You can read the previous part of the series, by clicking here
Other stuff in the series:
In the webserver series, we will configure a web server. We will install Apache, PHP 7.1 and MySQL, we will setup a Let's Encrypt bot, and a bandwidth monitor. We will also setup Wordpress, phpMyAdmin and we will open the needed ports on UFW.
What we WON'T do, is to install an FTP server. When time comes, I will help you configure Filezilla to use your private key (the one we made on the 3rd part of the "Basic Server Security" series), and you will upload anything you want via this.
This series will be split into 3 or 4 parts, as it is large as well. Writing everything in one post is counter productive for me.
On the second part of the web server series, we will take care of the configuration of the stuff we installed previously.
vnStat: Setting the default network interface
The easiest way to find our default interface is to use sudo route. The result is this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 100-100-200-1.r 0.0.0.0 UG 0 0 0 eno1
1.2.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
3.4.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1
In this case, the default network interface is "eno1". The last field on the row with destination "default" is what we need.
In a different server:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.9.159.80 0.0.0.0 UG 0 0 0 eth0
1.2.1.0 * 255.255.255.254 U 0 0 0 eth0
In this case the interface we need is "eth0"
Now, we must edit vnStat's config:
sudo nano /etc/vnstat.conf
locate the line saying Interface "eth0" and change the eth0 to our interface name. If your interface name is eth0, you can skip the configuration.
Exit nano (ctrl+x, Y, Enter), restart vnStat (sudo service vnstat restart) and now we are ready to start...
...using vnStat
The simplest way to use vnStat, would be to simply type vnstat
View hourly stats: vnstat -h
View daily stats: vnstat -d
View weekly stats: vnstat -w
View monthly stats: vnstat -m
View top10 days: vnstat -t
Force an update: vnstat -u
Show live transfer rate: vnstat -l
Combinable switches
You can use these switches with any of the above commands to change the output to your liking:
-ru: Alternative rate unit
-i interfacename: Show stats for interfacename
an example would be:
vnstat -l -ru -i eth1 which would show live traffic with alternative rate units on interface eth1
Configuring MySQL
We will do the initial MySQL hardening.
sudo mysql_secure_installation
Securing the MySQL server deployment.
Enter password for user root:
Type in the MySQL root password. You configured this during the installation of MySQL/MariaDB.
VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?
I choose NO, but you can choose y(es) if you need this
Using existing password for root.
Change the password for root ?
type y to change it or n to stop it
... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users?
Type y here!
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely?
Type y here!
Success.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.Remove test database and access to it?
Type y here too!
- Dropping test database...
Success.- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now?
for the final time, type y too as well!
Success.
All done!
as the message says, All done! :)
Configuring Apache 2
If you plan to run multiple sites on various domains, I will cover this in the next part of the series. If you are reading this at the time of posting this, I'm sorry for this. I prefer to make Apache Multisite a standalone part, as it will get somewhat long.
First, we will enable two apache 2 mods: mod_rewrite and mod_ssl. Easy, peasy!
sudo a2enmod rewrite ssl
Then, restart Apache!
sudo service apache2 restart
We won't configure an SSL right now, as it will be covered at the next parts. We will add Let's Encrypt to make it automated. If you don't know what is Let's Encrypt, it is a free, open and automated Certificate Authority. You don't have to pay to create a certificate nor to renew it. Click here to visit their website for more info
The default Apache web directory is located at the directory /var/www/html, in case you want to start playing around.
Installing phpMyAdmin
We didn't install phpMyAdmin on the previous step. Installation and configuration is pretty straight-forward:
sudo apt-get install phpmyadmin php7.1-mbstring php7.1-gettext -y
You will get a prompt asking you a few questions:
- What server software you use. Apache2 is already highlighted, but not selected. Press the spacebar, then tab and then enter to select and confirm your selection.
- Use dbconfig-common to setup the database (you will select "yes")
- Your root MySQL password (type it)
- A phpMyAdmin password, which you will be asked to retype for confirmation. Don't forget this password.
We also installed PHP's mbstring & gettext. We need to enable them in PHP, and restart Apache!
sudo phpenmod mcrypt
sudo phpenmod mbstring
sudo systemctl restart apache2
Now if you go to http://yourip/phpmyadmin, you will be able to use phpMyAdmin to manage your databases!
Configuring PHP
We will increase the file upload limits, as they are way too low by default. Chances are that you will run wordpress or some other CMS, and you will need to upload a big image or some other big file at some point, and you will end up getting errors. So it is better to do this right now, and get it out of the way!
To locate the default php.ini config file loaded, you can create a phpinfo file.
sudo nano /var/www/html/info.php
Type these in:
<?php
phpinfo();
?>
Exit nano by saving the changes, and go to http://yourserverip/info.php
Locate the line saying Loaded Configuration File : and what comes after that, is your config file.
Is usualy is /etc/php/7.1/apache2/php.ini, but in some servers I saw it load by default /etc/php/7.0/cgi/php.ini.
Memorise it, and edit it using nano (by the way this must be your first assignment! good luck)
And do the following changes:
- Locate
post_max_sizeand change it to 128M. If you have less than 512MB RAM, you should add some swap space. This will be covered in another section. - Locate
upload_max_filesizeand change it to 128M - Locate
memory_limitand change it to 200M.
You noticed how I set memory_limit to something higher than the other two config values? If you set it to the same or lower amount of ram than the other two values, you will end up getting errors and failed transfers.
Now exit nano and restart apache.
sudo service apache2 restart
That's it for now! What we have left to do, is add Let's Encrypt, configure it to autorenew our certificate, and see what we can do for Apache to use multiple virtual hosts etc.
Part 3 is now available. Click here to read it!
Thank you for reading. If you liked my small tutorial, or have any questions, feel free to leave a comment.
- Main image courtesy of Jenkov Tutorials
If you need a place to host your servers consider Vultr, Digital Ocean and BuyVM.
These are affiliate links. If you sign up through them, you support me and I will have more free time to write more content like this.
Also If you signup for Digital Ocean through my affiliate link, you will get $10 to try them out. Note: to battle abusers of this offer, you'll have to make a $5 deposit via Paypal or add your credit/debit card, so they can confirm that you are a new user. I did a deposit via Paypal to test them out, and then I added my credit card so I won't have to deposit money manually every now and then.
nice sharing, upvoted , visit my posts also
As an alternative to vnStat, you could also use ntopng. It generates beautiful graphs.
Obviously there are a ton of different monitoring tools that will do similar visualizations.
Thank you for commenting!
Yes, there are many different ones, and each one has its cons and pros :)
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by dimitrisp from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, and someguy123. The goal is to help Steemit grow by supporting Minnows and creating a social network. Please find us in the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you like what we're doing please upvote this comment so we can continue to build the community account that's supporting all members.
@dimitrisp got you a $3.54 @minnowbooster upgoat, nice! (Image: pixabay.com)
Want a boost? Click here to read more!
I have a few quick questions.
First, is there any way to change the default directory of the apache web directory, say, from /var/www/html to /var/www/projects or even simply /var/www?
Second, what does the 'M' represent in the values of post_max_size and upload_max_size ? Megabyte?
Likewise, what if I'll be uploading large (5-12GB) video files to my server? upload_max_size = 12000M?
And, if so, I of course must adjust memory_limit so that it is a greater value than post_max_size and upload_max_size, but what does memory_limit actually represent and or refer to?
Thanks <333
Sure! Do
sudo nano /etc/apache2/sites-available/000-default.confto edit the default "vhost", and changeDocumentRootfrom/var/www/htmlto whatever you want!Yes, it represents a value in Megabytes. If you change it to G, it will be Gigabytes, and so on.
Yes and no, but see the answer on the next question.
Yes you would do exactly that. But the memory_limit directive tells PHP how much RAM it can use. You shouldn't exceed the average FREE RAM your server has though. If you have 1GB of RAM installed and tell PHP the memory_limit is 12GB, when PHP tries to allocate more RAM than you have FREE (and not just installed in your system) you'll have problems.
I hope I explained everything in a very clear manner :)
Should you have any other questions, let me know!
i really appreciate that you're taking the time to answer my questions. thanks so much!! i do have two more questions, however.
since i will be uploading large files (5-12GB), but only have 4GB of ram on that old PC, how do i configure this properly? or will this scenario not work at all?
I don't think that it will work. You can upload your files using sFTP, or try to come up with a solution that will segment your files while uploading.
As for Debian, try Ubuntu 16.04, it's an LTS version that will get updates until 2021
hm... i definitely don't want to be segmenting these files. but it's possible to transfer them (large files in whole) to the server with sftp?
i ended up getting debian running by downloading an ISO specific to amd64 and LXDE. thank god.
aww man. i've found legacy drivers but none of them seem to be compatible with deb9.1
*actually, the reason it wasn't working, i believe, was because although i was installing grub on the same hard drive i wasn't installing it as a master boot drive? idk i was scared to click 'yes' to that option because i'm dual booting and i bricked an old laptop a while ago via grub? if i remember correctly, or it had something to do with messing with the partitions and booting stuff, when installing arch