://askubuntu.com/questions/1077398/fresh-installation-of-ubuntu-16-04-gives-me-warning-about-locale-unable-to-fix
  2. https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/
  3. https://download.configserver.com/csf/install.txt
  4. https://www.node35.com/how-to-fix-8-common-errors-on-csf-configserver-security-firewall/
  5. https://www.itzgeek.com/post/how-to-install-php-8-0-on-debian-10-debian-9.html
  6. https://www.linuxtechi.com/install-php-8-on-debian-10/
  7. https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-10
  8. https://varunver.wordpress.com/2019/10/11/install-php-mcrypt-on-debian-10-php-7-3/
  9. https://wiki.postgresql.org/wiki/Apt
  10. https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-10
  11. https://snippets.aktagon.com/snippets/614-how-to-fix-bash-warning-setlocale-lc-all-cannot-change-locale-en-us-
  12. https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-debian-10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment