Ubuntu_Web_Server_Creation

UBUNTU WEB SERVER CREATION

UPDATE THE SERVER

apt-get update && apt-get upgrade

HOSTNAME CHANGE

hostnamectl set-hostname example-hostname

/etc/hosts
203.0.113.10 example-hostname.example.com example-hostname
2600:3c01::a123:b456:c789:d012 example-hostname.example.com example-hostname

TIMEZONE

dpkg-reconfigure tzdata
date

ADD USER – AS SUDO

adduser user
passwd user
adduser user sudo

FIREWALL

sudo ufw status [UBUNTU FIREWALL]
sudo ufw enable
sudo ufw logging on
sudo ufw allow 22 [OR]
sudo ufw allow ssh
sudo ufw allow 80/tcp [OR]
sudo ufw allow http
sudo ufw allow from 198.51.100.0
sudo ufw allow from 198.51.100.0/24
sudo ufw allow from 198.51.100.0 to any port 22 proto tcp
sudo ufw delete allow 80
/etc/ufw/before.rules [RULES RUN BEFORE THE OTHERS]
/etc/ufw/before6.rules [RULES RUN BEFORE THE OTHERS]
/etc/ufw/after.rules [RULES RUN AFTER THE OTHERS]
/etc/ufw/after6.rules [RULES RUN AFTER THE OTHERS]

SSH CHANGES

/etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
AddressFamily inet [LISTEN ON IPV4 ONLY]

Port 22 [CHANGE PORT]

sudo systemctl restart sshd

REMOVE EXTRA RUNNING SERVICES

sudo ss -atpu [SEE SERVICES RUNNING]
sudo apt purge package_name [REMOVE A SERVICE]

FAIL2BAN – OPTIONAL

apt-get install fail2ban
apt-get install sendmail
ufw allow ssh
ufw enable
https://www.linode.com/docs/guides/using-fail2ban-to-secure-your-server-a-tutorial/

LAMP STACK – LINUX, APACHE, MYSQL, PHP

sudo apt install tasksel
sudo tasksel install lamp-server
[OPTIONAL – manual installation – NOT NEEDED]
sudo apt install apache2
sudo apt install mysql-server
sudo apt install php7.2 libapache2-mod-php7.2 php-mysql
sudo apt install php-curl php-json php-cgi

APACHE CONFIGS – APACHE2.CONF

/etc/apache2/apache2.conf
KeepAlive On
MaxKeepAliveRequests 50
KeepAliveTimeout 5

/etc/apache2/mods-available/mpm_prefork.conf


StartServers 4
MinSpareServers 3
MaxSpareServers 40
MaxRequestWorkers 200
MaxConnectionsPerChild 10000

FIREWALL – OPTIONAL ADD APACHE AFTER LAMP INSTALLATION

sudo ufw app info "Apache Full"
sudo ufw allow in "Apache Full"
sudo a2dismod mpm_event [already disabled]
sudo a2enmod mpm_prefork [already enabled]
sudo systemctl restart apache2

CREATE APACHE FOLDERS FOR VIRTUALS

CREATE .CONF FILE

/etc/apache2/sites-available/url.conf



        ServerName example.com
        ServerAlias www.fitzshell.com
        ServerAdmin noone@localhost
        DocumentRoot /var/www/html/fitzshell.com/public_html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined




    AllowOverride All

ENABLE WRITING TO THE .HTACCESS FILE

sudo a2enmod rewrite

NOTE: Example Output
fitsadmin@fitsweb:/etc/apache2/sites-available$ sudo a2enmod rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
systemctl restart apache2

                                                                                                 1,28          Top

TEST YOUR MODIFICATIONS

sudo apache2ctl configtest

NOTE: Example Output
fitsadmin@fitsweb:/etc/apache2/sites-available$ sudo apache2ctl configtest
Syntax OK

MYSQL – CREATE DATABSAE

CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER ‘wordpressuser’@’%’ IDENTIFIED WITH mysql_native_password BY ‘password’;
GRANT ALL ON wordpress.* TO ‘wordpressuser’@’%’;
FLUSH PRIVILEGES;

CREATE TWO NEW FILES/DIRS

NOTE: doing this in the wordpress download directory
cd /wordpress
touch .htaccess
mkdir upgrade

MOVE ALL FILES OVER TO PUBLIC_HTML

sudo cp -a /tmp/wordpress/. /var/www/wordpress

NOTE: cp -r will not move over hidden files

CHANGE PERMISSIONS TO PUBLIC_HTML

sudo chown -R www-data:www-data /var/www/wordpress
sudo find /var/www/wordpress/ -type d -exec chmod 750 {} \;
sudo find /var/www/wordpress/ -type f -exec chmod 640 {} \;

SET UP WORDPRESS CONFIGURATION (NEW FOR UBUNTU)

NOTE: use this to generate random keys for your wordpress installation
curl -s https://api.wordpress.org/secret-key/1.1/salt/

Output

define('AUTH_KEY','               'GENERATED VALUE     ');
define('SECURE_AUTH_KEY',   'GENERATED VALUE');
define('LOGGED_IN_KEY',       'GENERATED VALUE');
define('NONCE_KEY',              'GENERATED VALUE');
define('AUTH_SALT',              'GENERATED VALUE');
define('SECURE_AUTH_SALT', 'GENERATED VALUE');
define('LOGGED_IN_SALT',     'GENERATED VALUE');
define('NONCE_SALT',            'GENERATED VALUE');

NOTE: this is for additional security
NOTE: paste into the wp-config.php file

NOTE: insert this into the end of the wp-config.php file

define(‘FS_METHOD’, ‘direct’);

Scroll to top