Sales Line: 028 9507 2311

Setup a Ubuntu Server with Nginx, PHP, MySQL, PHPMyAdmin & WordPress

Setup a Ubuntu Server with Nginx, PHP, MySQL, PHPMyAdmin & WordPress

We are pleased to present the first of our guest blog posts from Richard Howell. Richard is a BWF client who currently works for the NHS in the UK as an IT Engineer at an Orthopaedic Hospital. Richard’s blog can be found at www.richardhowell.net and you may follow Richard on Twitter @richardmhowell

Why not contact us today about getting your VPS Server online. We provide fully managed Cpanel Centos Servers where we handle everything for you right down to relatively inexpensive VPS servers running Ubuntu that Richard deployed. All come with a totally no obligation free trial!

I have been jumping around from server to server trying to find that perfect setup, recently i decided to embark on setting up my very own VPS server with a uk company Bigwetfish and while the information is out there for you to follow not all of it works so i thought i would compile a guide on how i set the server up that is now serving this very post.

Order Your Server

For this guide we are going to be using a Ubuntu 12.04 LTS server which we have purchased from Big Wet Fish, you can get a free 30 day trial from Big Wet Fish on servers.

Go ahead and order a VPS with 512mb of ram, 20gb hard drive, Ubuntu 12.04 with no Apache and no control panel.

The End Result

By the end of this tutorial you will have setup a working LEMP stack comprising of Nginx, PHP (With PHP-FPM), Mysql, PHPMyadmin & WordPress you will also have a better understanding of how Ubuntu works and how to setup and check some of the basic functions on the server.

Using this guide

This guide presumes that you have a basic understanding of Linux and terminology used on Linux

Where you see lines of text highlighted like this that is a command and needs to be run in Terminal or Putty

This guide was designed for Ubuntu 12.04 LTS, updates will be made to this guide as needed, if you find mistakes, typos or errors please comment below and i will fix them.

I accept no responsibility for loss or damage to your website or serer as a result of following the steps in this guide.

Now we have that out of the way, lets crack on.

Some Commands

During this tutorial we are going to be using a bunch of commands, let me explain some of them now before we get started

  • apt-get – This is the replacement for what used to be aptitude it is the Ubuntu repository for all applications and we will be using it to install our applications, commands such as apt-get install & apt-get remove will be used throughout this guide
  • Sudo – The Sudo command tells Ubuntu that we want to run that particuallr command at a higher priviliedge level than the user you are logged in as we will set this up later but a command we may use for example is sudo nano nginx.conf which would launch nano and we would be able to edit the nginx.conf file
  • free – m this will display the amount of memory that is available on the server, you can find out how linux uses ram here
  • nano – Nano is my text editor of choice, ubuntu as standard dosen’t come with it installed so if you would like to use it i will show you how later otherwise you can use vi or whatever you feel comfortable with.

Configuration Files

During this guide we will be editing a few configuration files, here is a easy reference list of all the ones we edit and there locations

  • Sudoers Access Configuration – visudo
  • SSH Configuration – /etc/ssh/sshd_config
  • Nginx Virtual Hosts – /etc/nginx/sites-available/yourdomain.com
  • Nginx Configuration – /etc/nginx/nginx.conf
  • Site Access Logs – /var/www/yourdomain.com/logs/access.log
  • PHP5 Configuration – /etc/php5/fpm/php5-conf.conf
  • PHP ini Configuration – /etc/php5/fpm/php.ini
  • Fail 2 Ban Confiuration – /etc/fail2ban/jail.conf
  • Logwatch Configuration – /usr/share/logwatch/default.conf/logwatch.conf

Logging into your sever

Okay so you have placed your order, got your IP address and root login and are all set to begin.

You will need to launch Terminal if on a mac or download and install Putty if you are on Windows, i am using Terminal as i am on a mac so i will go ahead and launch that from the Applications folder.

In the window that launches type ssh [email protected] you should then be asked for your password, enter it here then you will be asked if you would like to add the certificate to the machine choose yes you will then be logged into your server.

If you use a mac there is a great little tip for creating bookmarks for use with Terminal which you can find here

Setting up a user

When you buy a server from your chosen provider you will be issued with a root account, using this long term is not a good idea so we need to setup another account and give that account SUDO permissions so that we can edit files and other cool stuff.

You should still have that terminal open from the first stage, so go ahead and enter the following command;

adduser username – replace username with your desired username

Ubuntu will then ask you to choose a password, enter this as requested make sure it is secure, don’t forget to make a note of it, as we will need this.

Now that we have set up our new user setup we need to give that user sudo permissions. Here comes another command, go back to terminal and type

visudo

When the file loads scroll down to the section that reads #User privilege specification and under root type the following username ALL=(ALL:ALL) ALL once you have entered your username in the sudoers file exit by typing :w (this will write the changes) then 😡 (this will exit you out of vi)

A full list of Vi commands can be found here

So still in the terminal window type logout your SSH session will now be closed, have been now been logged out of SSH.

Now we need to log back in using our new user so type ssh [email protected] this will log you into SSH with the newly created user credentials.

Install Nano

Personally I don’t like vi and much prefer to use nano it is more friendly so we need to install that before we can continue.

In your Terminal window type the following command

sudo apt-get install nano

This will now install nano onto your sever so we can use it to edit our configuration files.

Disable Root Logins

Now that we know our new user is working, we know this because if it wasn’t we wouldn’t have been able to login, and we wouldn’t have been able to install nano we now need to disable the ability to login as root.

To do this we need to go back to our Terminal and give Ubuntu some more commands;

sudo nano /etc/ssh/sshd_config

Scroll down to the section that looks like this;

#Authentication
LoginGraceTime 120
PermitRootLogin Yes <- Change this to No
StrictModes yes

Once you have done this type

sudo /etc/init.d/ssh restart

You have now reloaded the SSH configuration and disabled root Logins

Good Job!

Change SSH Port

SSH by default runs on port 22 hackers obviously know this and will try to brute force your server using this port so we are going to change this to something else to add a second layer of security to our server.

We need to edit the SSH configuration again so in Terminal type the following command

sudo nano /etc/ssh/sshd_config

Once you have the SSH configuration open in nano find the section

#Port 22

Change this to

Port 49151

We need to change this to a port of your choosing, select a 4 or 5 digit port number 49151 but make sure that another service is not using the port you select.

Once you have done that save and close the file and restart the SSH service

sudo /etc/init.d/ssh restart

Bind SSH to another IP

As above hackers generally know that you may be running SSH on the same IP address as the webserver itself for example if your Nginx is listening on port 80 and is accessible from 10.10.10.10 then a hacker may attempt to brute force your server on that IP address to gain access.

Here we are going to add another layer of security and another fence for hackers to jump over before getting close to the front door. We are going to bind SSH to one of the free IP Addresses your server was assigned when you signed up for service.

We need to go back into the SSH configuration

sudo nano /etc/ssh/sshd_config

Scroll down to the section that looks like

#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress : :

Un comment and change the following to look like this
Protocol 2
Listen Address 123.123.123.1
Now save and exit nano and restart SSH

sudo /etc/init.d/ssh restart

You may be disconnected, dont worry we just need to re login using our new details

ssh -p 5431 [email protected]

Installing the LEMP Stack

Now that we have the basics in place, our user is created, it has SUDO permissions and we have disabled root Logins we can now begin to set our sever up.

sudo apt-get update

This will now update our repositories locally so that we can install some cool stuff, now lets install Nginx

sudo apt-get install nginx

This command will install the Nginx web server engine onto our server

sudo /etc/init.d/nginx start

That will start the Nginx application, all being well you should get no Error Messages.

Now that the server has started go to your web browser and type your servers IP address into the address bar, you should now see a message saying Welcome to Nginx!

Now we need to setup a directory where all of our sites are going to live

sudo usermod -a -G www-data username

Make sure you change username for the user we created earlier

sudo chown -R www-data:www-data /var/www sudo chmod -R 775 /var/www

What we have just done is given your user access to the folder your sites will be stored in.

Okay now we need to setup some Virtual Hosts. Create a folder for your site to do this run the following command

sudo /var/www$ mkdir -p /var/www/yourdomain.com/{public,logs}

We have just added yourdomain.com into /var/www/ yourdomain.com now also contains a folder called public and a folder called logs

Next we need to setup a virtual host for Nginx

sudo /var/www$ sudo nano /etc/nginx/sites-available/yourdomain.com

This will create the virtual host file for Nginx in the sites-available directory for the domain yourdomain.com paste the following sample configuration into the SSH window and replace yourdomain.com with whatever domain you are using.

server {
listen   80;
server_name  www.yourdomain.com;
rewrite ^/(.*) http://yourdomain.com/$1 permanent;
}

server {
client_max_body_size 20M;
listen   80;
server_name yourdomain.com;

access_log /var/www/yourdomain.com/logs/access.log;
error_log /var/www/yourdomain.com/logs/error.log;

location / {
root   /var/www/yourdomain.com/public/;
index  index.html;
}
}
server {
listen   80;
server_name  www.yourdomain.com;
rewrite ^/(.*) http://yourdomain.com/$1 permanent;
}

server {
listen   80;
server_name example.com;

access_log /var/www/yourdomain.com/logs/access.log;
error_log /var/www/yourdomain.com/logs/error.log;

location / {
root   /var/www/yourdomain.com/public/;
index  index.html;
}
}

The first section rewrites and 301-redirects any www.example.com to example.com; the second portion tells Nginx what port to listen on for queries to this site, where to record the access and error logs, and then finally defines the location of the site’s root directory. Surprisingly simple, isn’t it? Instead of using an .htaccess file, the redirect takes place at the onset. This is the most basic virtual host configuration, but we’ll be adding more later for PHP and WordPress.

All virtual hosts’ configuration files will be kept in the /etc/nginx/sites-available directory, but won’t be enabled unless they’re symlinked in the /etc/nginx/sites-enabled directory. We’ll add the symlink now to enable example.com, then restart Nginx.

Thanks to endofweb for this

sudo ln -s /etc/nginx/sites-available/yourdomain.com/ /etc/nginx/sites-enabled/yourdomain.com sudo /etc/init.d/nginx restart

You may now want to check the logs to make sure there is nothing in there that needs addressing

cat /var/www/yourdomain.com/logs/access.log

If you want to add any more sites in the future you will need to repeat these steps for each site creating a virtual host for each site.

Tuning Nginx

Before we wrap up with Nginx we should take this opportunity to tune Nginx a little, open up the Nginx configuration file which is located at /etc/nginx/nginx.conf

sudo nano /etc/nginx/nginx.conf

You can use the options below as a starting point, as your site develops you may want to change these to better optimize your site.

user www-data;
worker_processes  4;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
worker_connections  1024;
# multi_accept on;
}

Now we need to restart Nginx to get this configuration re-loaded

sudo /etc/init.d/nginx restart

Installing MySQL

Installing MySQL is easy peasy

sudo apt-get install mysql-server php5-mysql mysql-client

You’ll be asked for a password, use a good password and make a note of it you will need that later.

We now need to login to MySQL and add a database, user and password to do this use the following;

mysql -u root -p

Enter that password you just created;

create database databasename replace databasename with your desired database name

This will create us a database;

grant all on databasename.* to ‘dbuser’ identified by ‘db_user_pw’

This will add a user (dbuser) with the password (db_user_pw) to the database databasename

quit this takes us out of mysql

Install PHP-FPM

Installing PHP is easy and installing it into Nginx is even easier, i got this batch of code from the Media Temple Wiki Page

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:brianmercer/php
sudo apt-get -y update
sudo apt-get -y install php5-cli php5-common php5-mysql php5-suhosin php5-gd
sudo apt-get -y install php5-fpm php5-cgi php-pear php5-memcache php-apc
sudo service php5-fpm start

That is it, php is now installed we just need to fine tune it

cd /etc/php5/fpm

This command will take us to the fpm folder which resides in the php5 folder located in etc

sudo nano php5-conf.conf

This will launch nano with the php5-conf.conf file

I use the following settings in my file, feel free to edit this as you feel needed for your site or needs. The file is commented pretty well.

pm = dynamic
pm.max_children = 8
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 3
pm.max_requests = 500

PHPMyAdmin

Installing phpmyadmin is really easy, i had found multiple guides which show you how to setup virtual hosts but i just couldn’t get that to work so i went with using a symlink which worked perfectly here is how i have it setup;

sudo apt-get install phpmyadmin

The installer will ask you to choose the web server you are using, as we are using nginx just select next and move onto the next section

Next you will be asked if you would like to use the local database or not, i selected that i did want to use the database and when asked for a password i entered the same password i choose back when i was installing MySQL

So that we can now access phpmyadmin from your domain we need to create a link in yourdomain.com folder that we created earlier to do this we need to run another command

ln -s /usr/share/phpmyadmin/ /var/www/yourdomain.com/public/phpmyadmin

We should now have a link in our yourdomain.com folder to phpmyadmin you can check this by doing

cd /var/www/yourdomain.com/public

This will take you to the public directory of yourdomain.com

ls

This will list all files in that directory you are looking for phpmyadmin

One last thing we need to do is change a value in the php.ini file or we will be unable to upload any files via phpmyadmin

sudo nano /etc/php5/fpm/php.ini

Once this has loaded find the following;

; Maximum size of POST data that PHP will accept.
; http://php.net/post-max-size
post_max_size = 20M

Increase the post_max_size to around 20M

service php5-fpm reload

This will reload the php configuration

service nginx reload

This will reload the nginx configuration

FTP (File Transfer Protocol)

Next we need to install some form of FTP software onto the server so that we can upload our files, we are going to use proftpd

sudo apt-get install proftpd

You will be presented with this window, when this displays standalone then choose ok

 

WordPress

Now that you have uploaded the WordPress core files to your FTP location we need to make Nginx WordPress ready

So we now need to edit yourdomain.com Nginx configuration file

sudo nano/etc/nginx/sites-available/yourdomain.com

If you have some configuration in the file that opens remove everything and paste in the configuration below, change yourdomain.com for the domain you are using.

server {

listen   80;
server_name  www.yourdomain.com;
rewrite ^/(.*) http://yourdomain.com/$1 permanent;
}

server {

client_max_body_size 20M;
listen   80;
server_name yourdomain.com;

access_log /var/www/yourdomain.com/logs/access.log;
error_log /var/www/yourdomain.com/logs/error.log;

root /var/www/yourdomain.com/public;
index index.php;

location / {
try_files $uri $uri/ @wordpress /index.php?q=$request_uri;
}

location @wordpress {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME /var/www/yourdomain.com/public/index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME /index.php;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ .php$ {
try_files $uri @wordpress;
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  /var/www/yourdomain.com/public$fastcgi_script_name;
include        fastcgi_params;
}
}

Notice that we have changed the root index from index.html to index.php

Restart Nginx for the changes to take effect

sudo /etc/init.d/nginx restart

Now we need to make sure that all the permissions are set correctly on the folders

sudo chown -R www-data:www-data /var/www/yourdomain.com

This will change the permissions on the folders

sudo chmod -R 755 /var/www/yourdomain.com/public

You should now use your FTP application of choice, for me it is Transmit and download wp-config-sample.php and edit the contents according to the settings you have selected during this installation. Re-upload it to your server once you have edited it and rename it to wp-config.php

Installing Logwatch

Logwatch is a log analyses that runs every night and emails you the results, this is again not needed for the use of the website but it is useful if you don’t want to go through all the logs daily this is a great way to have them emailed to you.

Lets install Logwatch
sudo apt-get install logwatch

This will install the required components

We want logwatch to send us emails so we need to edit another configuration file

sudo nano /usr/share/logwatch/default.conf/logwatch.conf

We need to change the following information

Output = mail
Format = html
MailTo = [email protected]

We now need to edit the 00logwatch file

sudo nano /etc/cron.daily/00logwatch

add the following line

/usr/sbin/logwatch –mailto [email protected]

Save the file and exit that is logwatch setup

Installing Fail2ban

Fail2ban is an intrusion prevention framework. The main purpose of it is to block IP Addresses that try to gain access to your server by using brute force login attempts, this is an optional part of the guide and offers no benifit to the site itself but does offer a layer of security.

sudo apt-get install fail2ban sudo nano /etc/fail2ban/jail.conf

Make sure the following is set in the confiuration file

destemail = [email protected]

This tells fail2ban where to send the information about IP Addresses it has benned

mta = sendmail

The method in which it is to send the information

banaction = iptables-multiport

The ban method in which to ban the IP

[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 6

[proftpd]

enabled  = true
port     = ftp,ftp-data,ftps,ftps-data
filter   = proftpd
logpath  = /var/log/proftpd/proftpd.log
maxretry = 4

Adding a Custom Login Message

As a little bit of fun, i have changed the message that is displayed when i login to my server, you can see below that when i login my server replies with Thunder in ACSII then it welcomes me and tells people who have logged in that the IP Address has been logged.

So lets take a look at how you can do this for your sever

If you would like to use some ASCII go over to http://www.network-science.de/ascii/ and generate one, we will need that in a moment so leave the website open in the background.

sudo nano /etc/motd.tail

This is where we add our message so for me i have added

Once you are happy with the message save and exit out of nano

Now we need to remove some of the information that is displayed there

cd /etc/update-motd.d

This will take us into the directory where all the messages that are displayed when we login are stored

ls

This will list all of the files in that directory

i removed the following 00-header & 90-updates-available dont remove 99-footer as this is what calls our custom message, in order to remove these files we need to issue a command,

sudo chmod -x /etc/update-motd.d/00-header Replace 00-header with the file you would like to adjust

This will remove all permissions from the file 00-header and prevent it from loading

If you would like to allow it to show again use the following

sudo chmod 755 /etc/update-motd.d/00-header Replace 00-header with the file you would like to adjust

That’s it you should now have a fully working Ubuntu Server where you can host your WordPress blog, i hope this has been some use to someone and if you have any problems or find something dosen’t work leave a comment below and i will help you out best i can.

Useless Stats

This information is pretty pointless b

My Old Server

Operating System: Cent Os 6.2 X64_86

Memory: 1.5GB Ram

Hard Drive: 50GB

Control Panel: Cpanel

New Server

Operating System: Cent Os 6.2 X64_86

Memory: 512mb

Hard Drive: 20GB

Control Panel: None