VPS Set Up Guide Part 1: Setting up the Server
Step by step guide to setting up Apache, MySQL and PHP on Ubuntu 12.04
Every time I get a new VPS, I have to trawl back through blog posts and articles on how to set it up and secure it. I can never find a decent, succinct guide that covered all the basics, so I thought I'd make one.
Now, I'm the first to admit this isn't my area of expertise; so if anything I've posted here is wrong, please let me know and I'll happily change it. Consider this more of a living document than a final piece.
First, some notes:
- This was all done on a fresh install of Ubuntu 12.04 LTS
- Use at your own discretion. I cannot be held responsible if you use this guide and anything goes wrong
Getting to the root of the problem
The first thing I do is create a new user and remove the root user. For more information on why we're doing this, check out this page on How to Geek.
// Add the new user todd@vps: adduser bob
You'll be prompted to enter a password and some other details. Now add an admin group:
// Add the new admin group todd@vps: groupadd admin // Append the admin groups to Bob's groups todd@vps: usermod -aG admin bob
Note: You'll have to log back in and out again for the groups to show up if you use a command such as:
todd@vps: groups bob
Now, add the admin group to the visudo file so we can sudo!
There's already a line in there allowing admins sudo access, simply uncomment it, and add a % infront. (To show it's a group, not a user.)
# Members of the admin group may gain root privileges %admin ALL=(ALL) ALL
You can read more on editing the sudo file here: http://www.howtogeek.com/howto/linux/security-tip-disable-root-ssh-login-on-linux/. You can do quite a lot in there, and it might be worth giving it a read if you're going to have more than one user on your box.
Best thing to do now is to log out of root, back in as Bob, and test if you can sudo.
todd@vps: sudo su
If all went well, let's disable root logging in.
// Open up the sshd_config to edit todd@vps: nano /etc/ssh/sshd_config // Change yes to no on this line PermitRootLogin no // Restart ssh! todd@vps: sudo service ssh restart
LAMPin' it up
Next, we'll install Apache, MySQL and PHP. We'll do this by using apt-get. (As seen here: http://www.sudo-juice.com/install-lamp-server-ubuntu/.)
// Cheeky apt-get update, just to make sure we've got all the // latest versions of the packages todd@vps: sudo apt-get update // Install stuff! todd@vps: sudo apt-get install php5 php5-mysql mysql-server mysql-client apache2
Type Y and press enter when prompted. You'll also need to enter a MySQL password at some point in the installation. Whilst you can leave it blank, you'd be pretty silly to.
Once that's completed, go your your server's IP in a browser, and you should see the default 'It works!' Apache page!
Install CURL, mycrypt & GD. (I always forget to do this.)
todd@vps: apt-get install php5-curl php5-gd php5-mcrypt
Enable Mod rewrite.
todd@vps: sudo a2enmod rewrite
To finish this section off, we'll add our user and the default Apache user (www-data) to a web group. This should allow the user to edit any Apache created files and vice versa, which should mean we don't have to 777 any folders anymore. (775 files/dirs that need to be edited by both, otherwise 644 for files and 755 for folders).
It might be a good idea to check if www-data is the correct user (but it probably is).
// Add Bob to group web todd@vps: usermod -aG web bob // Set web as default primary group for Bob todd@vps: usermod -g web bob // Add www-data to group web todd@vps: usermod -aG web www-data
// Open the envvars file todd@vps: nano /etc/apache2/envvars // Check out the line that says export APACHE_RUN_GROUP=www-data
You can also edit the line above to change the group Apache is in.
Part 1 complete
That's it for part 1. Part 2 will cover the rest of the steps, such as:
- UFW (Uncomplicated Firewall)
- Setting up a site and removing the default!
- Setting up MySQL users and databases
Comments and improvements welcomed!
Part 2 is now live, check it out!