We are pleased to present the first of our guest blog posts from Richard Howell. Richard is a BWF client who currently works for the NHS in the UK as an IT Engineer at an Orthopaedic Hospital. Richard’s blog can be found at www.richardhowell.net and you may follow Richard on Twitter @richardmhowell
Why not contact us today about getting your VPS Server online. We provide fully managed Cpanel Centos Servers where we handle everything for you right down to relatively inexpensive VPS servers running Ubuntu that Richard deployed. All come with a totally no obligation free trial!
I have been jumping around from server to server trying to find that perfect setup, recently i decided to embark on setting up my very own VPS server with a uk company Bigwetfish and while the information is out there for you to follow not all of it works so i thought i would compile a guide on how i set the server up that is now serving this very post.
For this guide we are going to be using a Ubuntu 12.04 LTS server which we have purchased from Big Wet Fish, you can get a free 30 day trial from Big Wet Fish on servers.
Go ahead and order a VPS with 512mb of ram, 20gb hard drive, Ubuntu 12.04 with no Apache and no control panel.
By the end of this tutorial you will have setup a working LEMP stack comprising of Nginx, PHP (With PHP-FPM), Mysql, PHPMyadmin & WordPress you will also have a better understanding of how Ubuntu works and how to setup and check some of the basic functions on the server.
This guide presumes that you have a basic understanding of Linux and terminology used on Linux
Where you see lines of text highlighted like this that is a command and needs to be run in Terminal or Putty
This guide was designed for Ubuntu 12.04 LTS, updates will be made to this guide as needed, if you find mistakes, typos or errors please comment below and i will fix them.
I accept no responsibility for loss or damage to your website or serer as a result of following the steps in this guide.
Now we have that out of the way, lets crack on.
During this tutorial we are going to be using a bunch of commands, let me explain some of them now before we get started
During this guide we will be editing a few configuration files, here is a easy reference list of all the ones we edit and there locations
Okay so you have placed your order, got your IP address and root login and are all set to begin.
You will need to launch Terminal if on a mac or download and install Putty if you are on Windows, i am using Terminal as i am on a mac so i will go ahead and launch that from the Applications folder.
In the window that launches type ssh root@your.ip.adress you should then be asked for your password, enter it here then you will be asked if you would like to add the certificate to the machine choose yes you will then be logged into your server.
If you use a mac there is a great little tip for creating bookmarks for use with Terminal which you can find here
When you buy a server from your chosen provider you will be issued with a root account, using this long term is not a good idea so we need to setup another account and give that account SUDO permissions so that we can edit files and other cool stuff.
You should still have that terminal open from the first stage, so go ahead and enter the following command;
adduser username – replace username with your desired username
Ubuntu will then ask you to choose a password, enter this as requested make sure it is secure, don’t forget to make a note of it, as we will need this.
Now that we have set up our new user setup we need to give that user sudo permissions. Here comes another command, go back to terminal and type
visudo
When the file loads scroll down to the section that reads #User privilege specification and under root type the following username ALL=(ALL:ALL) ALL once you have entered your username in the sudoers file exit by typing :w (this will write the changes) then 😡 (this will exit you out of vi)
A full list of Vi commands can be found here
So still in the terminal window type logout your SSH session will now be closed, have been now been logged out of SSH.
Now we need to log back in using our new user so type ssh username@your.server.ip this will log you into SSH with the newly created user credentials.
Personally I don’t like vi and much prefer to use nano it is more friendly so we need to install that before we can continue.
In your Terminal window type the following command
sudo apt-get install nano
This will now install nano onto your sever so we can use it to edit our configuration files.
Now that we know our new user is working, we know this because if it wasn’t we wouldn’t have been able to login, and we wouldn’t have been able to install nano we now need to disable the ability to login as root.
To do this we need to go back to our Terminal and give Ubuntu some more commands;
sudo nano /etc/ssh/sshd_config
Scroll down to the section that looks like this;
#Authentication
LoginGraceTime 120
PermitRootLogin Yes <- Change this to No
StrictModes yes
Once you have done this type
sudo /etc/init.d/ssh restart
You have now reloaded the SSH configuration and disabled root Logins
Good Job!
SSH by default runs on port 22 hackers obviously know this and will try to brute force your server using this port so we are going to change this to something else to add a second layer of security to our server.
We need to edit the SSH configuration again so in Terminal type the following command
sudo nano /etc/ssh/sshd_config
Once you have the SSH configuration open in nano find the section
#Port 22
Change this to
Port 49151
We need to change this to a port of your choosing, select a 4 or 5 digit port number 49151 but make sure that another service is not using the port you select.
Once you have done that save and close the file and restart the SSH service
sudo /etc/init.d/ssh restart
As above hackers generally know that you may be running SSH on the same IP address as the webserver itself for example if your Nginx is listening on port 80 and is accessible from 10.10.10.10 then a hacker may attempt to brute force your server on that IP address to gain access.
Here we are going to add another layer of security and another fence for hackers to jump over before getting close to the front door. We are going to bind SSH to one of the free IP Addresses your server was assigned when you signed up for service.
We need to go back into the SSH configuration
sudo nano /etc/ssh/sshd_config
Scroll down to the section that looks like
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress : :
Un comment and change the following to look like this
Protocol 2
Listen Address 123.123.123.1
Now save and exit nano and restart SSH
sudo /etc/init.d/ssh restart
You may be disconnected, dont worry we just need to re login using our new details
ssh -p 5431 username@youripaddress
Now that we have the basics in place, our user is created, it has SUDO permissions and we have disabled root Logins we can now begin to set our sever up.
sudo apt-get update
This will now update our repositories locally so that we can install some cool stuff, now lets install Nginx
sudo apt-get install nginx
This command will install the Nginx web server engine onto our server
sudo /etc/init.d/nginx start
That will start the Nginx application, all being well you should get no Error Messages.
Now that the server has started go to your web browser and type your servers IP address into the address bar, you should now see a message saying Welcome to Nginx!
Now we need to setup a directory where all of our sites are going to live
sudo usermod -a -G www-data username
Make sure you change username for the user we created earlier
sudo chown -R www-data:www-data /var/www sudo chmod -R 775 /var/www
What we have just done is given your user access to the folder your sites will be stored in.
Okay now we need to setup some Virtual Hosts. Create a folder for your site to do this run the following command
sudo /var/www$ mkdir -p /var/www/yourdomain.com/{public,logs}
We have just added yourdomain.com into /var/www/ yourdomain.com now also contains a folder called public and a folder called logs
Next we need to setup a virtual host for Nginx
sudo /var/www$ sudo nano /etc/nginx/sites-available/yourdomain.com
This will create the virtual host file for Nginx in the sites-available directory for the domain yourdomain.com paste the following sample configuration into the SSH window and replace yourdomain.com with whatever domain you are using.
server {
listen 80;
server_name www.yourdomain.com;
rewrite ^/(.*) http://yourdomain.com/$1 permanent;
}
server {
client_max_body_size 20M;
listen 80;
server_name yourdomain.com;
access_log /var/www/yourdomain.com/logs/access.log;
error_log /var/www/yourdomain.com/logs/error.log;
location / {
root /var/www/yourdomain.com/public/;
index index.html;
}
}
server {
listen 80;
server_name www.yourdomain.com;
rewrite ^/(.*) http://yourdomain.com/$1 permanent;
}
server {
listen 80;
server_name example.com;
access_log /var/www/yourdomain.com/logs/access.log;
error_log /var/www/yourdomain.com/logs/error.log;
location / {
root /var/www/yourdomain.com/public/;
index index.html;
}
}
The first section rewrites and 301-redirects any www.example.com to example.com; the second portion tells Nginx what port to listen on for queries to this site, where to record the access and error logs, and then finally defines the location of the site’s root directory. Surprisingly simple, isn’t it? Instead of using an .htaccess file, the redirect takes place at the onset. This is the most basic virtual host configuration, but we’ll be adding more later for PHP and WordPress.
All virtual hosts’ configuration files will be kept in the /etc/nginx/sites-available directory, but won’t be enabled unless they’re symlinked in the /etc/nginx/sites-enabled directory. We’ll add the symlink now to enable example.com, then restart Nginx.
Thanks to endofweb for this
sudo ln -s /etc/nginx/sites-available/yourdomain.com/ /etc/nginx/sites-enabled/yourdomain.com sudo /etc/init.d/nginx restart
You may now want to check the logs to make sure there is nothing in there that needs addressing
cat /var/www/yourdomain.com/logs/access.log
If you want to add any more sites in the future you will need to repeat these steps for each site creating a virtual host for each site.
Before we wrap up with Nginx we should take this opportunity to tune Nginx a little, open up the Nginx configuration file which is located at /etc/nginx/nginx.conf
sudo nano /etc/nginx/nginx.conf
You can use the options below as a starting point, as your site develops you may want to change these to better optimize your site.
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
Now we need to restart Nginx to get this configuration re-loaded
sudo /etc/init.d/nginx restart
Installing MySQL is easy peasy
sudo apt-get install mysql-server php5-mysql mysql-client
You’ll be asked for a password, use a good password and make a note of it you will need that later.
We now need to login to MySQL and add a database, user and password to do this use the following;
mysql -u root -p
Enter that password you just created;
create database databasename replace databasename with your desired database name
This will create us a database;
grant all on databasename.* to ‘dbuser’ identified by ‘db_user_pw’
This will add a user (dbuser) with the password (db_user_pw) to the database databasename
quit this takes us out of mysql
Installing PHP is easy and installing it into Nginx is even easier, i got this batch of code from the Media Temple Wiki Page
sudo apt-get install python-software-properties
sudo add-apt-repository ppa:brianmercer/php
sudo apt-get -y update
sudo apt-get -y install php5-cli php5-common php5-mysql php5-suhosin php5-gd
sudo apt-get -y install php5-fpm php5-cgi php-pear php5-memcache php-apc
sudo service php5-fpm start
That is it, php is now installed we just need to fine tune it
cd /etc/php5/fpm
This command will take us to the fpm folder which resides in the php5 folder located in etc
sudo nano php5-conf.conf
This will launch nano with the php5-conf.conf file
I use the following settings in my file, feel free to edit this as you feel needed for your site or needs. The file is commented pretty well.
pm = dynamic
pm.max_children = 8
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 3
pm.max_requests = 500
Installing phpmyadmin is really easy, i had found multiple guides which show you how to setup virtual hosts but i just couldn’t get that to work so i went with using a symlink which worked perfectly here is how i have it setup;
sudo apt-get install phpmyadmin
The installer will ask you to choose the web server you are using, as we are using nginx just select next and move onto the next section
Next you will be asked if you would like to use the local database or not, i selected that i did want to use the database and when asked for a password i entered the same password i choose back when i was installing MySQL
So that we can now access phpmyadmin from your domain we need to create a link in yourdomain.com folder that we created earlier to do this we need to run another command
ln -s /usr/share/phpmyadmin/ /var/www/yourdomain.com/public/phpmyadmin
We should now have a link in our yourdomain.com folder to phpmyadmin you can check this by doing
cd /var/www/yourdomain.com/public
This will take you to the public directory of yourdomain.com
ls
This will list all files in that directory you are looking for phpmyadmin
One last thing we need to do is change a value in the php.ini file or we will be unable to upload any files via phpmyadmin
sudo nano /etc/php5/fpm/php.ini
Once this has loaded find the following;
; Maximum size of POST data that PHP will accept.
; http://php.net/post-max-size
post_max_size = 20M
Increase the post_max_size to around 20M
service php5-fpm reload
This will reload the php configuration
service nginx reload
This will reload the nginx configuration
Next we need to install some form of FTP software onto the server so that we can upload our files, we are going to use proftpd
sudo apt-get install proftpd
You will be presented with this window, when this displays standalone then choose ok
Now that you have uploaded the WordPress core files to your FTP location we need to make Nginx WordPress ready
So we now need to edit yourdomain.com Nginx configuration file
sudo nano/etc/nginx/sites-available/yourdomain.com
If you have some configuration in the file that opens remove everything and paste in the configuration below, change yourdomain.com for the domain you are using.
server {
listen 80;
server_name www.yourdomain.com;
rewrite ^/(.*) http://yourdomain.com/$1 permanent;
}
server {
client_max_body_size 20M;
listen 80;
server_name yourdomain.com;
access_log /var/www/yourdomain.com/logs/access.log;
error_log /var/www/yourdomain.com/logs/error.log;
root /var/www/yourdomain.com/public;
index index.php;
location / {
try_files $uri $uri/ @wordpress /index.php?q=$request_uri;
}
location @wordpress {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME /var/www/yourdomain.com/public/index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME /index.php;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ .php$ {
try_files $uri @wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/yourdomain.com/public$fastcgi_script_name;
include fastcgi_params;
}
}
Notice that we have changed the root index from index.html to index.php
Restart Nginx for the changes to take effect
sudo /etc/init.d/nginx restart
Now we need to make sure that all the permissions are set correctly on the folders
sudo chown -R www-data:www-data /var/www/yourdomain.com
This will change the permissions on the folders
sudo chmod -R 755 /var/www/yourdomain.com/public
You should now use your FTP application of choice, for me it is Transmit and download wp-config-sample.php and edit the contents according to the settings you have selected during this installation. Re-upload it to your server once you have edited it and rename it to wp-config.php
Logwatch is a log analyses that runs every night and emails you the results, this is again not needed for the use of the website but it is useful if you don’t want to go through all the logs daily this is a great way to have them emailed to you.
Lets install Logwatch
sudo apt-get install logwatch
This will install the required components
We want logwatch to send us emails so we need to edit another configuration file
sudo nano /usr/share/logwatch/default.conf/logwatch.conf
We need to change the following information
Output = mail
Format = html
MailTo = youremailaddress@gmail.com
We now need to edit the 00logwatch file
sudo nano /etc/cron.daily/00logwatch
add the following line
/usr/sbin/logwatch –mailto youremail@gmail.com
Save the file and exit that is logwatch setup
Fail2ban is an intrusion prevention framework. The main purpose of it is to block IP Addresses that try to gain access to your server by using brute force login attempts, this is an optional part of the guide and offers no benifit to the site itself but does offer a layer of security.
sudo apt-get install fail2ban sudo nano /etc/fail2ban/jail.conf
Make sure the following is set in the confiuration file
destemail = youremailaddress@gmail.com
This tells fail2ban where to send the information about IP Addresses it has benned
mta = sendmail
The method in which it is to send the information
banaction = iptables-multiport
The ban method in which to ban the IP
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
[proftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 4
As a little bit of fun, i have changed the message that is displayed when i login to my server, you can see below that when i login my server replies with Thunder in ACSII then it welcomes me and tells people who have logged in that the IP Address has been logged.
So lets take a look at how you can do this for your sever
If you would like to use some ASCII go over to http://www.network-science.de/ascii/ and generate one, we will need that in a moment so leave the website open in the background.
sudo nano /etc/motd.tail
This is where we add our message so for me i have added
Once you are happy with the message save and exit out of nano
Now we need to remove some of the information that is displayed there
cd /etc/update-motd.d
This will take us into the directory where all the messages that are displayed when we login are stored
ls
This will list all of the files in that directory
i removed the following 00-header & 90-updates-available dont remove 99-footer as this is what calls our custom message, in order to remove these files we need to issue a command,
sudo chmod -x /etc/update-motd.d/00-header Replace 00-header with the file you would like to adjust
This will remove all permissions from the file 00-header and prevent it from loading
If you would like to allow it to show again use the following
sudo chmod 755 /etc/update-motd.d/00-header Replace 00-header with the file you would like to adjust
That’s it you should now have a fully working Ubuntu Server where you can host your WordPress blog, i hope this has been some use to someone and if you have any problems or find something dosen’t work leave a comment below and i will help you out best i can.
This information is pretty pointless b
Operating System: Cent Os 6.2 X64_86
Memory: 1.5GB Ram
Hard Drive: 50GB
Control Panel: Cpanel
Operating System: Cent Os 6.2 X64_86
Memory: 512mb
Hard Drive: 20GB
Control Panel: None
