1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The Perfect Server - Debian

Discussion in 'Server Configuration and Hosting' started by akia, May 23, 2012.

  1. akia

    akia Well-Known Member

    I've decided I want to go down the route of using NginX with php-fpm. I've deided to use this with Debian as is seems more simple to use.

    Being a linux newbie is a bit of a learning curve. But I've found a really good how to here:

    http://www.howtoforge.com/perfect-s....0-with-bind-dovecot-and-nginx-ispconfig-3-p4

    As I'm going to be using google Aps for any email I think i need to tweak the steps as follows:

    Step 10: what the guide says
    Code:
    Code:
    apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d sudo
    What I think I should do
    Code:
    Code:
    apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl rkhunter binutils sudo
    Step 11: what the guide says
    Code:
    Code:
    apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
    Step 11 is what I'm really struggling with. as I can't work out what I need don't need here.

    Skip step 14 all together

    Step 16 -
    Code:
    Code:
    apt-get install bind9 dnsutils
    Skip All together because my dns is being managed centrally.

    then once I've installed ISPConfig 3 set it in the server options to send mail to SMTP for the google account.

    Is this right? to give me a server where no inbound mail is dealt with, but any php scripts can still send mail out if they are not able to connect directly with the smtp server. Can someone give me a hint how whether I'm going this right.
     
  2. Adam Howard

    Adam Howard Well-Known Member

    The perfect server? Ignore the guides on http://www.howtoforge.com (far to many security flaws)

    Assuming you're using Debian Minumuial install

    If you want a control panel (that is secure) http://www.directadmin.com/

    Do not use ISPConfig 3 (trust me on this).
     
  3. akia

    akia Well-Known Member

    I was using ISP manager, but I want to swap to using nginx and php-fpm and it seems to be the only control panel that supports it.
     
  4. Luke F

    Luke F Well-Known Member

    It's worth working without a control panel, ends up being easier and gives much better results with a bit of practice
     
    Puntocom, akia and Adam Howard like this.
  5. akia

    akia Well-Known Member

    Do you guys know of any decent how to guides that would be a good starting point if I go it without a cp
     
  6. Adam Howard

    Adam Howard Well-Known Member

    This I can help you with easily

    I'm again going to assume your starting out with Debian Minimum Install. I'm also going to assume you're using either a dedicated or vps server, with root access.

    1st let's install aptitude. This will make installing programs easier and help you resolve any conflicts (and warn you of them before trying anything).

    PHP:
    apt-get install aptitude
    Next before you go about installing anything, let's make sure to install any update to the core

    PHP:
    aptitude update
    PHP:
    aptitude full-upgrade
    Depending on how your web host allows for things and depending on how many or what was upgraded, you may want to reboot (caution check with your host if this is supported. Most allow this and it is free, but double-check). This can take a few minutes so do not panic if you're not be online right away (you'll need to sign back in once you're online).

    To reboot (remember my caution)

    PHP:
    reboot

    Next we're going to install a very simple editor to help you edit things (alternatively, you could always download files and edit them on your PC and then upload them if it is easier). The editor I would suggest if you will edit things manually online is Nano.

    PHP:
    aptitude install nano
    Now we're going to add a few things into your update source list

    PHP:
    nano /etc/apt/sources.list
    Or of course you could download that file and edit on your PC (follow that path)

    PHP:
    # Debain Main Update
    deb http://ftp.de.debian.org/debian stable main contrib non-free
    deb-src http://ftp.de.debian.org/debian stable main contrib non-free
     
    deb http://ftp.debian.org/debian/ squeeze-updates main contrib non-free
    deb-src http://ftp.debian.org/debian/ squeeze-updates main contrib non-free
     
    deb http://security.debian.org/ squeeze/updates main contrib non-free
    deb-src http://security.debian.org/ squeeze/updates main contrib non-free
    The above will add all the repositories from Debian on their main Germany server, which is where updates are posted 1st before they are branched out else where. So you'll get things ASAP when you do update or upgrade.

    TIP = It is safe to replace any official Debian Sources that may have already been there, but if you find anything none official... Odds are good your host may have their own things in there. Do not replace theirs, just the official sources only.

    You may also want to add this to your repository (I would suggest you do so)

    PHP:
    #Debian Backport
    deb http://backports.debian.org/debian-backports squeeze-backports main
    This is a repository that developers submit things to Debian. It often will help you obtain the news security patches before it is added onto the Debian main servers. There is a small catch... Sometimes I've been told things here are not always stable... Its never happen to me, but I figure you should know.

    Finally we're going to need to add 1 last thing onto the list. No matter if you elect to use Apache2 or nGinx, this is where you'll get the newest stable version.

    PHP:
    #Dotdeb.org
    deb http://packages.dotdeb.org squeeze all
    deb-src http://packages.dotdeb.org squeeze all
    If you plan on using php5.4, also add the following (not needed & do not add if you'll only use php 5.3.x)

    PHP:
    #Dotdeb.org php 5.4
    deb http://packages.dotdeb.org squeeze-php54 all
    deb-src http://packages.dotdeb.org squeeze-php54 all
    Save and exit Nano (remember to save)

    Now the next step is as follows (this will add the security key for Dotdeb.org)

    PHP:
    wget http://www.dotdeb.org/dotdeb.gpg
    cat dotdeb.gpg sudo apt-key add -
    Next lets once again make sure everythign is up to date before we install anything else.

    PHP:
    aptitude update
    PHP:
    aptitude full-upgrade
    You make get a few updates. If you again got a lot of update, reboot. (remember my cation and remember this may take sometime)

    PHP:
    reboot
    Now the fun part :)

    I'm going to suggest Apache2 with php-fpm and standard MySQL.

    Mostly because you're new and setting up nGinx isn't for the faint of heart. But also for the life of you... I don't think you'll want to re-configure re-write rules for every 3rd party change or add-on you'll add for either XenForo, Word Press, or anything else for that matter.

    NEXT POST....... I'll show you how to install and configure some basics (I'm splitting this for easier read)
     
    ting.mike, Ingenious and akia like this.
  7. Adam Howard

    Adam Howard Well-Known Member

    If you did or needed to reboot a 2nd time, follow the same update and full-upgrade until everything reports there are no update.

    Now after you're completed this.... The fun begins :)

    PHP:
    aptitude install mysql-server mysql-client
    Normally during the install, you will be asked to provide a MySQL Root Password. This is important to NEVER use the MySQL root (if you can help it), but also important to NEVER forget this password either. Make this password long and no easy to guess.

    If for some odd reason the install didn't ask you to add a password..... Immediately after you have installed the mysql server, you should change its root password

    PHP:
    /usr/bin/mysqladmin -u root password 'enter-your-good-new-password-here'
    You must never use your root account and password when running databases. The root account is a privileged account which should only be used for admin procedures. You will need to create a separate user account to connect to your MySQL databases from a PHP script. You can add users to a MySQL database by using a control panel like phpMyAdmin to easily create or assign database permissions for users.

    I can not stress enough how many people are stupid and end up using the root name and password. Don't do it.

    Now let's install and setup Apache2 :)

    PHP:
    aptitude install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils
    Type in your server's IP address .... You should see a nice Apache page (typically says, IT WORKS!)

    Now let's install PHP

    PHP:
    aptitude install php5 php5-fpm libapache2-mod-php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
    The above should allow you to run every possible modification you will find on XenForo. Although you can add php5-geoip if you plan if required, but it does use up some resources.

    Let's see if php is working

    PHP:
    a2enmod rewrite
    a2enmod 
    include
    PHP:
    /etc/init.d/apache2 restart
    We're going to make a simple php test file

    PHP:
    <?php
     
    // Show all information, defaults to INFO_ALL
    phpinfo();
     
    ?>
    Name that file as anything you want, as long as it ends with .php

    Upload it to:

    /var/www/

    Type in your servers IP address and add the path to that file

    Example = 192.168.1.1/FileName.php

    If you see your PHP details all is working :)

    Now DELETE that file. It's not really a good idea to keep it on your server.

    Now let's install a few random things you may find you'll need.

    PHP:
    aptitude install curl perl libapache2-mod-perl2 python libapache2-mod-python ntp ntpdate
    Now lets restart apache2 again (to load all this). The above adds curl, perl, python, and keeps your site time up to date.

    PHP:
    /etc/init.d/apache2 restart
    At this point, depending on your webhost... You maybe simply able to type in your domain name and see that nice Apache2 page without typing in your IP address.

    Thankfully most host (even unmanaged host) have an internal dns / bind system. So configuring or installing such isn't required. And saves you resources and helps limit security threats. Be so thankful for our ever-changing world of technology. :)

    If this is not the case for you.... I'd think about finding another host. Seriously.


    Now you need to make a choice

    1) Is this the only domain you will be having on this server

    OR

    2) Will have other domain names and / or sub domain names

    If option 1 .... Congratulations, you're done. :cool: Pat yourself on the back. Wasn't that easy? :)

    The follow will allow you to work with phpMyAdmin

    PHP:
    aptitude install phpmyadmin

    You'll be asked if you want phpMyAdmin to make its own database, say NO

    PHP:
    /etc/init.d/apache2 restart
    The user name and password will be your root and password. For this reason, do not leave phpMyAdmin installed. Use it only for how long you need it and then remove it. That is my advise to you.

    If you follow my advise, you will need to do the follow below (if you do not follow my advice, at least password protect it using .htaccess as an extra level of security. But remember, I warned you)

    A whole guide to htaccess http://httpd.apache.org/docs/2.0/howto/htaccess.html

    PHP:
    aptitude remove phpmyadmin
    PHP:
    aptitude purge phpmyadmin
    PHP:
    /etc/init.d/apache2 restart
    If option 2 .... A little more work for you.... (SEE NEXT POST)
     
    ting.mike and akia like this.
  8. Adam Howard

    Adam Howard Well-Known Member

    So you've decided you want more and thus continued to option 2 :coffee:

    PHP:
    a2enmod userdir
    Configure Apache module userdir in /etc/apache2/mods-enabled/userdir.conf

    PHP:
    nano /etc/apache2/mods-enabled/userdir.conf
    PHP:
    <IfModule mod_userdir.c>
            
    UserDir public_html
            UserDir disabled root
     
            
    <Directory /home/*/public_html>
                    AllowOverride All
                    Options MultiViews Indexes SymLinksIfOwnerMatch
                    <Limit GET POST OPTIONS>
                            Order allow,deny
                            Allow from all
                    </Limit>
                    <LimitExcept GET POST OPTIONS>
                            Order deny,allow
                            Deny from all
                    </LimitExcept>
            </Directory>
    </IfModule>
    Create directory as user (not as root)

    PHP:
    mkdir /home/$USER/public_html
    Change group as root (substitute your username) and restart web server

    PHP:
    chgrp www-data /home/<username>/public_html
    PHP:
    service apache2 restart
    If you get a Forbidden error when accessing home folder through apache check /home/username has permissions drwxr-xr-x. If the permissions are wrong correct them as such:

    PHP:
    chmod 755 /home/<username>
    Next we need to change something for PHP to work this way

    PHP:
    nano /etc/apache2/mods-available/php5.conf

    PHP:
    <IfModule mod_php5.c>
        <
    FilesMatch "\.ph(p3?|tml)$">
            
    SetHandler application/x-httpd-php
        
    </FilesMatch>
        <
    FilesMatch "\.phps$">
            
    SetHandler application/x-httpd-php-source
        
    </FilesMatch>
        
    # To re-enable php in user directories comment the following lines
        # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
        # prevents .htaccess files from disabling it.
        #<IfModule mod_userdir.c>
        #    <Directory /home/*/public_html>
        #        php_admin_value engine Off
        #    </Directory>
        #</IfModule>
    </IfModule>
    See little instruction note in that? Follow it ;)

    Save and exit

    PHP:
    /etc/init.d/apache2 restart
    Done :cool:

    You're welcome :D

    (Thinking about nGinx ?.... Seems to change per version... ie... Version 1.x.1 is different from 1.x.2 and the same with 1.x.3). The best guide for nGinx is to read, learn, read, learn some more, and do it yourself. Because what I tell you today about nGinx may no longer be true tomorrow or may not fit your needs today.


    ^^ Not bad for someone who did this all by memory :eek:
     
    Nasr, ting.mike, Ingenious and 2 others like this.
  9. akia

    akia Well-Known Member

    Wow! Thank you for the time and effort you've put into that. I shall give it a try and let you know how I get on.
     
    TheVisitors likes this.
  10. Adam Howard

    Adam Howard Well-Known Member

    You're welcome. Let me know how things turn out and if you run into problems.
     
  11. Adam Howard

    Adam Howard Well-Known Member

    Question: Will this work on Ubuntu?

    Answer: YES, the above will indeed work on Ubuntu. :) But keep in mind that out of the box, Ubuntu may use a little bit more resources than Debian and Ubuntu may not always be as stable as Debian. But if your host only offers Ubuntu, do not be discouraged. The overall differences between Ubuntu and Debian are not drastic, this is because Ubuntu is made from Debian.

    Question: Will this work on Mint Linux?

    Answer: YES,the above will indeed work on Mint Linux (both Ubuntu and Debian version). :) However, while Mint makes for a cool desktop; it is not exactly idea for a working server. Mint often uses the SID depositors for both Ubuntu and Debian, then customizes them for their own use. SID is typically thought of as ALPHA or Pre-Beta software.

    Mint can be faster and use less resources, but it is often not stable. I wouldn't recommend it for anyone starting out and who does not know how to fix things themselves.
     
    Ingenious likes this.
  12. akia

    akia Well-Known Member

    I've been playing about on a test server and seem to be going good. :D In fact I'm quite liking it. I feel more in control, and can see that once I get over the learning curve i'm going to be better off. For example I've learnt about SFTP and SCP. Its not something I've ever herd of, I'd just normally use FTP to upload my site and hopefully if I've understood it right I don't have to go to the trouble of installing and configuring a ftp server.

    One thing that has occurred to me though is that without a control panel i'm loosing the ability to have the automated daily ftp backups that i'm used to having.

    I think though that if I set up the following cron:

    Code:
    15 2 * * * root mysqldump -u root -pPASSWORD --all-databases | gzip > /home/backup_`data '+%m-%d-%Y'`.sql.gz
    to back up my databases. I could then use the synchronize folders option in Winscp to backup to my local pc, which I think using windows schedualed tasks I can get this to happen automatically.

    I need to figure out how to create backup archives of the actual files in the web directory though.

    What do you guys think. I'm I on the right track here?
     
  13. akia

    akia Well-Known Member

    Another thing that I need help with, is while I can set up Xenforo to use a google apps account directly. I do have a few scripts that can't use smtp directly and use sendmail?!?.

    I've been looking around and found this guide http://gix.my/comment/16 to get postfix to relay mail to google apps. Does this sound right? it seems a little too simple. Is there anything else missing from it.
     
  14. Ingenious

    Ingenious Well-Known Member

    TheVisitors and akia like this.
  15. Adam Howard

    Adam Howard Well-Known Member

    Question:

    My web host has its own virtual control panel with a reboot option. Do you use the terminal or their reboot button?

    Answer:

    I must prefer using the terminal reboot option, as often many virtual reboot options do take a little longer and about the as actually hitting the re-set button on your PC.

    This is not to say that they are bad. They're actually very useful if the terminal option doesn't work (for whatever reason). But keep in mind that either reboot can take some time and you shouldn't try to rush things either way.

    Question:

    What is the best program to reach the terminal?

    Answer:

    I would recommend Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/ )

    It is easy to use and free.
     
  16. Adam Howard

    Adam Howard Well-Known Member

    Question:

    Why did you not give instructions on how to install and setup FTP ?

    Answer:

    Because SFTP is standard (already configured as root) and is more secure than FTP. Most FTP programs will use SFTP if you tell them too (FileZilla will as well).

    Question:

    Why did you not give instructions on setting up a mail server?

    Answer:

    Everyone's needs vary and I'm not someone who likes helping setup mail servers, as I don't want to be associated with anyone who "may or may not" send out spam.

    Also PHP has a small built-in mail server for your forum to already send out e-mails. So for your basic forum, it's not really needed to have one.

    But if you want one for other reasons.... I would suggest looking up information on PostFix
     
  17. akia

    akia Well-Known Member

    I've found a program called ssmtp do do the job, it relays on mail to google from php aps that can't natively send via smtp.
     
    TheVisitors likes this.
  18. Adam Howard

    Adam Howard Well-Known Member

    Turning out to be a lot easier than you originally thought, huh? ;)
     
  19. akia

    akia Well-Known Member

    Surprisingly so. I'm still playing about on a test server at the moment but I'm getting there. It's a lot simpler getting to know everything than learning how to use the control panel. I'm guessing thats partly down to it being Debian as when I tried centos I had I nightmare with it which is what put me off doing things myself.
     
    TheVisitors likes this.
  20. Adam Howard

    Adam Howard Well-Known Member

    Debian is a lot easier to use and more stable. And I'm sure you've already noticed, it uses a lot fewer resources.

    The two Linux OS's I typically suggest either for web servers or even as a 1st time Linux user, seeking to move away from Microsoft Windows, is Debian or Ubuntu (which is built from Debian).
     

Share This Page