Installing a web server for a production environment, with Ubuntu as operating system, is not too difficult because most of the required packages don’t need a lot of configurations. In this tutorial we create a (power) user, we install Apache, PHP and MySQL, phpMyAdmin and several other services needed to run a powerful and secure web server.
First you need a web server (VPS or a dedicated server). Try to get a cloud server, they are very powerful, redundant and flexible. Choose a Linux image like Ubuntu 10.04 LTS and validate that the SSH server is up and running. Don’t use an image where any web service is pre-installed.
Creating the “Admin” user
- Login via SSH using root user account
- Create a new user with
useradd -d /home/newuser -m newuser(-d points to the directory and -m will create the directory). Use
passwd newuserto create a password for the user.
- Make the new user owner of the newly created user directory:
chown newuser:newuser /home/newuser
- Add the new user to the sudo group using
adduser newuser sudo
- Optional: change the “shell” for this user with:
chsh -s /bin/bash newuser
- Restrict root access; use the command
sudo passwd -l rootto disable the root password. Open a second terminal window login with the new user name and close the first terminal window ONLY if your new account works (test an admin command using sudo first).
We don’t install a mailserver like postfix, but we need a simple mail demon which is able to send simple mail messages.
- Install the sendmail program using
sudo apt-get install sendmail
- Test the program using
echo "hello world" | /usr/sbin/sendmail -v firstname.lastname@example.org
Install the CSF Firewall
To finish the installation of csf the LWP perl module (libwww-perl) has to be installed. The csf setup script will stop the installation process if this package is not yet installed. If this is the case install the module using
sudo apt-get install libwww-perl and restart the csf setup script.
- Change to your home directory and download csf using
- Untar the downloaded file:
tar -xzf csf.tgz
- Change into the csf directory
cd csfand start the install script (as root)
sudo sh install.sh
- Now let’s test that the required iptables modules are working for 100% in our system, type this command
sudo perl /etc/csf/csftest.pl. You get a small report and if everything looks fine, continue to the next step.
- Open the csf config file
sudo nano /etc/csf/csf.conf, check the default port numbers and eventually other settings. Each setting is well documented, if you’re ready than change also this row TESTING = “1” to enable the firewall (use ctrl+x to save the file).
- Now we need to restart the csf service using
sudo csf -r, open a second terminal and login using SSH. You need this extra step to be sure that your firewall doesn’t have blocked ssh access for yourself 😉
Installing Apache, PHP and MySQL
- First we install Apache:
sudo apt-get install apache2
- We want to use the MPM prefork module instead of the MPM worker module for the best performance:
sudo apt-get install apache2-mpm-prefork
- Next we can install PHP using
sudo apt-get install php5-cgi php5-cli(these two libs are enough for the moment, we will add more of them later)
- We install suPHP for more security, suPHP makes it possible that PHP scripts are executed by the user who has created the script. Enter into the terminal:
sudo apt-get install libapache2-mod-suphp
- Now install the MySQL service:
sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql. Provide a strong password for the MySQL root user.
Create your first virtual hosting account
We created already a user in the begin of this tutorial, now we like to install phpMyAdmin as our first web application.
- Move to your user’s home directory and create a new directory
- Now we create a host file for Apache:
sudo nano /etc/apache2/sites-available/myphpmyadmin.conf
- Inside this new file we will add the following code:
12345678<VirtualHost *:80>ServerName myhostname.comServerAdmin webmaster@localhostDocumentRoot /home/newuser/phpmyadmin/ErrorLog /var/log/apache2/phpmyadmin-error.logLogLevel warnCustomLog /var/log/apache2/phpmyadmin-access.log combined</VirtualHost>
- Save the file with ctrl+x
- Enable the site configuration with
sudo a2ensite myphpmyadmin.confand reload Apache with
sudo /etc/init.d/apache2 reload.
Now we’re able to install phpMyAdmin for the virtual host we have just created.
- Return to your user’s home directory and download phpMyAdmin using
- Untar the gz archive with
tar xvfz phpMyAdmin-18.104.22.168-english.tar.gzand move the extracted directory to your host directory with
mv /home/newuser/phpMyAdmin-22.214.171.124-english /home/newuser/phpmyadmin
- Open your web browser, enter the server name in the address bar and you should see the phpMyAdmin login page. (you can login with the MySQL root password)
We mentioned before that you should install additional PHP libs.
- Install these common PHP libraries:
sudo apt-get install php5-curl php5-gd php5-mcryptYou need to fix the #; comment bug inside the mcrypt.ini file or you get depreciated warnings. Restart Apache after your installed these PHP functions
- Create a kind of super user for your database using phpMyAdmin, it’s much safer to use a different user than the “root” user for normal database operations.
- Your phpMyAdmin host is accessible for everyone, you should protect your database tool against bots using
1234567<Directory /home/newuser/phpmyadmin>Options Indexes FollowSymLinks MultiViewsAllowOverride NoneOrder allow,deny# add here your IP addressesallow from 100.100.100.100</Directory>
You need to enter these rules into your host configuration file.
That’s all so far, add additional hosts and install your websites. A DNS service is not part of this tutorial, use instead the DNS zone from your domain name provider and create A records for your server’s IP address.
If you have any problems using this tutorial for your own server or for any other question please post your comment below.