vivianspencer/setup.md

## setup.md

      
    Raw
  

              setup.md
            
          
    Debian 8 LEMP


Set the hostname of the server
hostnamectl set-hostname johnsmith


Make the hostname resolvable. Open the file /etc/hosts in your favourite editor and assign the IPv4 & IPv6 records of the server to your chosen hostname & FQDN.
127.0.0.1       localhost.localdomain   localhost
12.34.56.78     johnsmith.example.com johnsmith 
1234:5678::abcd:efgh:1234:5678      johnsmith.example.com johnsmith

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


Fix Perl locale complaints.
locale-gen en_US.UTF-8
dpkg-reconfigure locales


Open ~/.bashrc in your favourite editor and add the following
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8


Set the system timezone
dpkg-reconfigure tzdata


Install ufw firewall
apt-get install ufw


Setup default firewall rules, where port 22 is your ssh port and 15.15.15.51 is an internal ip address
sudo ufw allow from 15.15.15.51  to any port 22
sudo ufw allow http
sudo ufw allow https


Update Debian repository sources. Open the file /etc/apt/sources.list in your favourite editor and update to look like the below
deb http://mirrors.linode.com/debian/ jessie main contrib non-free
deb-src http://mirrors.linode.com/debian/ jessie main contrib non-free

deb http://mirrors.linode.com/debian-security/ jessie/updates main contrib non-free
deb-src http://mirrors.linode.com/debian-security/ jessie/updates main contrib non-free

# jessie-updates, previously known as 'volatile'
deb http://mirrors.linode.com/debian/ jessie-updates main
deb-src http://mirrors.linode.com/debian/ jessie-updates main


Get the latest updates and install
apt-get update && apt-get upgrade --show-upgraded


Add MariaDB repository
apt-get -y install python-software-properties software-properties-common
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
add-apt-repository 'deb http://lon1.mirrors.digitalocean.com/mariadb/repo/10.1/debian jessie main'


Install all necessary componenets for this setup
apt-get update && sudo apt-get upgrade --show-upgraded
apt-get -y install sudo curl git debsums nginx php5 php5-curl php5-gd php5-cli php5-fpm php5-mysqlnd mariadb-server zsh unattended-upgrades mailutils ssmtp


Create a user and set the groups to sudo and www-data for system and apache access
adduser exampleuser
usermod -a -G sudo,www-data exampleuser


Switch the newly created user and set ZSH as the default shell
su exampleuser
cd ~
curl -L http://install.ohmyz.sh | sh
chsh -s /usr/bin/zsh
mkdir .ssh


Copy your secure key from your desktop
scp ~/.ssh/id_rsa.pub exampleuser@123.456.78.90:~/.ssh/authorized_keys


Setup the secure key for secure access
chmod 700 .ssh
chmod 600 .ssh/authorized_keys


Create a new SSH key for the user
ssh-keygen -t rsa -C "info@example.com"
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa


Make SSH secure. Open /etc/ssh/sshd_config in your favourite editor and apply the following settings
PasswordAuthentication no
PermitRootLogin no


Restart SSH (Make sure you keep a session open in case soemthing goes wrong)
sudo service ssh restart


Install Composer server wide
curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composer


Secure MariaDB by running the following command and following the instructions
sudo mysql_secure_installation


Open /etc/php5/fpm/php.ini in your favourite editor and change the the settings below:
upload_max_filesize = 100M
date.timezone = Europe/London


Enable unattended upgrades
sudo dpkg-reconfigure -plow unattended-upgrades


Add SMTP settings to allow mail to be sent. Open /etc/ssmtp/ssmtp.conf in your favourite editor and add the settigns below:
FromLineOverride=YES

AuthUser=info@gmail.com
AuthPass=PASSWORD
mailhub=smtp.gmail.com:587
UseSTARTTLS=YES


Install MySQLtuner
sudo wget http://mysqltuner.pl/ -O /usr/local/bin/mysqltuner
sudo chmod +x /usr/local/bin/mysqltuner