The Perfect Server - Debian

akia

Well-known member
I've decided I want to go down the route of using NginX with php-fpm. I've deided to use this with Debian as is seems more simple to use.

Being a linux newbie is a bit of a learning curve. But I've found a really good how to here:

http://www.howtoforge.com/perfect-s....0-with-bind-dovecot-and-nginx-ispconfig-3-p4

As I'm going to be using google Aps for any email I think i need to tweak the steps as follows:

Step 10: what the guide says
Code:
Code:
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d sudo
What I think I should do
Code:
Code:
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl rkhunter binutils sudo
Step 11: what the guide says
Code:
Code:
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
Step 11 is what I'm really struggling with. as I can't work out what I need don't need here.

Skip step 14 all together

Step 16 -
Code:
Code:
apt-get install bind9 dnsutils
Skip All together because my dns is being managed centrally.

then once I've installed ISPConfig 3 set it in the server options to send mail to SMTP for the google account.

Is this right? to give me a server where no inbound mail is dealt with, but any php scripts can still send mail out if they are not able to connect directly with the smtp server. Can someone give me a hint how whether I'm going this right.
 
I was using ISP manager, but I want to swap to using nginx and php-fpm and it seems to be the only control panel that supports it.
 
Do you guys know of any decent how to guides that would be a good starting point if I go it without a cp
 
Do you guys know of any decent how to guides that would be a good starting point if I go it without a cp
This I can help you with easily

I'm again going to assume your starting out with Debian Minimum Install. I'm also going to assume you're using either a dedicated or vps server, with root access.

1st let's install aptitude. This will make installing programs easier and help you resolve any conflicts (and warn you of them before trying anything).

PHP:
apt-get install aptitude

Next before you go about installing anything, let's make sure to install any update to the core

PHP:
aptitude update

PHP:
aptitude full-upgrade

Depending on how your web host allows for things and depending on how many or what was upgraded, you may want to reboot (caution check with your host if this is supported. Most allow this and it is free, but double-check). This can take a few minutes so do not panic if you're not be online right away (you'll need to sign back in once you're online).

To reboot (remember my caution)

PHP:
reboot


Next we're going to install a very simple editor to help you edit things (alternatively, you could always download files and edit them on your PC and then upload them if it is easier). The editor I would suggest if you will edit things manually online is Nano.

PHP:
aptitude install nano

Now we're going to add a few things into your update source list

PHP:
nano /etc/apt/sources.list

Or of course you could download that file and edit on your PC (follow that path)

PHP:
# Debain Main Update
deb http://ftp.de.debian.org/debian stable main contrib non-free
deb-src http://ftp.de.debian.org/debian stable main contrib non-free
 
deb http://ftp.debian.org/debian/ squeeze-updates main contrib non-free
deb-src http://ftp.debian.org/debian/ squeeze-updates main contrib non-free
 
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

The above will add all the repositories from Debian on their main Germany server, which is where updates are posted 1st before they are branched out else where. So you'll get things ASAP when you do update or upgrade.

TIP = It is safe to replace any official Debian Sources that may have already been there, but if you find anything none official... Odds are good your host may have their own things in there. Do not replace theirs, just the official sources only.

You may also want to add this to your repository (I would suggest you do so)

PHP:
#Debian Backport
deb http://backports.debian.org/debian-backports squeeze-backports main

This is a repository that developers submit things to Debian. It often will help you obtain the news security patches before it is added onto the Debian main servers. There is a small catch... Sometimes I've been told things here are not always stable... Its never happen to me, but I figure you should know.

Finally we're going to need to add 1 last thing onto the list. No matter if you elect to use Apache2 or nGinx, this is where you'll get the newest stable version.

PHP:
#Dotdeb.org
deb http://packages.dotdeb.org squeeze all
deb-src http://packages.dotdeb.org squeeze all

If you plan on using php5.4, also add the following (not needed & do not add if you'll only use php 5.3.x)

PHP:
#Dotdeb.org php 5.4
deb http://packages.dotdeb.org squeeze-php54 all
deb-src http://packages.dotdeb.org squeeze-php54 all

Save and exit Nano (remember to save)

Now the next step is as follows (this will add the security key for Dotdeb.org)

PHP:
wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | sudo apt-key add -

Next lets once again make sure everythign is up to date before we install anything else.

PHP:
aptitude update

PHP:
aptitude full-upgrade

You make get a few updates. If you again got a lot of update, reboot. (remember my cation and remember this may take sometime)

PHP:
reboot

Now the fun part :)

I'm going to suggest Apache2 with php-fpm and standard MySQL.

Mostly because you're new and setting up nGinx isn't for the faint of heart. But also for the life of you... I don't think you'll want to re-configure re-write rules for every 3rd party change or add-on you'll add for either XenForo, Word Press, or anything else for that matter.

NEXT POST....... I'll show you how to install and configure some basics (I'm splitting this for easier read)
 
If you did or needed to reboot a 2nd time, follow the same update and full-upgrade until everything reports there are no update.

Now after you're completed this.... The fun begins :)

PHP:
aptitude install mysql-server mysql-client

Normally during the install, you will be asked to provide a MySQL Root Password. This is important to NEVER use the MySQL root (if you can help it), but also important to NEVER forget this password either. Make this password long and no easy to guess.

If for some odd reason the install didn't ask you to add a password..... Immediately after you have installed the mysql server, you should change its root password

PHP:
/usr/bin/mysqladmin -u root password 'enter-your-good-new-password-here'

You must never use your root account and password when running databases. The root account is a privileged account which should only be used for admin procedures. You will need to create a separate user account to connect to your MySQL databases from a PHP script. You can add users to a MySQL database by using a control panel like phpMyAdmin to easily create or assign database permissions for users.

I can not stress enough how many people are stupid and end up using the root name and password. Don't do it.

Now let's install and setup Apache2 :)

PHP:
aptitude install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils

Type in your server's IP address .... You should see a nice Apache page (typically says, IT WORKS!)

Now let's install PHP

PHP:
aptitude install php5 php5-fpm libapache2-mod-php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

The above should allow you to run every possible modification you will find on XenForo. Although you can add php5-geoip if you plan if required, but it does use up some resources.

Let's see if php is working

PHP:
a2enmod rewrite
a2enmod include

PHP:
/etc/init.d/apache2 restart

We're going to make a simple php test file

PHP:
<?php
 
// Show all information, defaults to INFO_ALL
phpinfo();
 
?>

Name that file as anything you want, as long as it ends with .php

Upload it to:

/var/www/

Type in your servers IP address and add the path to that file

Example = 192.168.1.1/FileName.php

If you see your PHP details all is working :)

Now DELETE that file. It's not really a good idea to keep it on your server.

Now let's install a few random things you may find you'll need.

PHP:
aptitude install curl perl libapache2-mod-perl2 python libapache2-mod-python ntp ntpdate

Now lets restart apache2 again (to load all this). The above adds curl, perl, python, and keeps your site time up to date.

PHP:
/etc/init.d/apache2 restart

At this point, depending on your webhost... You maybe simply able to type in your domain name and see that nice Apache2 page without typing in your IP address.

Thankfully most host (even unmanaged host) have an internal dns / bind system. So configuring or installing such isn't required. And saves you resources and helps limit security threats. Be so thankful for our ever-changing world of technology. :)

If this is not the case for you.... I'd think about finding another host. Seriously.


Now you need to make a choice

1) Is this the only domain you will be having on this server

OR

2) Will have other domain names and / or sub domain names

If option 1 .... Congratulations, you're done. :cool: Pat yourself on the back. Wasn't that easy? :)

The follow will allow you to work with phpMyAdmin

PHP:
aptitude install phpmyadmin


You'll be asked if you want phpMyAdmin to make its own database, say NO

PHP:
/etc/init.d/apache2 restart

The user name and password will be your root and password. For this reason, do not leave phpMyAdmin installed. Use it only for how long you need it and then remove it. That is my advise to you.

If you follow my advise, you will need to do the follow below (if you do not follow my advice, at least password protect it using .htaccess as an extra level of security. But remember, I warned you)

A whole guide to htaccess http://httpd.apache.org/docs/2.0/howto/htaccess.html

PHP:
aptitude remove phpmyadmin
PHP:
aptitude purge phpmyadmin

PHP:
/etc/init.d/apache2 restart

If option 2 .... A little more work for you.... (SEE NEXT POST)
 
So you've decided you want more and thus continued to option 2 :coffee:

PHP:
a2enmod userdir

Configure Apache module userdir in /etc/apache2/mods-enabled/userdir.conf

PHP:
nano /etc/apache2/mods-enabled/userdir.conf

PHP:
<IfModule mod_userdir.c>
        UserDir public_html
        UserDir disabled root
 
        <Directory /home/*/public_html>
                AllowOverride All
                Options MultiViews Indexes SymLinksIfOwnerMatch
                <Limit GET POST OPTIONS>
                        Order allow,deny
                        Allow from all
                </Limit>
                <LimitExcept GET POST OPTIONS>
                        Order deny,allow
                        Deny from all
                </LimitExcept>
        </Directory>
</IfModule>

Create directory as user (not as root)

PHP:
mkdir /home/$USER/public_html

Change group as root (substitute your username) and restart web server

PHP:
chgrp www-data /home/<username>/public_html

PHP:
service apache2 restart

If you get a Forbidden error when accessing home folder through apache check /home/username has permissions drwxr-xr-x. If the permissions are wrong correct them as such:

PHP:
chmod 755 /home/<username>

Next we need to change something for PHP to work this way

PHP:
nano /etc/apache2/mods-available/php5.conf


PHP:
<IfModule mod_php5.c>
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
    # To re-enable php in user directories comment the following lines
    # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
    # prevents .htaccess files from disabling it.
    #<IfModule mod_userdir.c>
    #    <Directory /home/*/public_html>
    #        php_admin_value engine Off
    #    </Directory>
    #</IfModule>
</IfModule>

See little instruction note in that? Follow it ;)

Save and exit

PHP:
/etc/init.d/apache2 restart

Done :cool:

You're welcome :D

(Thinking about nGinx ?.... Seems to change per version... ie... Version 1.x.1 is different from 1.x.2 and the same with 1.x.3). The best guide for nGinx is to read, learn, read, learn some more, and do it yourself. Because what I tell you today about nGinx may no longer be true tomorrow or may not fit your needs today.


^^ Not bad for someone who did this all by memory :eek:
 
Wow! Thank you for the time and effort you've put into that. I shall give it a try and let you know how I get on.
 
Question: Will this work on Ubuntu?

Answer: YES, the above will indeed work on Ubuntu. :) But keep in mind that out of the box, Ubuntu may use a little bit more resources than Debian and Ubuntu may not always be as stable as Debian. But if your host only offers Ubuntu, do not be discouraged. The overall differences between Ubuntu and Debian are not drastic, this is because Ubuntu is made from Debian.

Question: Will this work on Mint Linux?

Answer: YES,the above will indeed work on Mint Linux (both Ubuntu and Debian version). :) However, while Mint makes for a cool desktop; it is not exactly idea for a working server. Mint often uses the SID depositors for both Ubuntu and Debian, then customizes them for their own use. SID is typically thought of as ALPHA or Pre-Beta software.

Mint can be faster and use less resources, but it is often not stable. I wouldn't recommend it for anyone starting out and who does not know how to fix things themselves.
 
You're welcome. Let me know how things turn out and if you run into problems.
I've been playing about on a test server and seem to be going good. :D In fact I'm quite liking it. I feel more in control, and can see that once I get over the learning curve i'm going to be better off. For example I've learnt about SFTP and SCP. Its not something I've ever herd of, I'd just normally use FTP to upload my site and hopefully if I've understood it right I don't have to go to the trouble of installing and configuring a ftp server.

One thing that has occurred to me though is that without a control panel i'm loosing the ability to have the automated daily ftp backups that i'm used to having.

I think though that if I set up the following cron:

Code:
15 2 * * * root mysqldump -u root -pPASSWORD --all-databases | gzip > /home/backup_`data '+%m-%d-%Y'`.sql.gz

to back up my databases. I could then use the synchronize folders option in Winscp to backup to my local pc, which I think using windows schedualed tasks I can get this to happen automatically.

I need to figure out how to create backup archives of the actual files in the web directory though.

What do you guys think. I'm I on the right track here?
 
Another thing that I need help with, is while I can set up Xenforo to use a google apps account directly. I do have a few scripts that can't use smtp directly and use sendmail?!?.

I've been looking around and found this guide http://gix.my/comment/16 to get postfix to relay mail to google apps. Does this sound right? it seems a little too simple. Is there anything else missing from it.
 
Question:

My web host has its own virtual control panel with a reboot option. Do you use the terminal or their reboot button?

Answer:

I must prefer using the terminal reboot option, as often many virtual reboot options do take a little longer and about the as actually hitting the re-set button on your PC.

This is not to say that they are bad. They're actually very useful if the terminal option doesn't work (for whatever reason). But keep in mind that either reboot can take some time and you shouldn't try to rush things either way.

Question:

What is the best program to reach the terminal?

Answer:

I would recommend Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/ )

It is easy to use and free.
 
Question:

Why did you not give instructions on how to install and setup FTP ?

Answer:

Because SFTP is standard (already configured as root) and is more secure than FTP. Most FTP programs will use SFTP if you tell them too (FileZilla will as well).

Question:

Why did you not give instructions on setting up a mail server?

Answer:

Everyone's needs vary and I'm not someone who likes helping setup mail servers, as I don't want to be associated with anyone who "may or may not" send out spam.

Also PHP has a small built-in mail server for your forum to already send out e-mails. So for your basic forum, it's not really needed to have one.

But if you want one for other reasons.... I would suggest looking up information on PostFix
 
Question:

Why did you not give instructions on how to install and setup FTP ?

Answer:

Because SFTP is standard (already configured as root) and is more secure than FTP. Most FTP programs will use SFTP if you tell them too (FileZilla will as well).

Question:

Why did you not give instructions on setting up a mail server?

Answer:

Everyone's needs vary and I'm not someone who likes helping setup mail servers, as I don't want to be associated with anyone who "may or may not" send out spam.

Also PHP has a small built-in mail server for your forum to already send out e-mails. So for your basic forum, it's not really needed to have one.

But if you want one for other reasons.... I would suggest looking up information on PostFix

I've found a program called ssmtp do do the job, it relays on mail to google from php aps that can't natively send via smtp.
 
Turning out to be a lot easier than you originally thought, huh? ;)
Surprisingly so. I'm still playing about on a test server at the moment but I'm getting there. It's a lot simpler getting to know everything than learning how to use the control panel. I'm guessing thats partly down to it being Debian as when I tried centos I had I nightmare with it which is what put me off doing things myself.
 
Surprisingly so. I'm still playing about on a test server at the moment but I'm getting there. It's a lot simpler getting to know everything than learning how to use the control panel. I'm guessing thats partly down to it being Debian as when I tried centos I had I nightmare with it which is what put me off doing things myself.
Debian is a lot easier to use and more stable. And I'm sure you've already noticed, it uses a lot fewer resources.

The two Linux OS's I typically suggest either for web servers or even as a 1st time Linux user, seeking to move away from Microsoft Windows, is Debian or Ubuntu (which is built from Debian).
 
Top Bottom