There are some default good practice when installing/configure a server and I think is good to follow them and improve where is possible.
I tend to use [ apt ] instead of [ apt-get ] as they are almost the same: apt is designed for end-users (human) and its output may be changed between versions > Means the output is more reach and pleasant.
All the commands should be run with sudo so it is better to elevate your user from beginning to root privileges
1 2 3 4 |
# take the power into your hands :) sudo su |
- Updates: Start with getting the server updated:
1234567# update the repositoryapt update# update the applications/servicesapt upgrade
- Add normal user (will not have sudo permissions)
12345# This will add a user with a directory in the /home folder# it is good to have a full user as later you can setup an SSH keyadduser developer - SSH: harden a bit the SSH service:
1234567891011121314151617181920212223242526272829303132### Change SSH PORT #### Open the filevim /etc/ssh/sshd_config# Edit the following line(save and close the file),# we are using the port 3451Port 3451### Disable ROOT logins #### SSH server settings are stored in the# /etc/ssh/sshd_config# file. To disable root logins, make sure you have the following entry:PermitRootLogin no### Limit User Logins ###AllowUsers developer### Do not use Password authentication ###PasswordAuthentication no### Generate Public/Private Keys for Authentication ###ssh-keygen -t rsa# if you have more keys to add, load all of them into this file~/.ssh/authorized_keys# Restart the SSH service and test it by opening a new terminal window (don't# close the current one as you can lock you outside of your server)systemctl restart ssh
- UFW: First of all, make sure you have the minimum security in place ( later will follow fail2ban and possible CSF & LFD)
1234567891011# install the UFWapt-get install ufw# whitelist your IP to connect to SSH before enable UFWufw allow from 8.8.8.8 to any port 3451# enable UFW, (again, don't disconnect from the current# connection, just get a new one and test if you can connect)ufw enable
Next will go all the needed services
- Nginx: I strongly believe you have to have the last stable version that fits your needs and as the ubuntu repository takes years to update itself I tend to add official repositories to speed up the things a little (if you consider to have PageSpeed then Nginx will have to be build from source).
1234567# check the possible version that can be installed# apt search nginx - gives too much information# the apt-cache says the version 1.9 is available, while this is good# I would still prefer the last one which is 1.10.3apt-cache policy nginx
You can add Nginx official repository by following their instructions page or these instructions:
123456789101112131415161718192021222324# download the KEYwget http://nginx.org/keys/nginx_signing.key# and add it to APT program keyringsudo apt-key add nginx_signing.key# create a file and add the repo lines.# Usually they can go into:# /etc/apt/source.list# but I think it would be better to keep them separate# into a file and add them into [source.list.d] foldervim /etc/apt/source.list.d/nginx.list# add the following lines and save itdeb http://nginx.org/packages/ubuntu/ xenial nginxdeb-src http://nginx.org/packages/ubuntu/ xenial nginx# and update the repo so the new location will be taken in accountapt-get update# check again the available version of Nginx and it is: 1.10.3apt-cache policy nginxNow, the last step is just to install Nginx
123456789101112# i'm using [apt] but it can also be used [apt-get]apt install nginx# check what version it is installed:# returns: nginx version: nginx/1.10.3nginx -v# Allow Nginx ports into <strong>UFW firewall </strong>to be accessed externally:sudo ufw allow from any to any port 80sudo ufw allow from any to any port 443 - PHP: the entire environment is for Magento 2 which at the moment is not working properly with PHP 7.1 because of mcrypt deprecation. But we still can update the APT to the last PHP official repo (Ondrej Surey):
1234567891011121314151617181920212223242526272829303132333435# we can update it in 2 ways:# 1. through add-apt-repository# for this we have to run first:sudo apt-get install software-properties-common python-software-properties# 2. similar to Nginx by adding the lines into source list## The firs one:sudo add-apt-repository ppa:ondrej/phpsudo apt-get update# the second method is to get the KEY# from the section: Technical details about this PPA# and save it on you server# install the key into the systemsudo apt-key add php_sign.key# create a file into the following locationvim /etc/apt/sources.list.d/php.list# add the source lines into it and savedeb http://ppa.launchpad.net/ondrej/php/ubuntu xenial maindeb-src http://ppa.launchpad.net/ondrej/php/ubuntu xenial main# update the APTsudo apt-get update#check available PHP versionapt-cache policy php# I'm getting both of them the 7.0 and 7.1 and# if I check for older version like 5.6 is also there and can be installed
And here goes the command that will install the PHP7.0 (pay attention, this is not the default version):
123456# All the additional libraries are for PHP 7.0sudo apt-get install php7.0-fpm php7.0-cli php7.0-mysql php7.0-curl php7.0-gd \php7.0-imagick php7.0-intl php7.0-mbstring php-soap php7.0-xmlrpc php7.0-xsl \mcrypt php7.0-mcrypt php7.0-dev zip php7.0-zip - MySQL 5.7: the installation is quite simple just make sure to save the root password 🙂
123sudo apt install mysql-server mysql-client
- Redis: is very good as a cache DB or even session manager, is fast and reliable but the problem is that in Ubuntu is all the time old
12345678910# redis "official" reposudo add-apt-repository ppa:chris-lea/redis-server#refresh the repossudo apt-get update#install Redis Serverapt install redis-server
- Postfix: as Magento will need to send emails we need an SMTP server and the most comfortable and reliable is Postfix
12345678910# Before installing, check the hostname and the domain you want to addhostname# change hostnamehostname new-domain.com# Ubuntu has the latest version so you can install directlyapt-get install postfix
- Elasticsearch:
1234#get the Elasticsearch PGP keywget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -Installing from the APT repository
You may need to install the
apt-transport-https
package on Debian(Ubuntu) before proceeding:123<span class="pln">sudo apt</span><span class="pun">-</span><span class="pln">get install apt</span><span class="pun">-</span><span class="pln">transport</span><span class="pun">-</span><span class="pln">https</span>Save the repository definition to
/etc/apt/sources.list.d/elastic-5.x.list
:123<span class="pln">echo </span><span class="str">"deb https://artifacts.elastic.co/packages/5.x/apt stable main"</span> <span class="pun">|</span><span class="pln"> sudo tee </span><span class="pun">-</span><span class="pln">a </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">apt</span><span class="pun">/</span><span class="pln">sources</span><span class="pun">.</span><span class="pln">list</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">elastic</span><span class="pun">-</span><span class="lit">5.x</span><span class="pun">.</span><span class="pln">list</span>Next step, just install elasticsearch1234567# update packages listsudo apt-get update# install Elstaisearchsudo apt-get install elasticsearchRunning Elasticsearch with systemd (Ubuntu 16.04)
1234567891011121314# This will configure Elasticsearch to start automatically# when the system will boot upsudo /bin/systemctl daemon-reloadsudo /bin/systemctl enable elasticsearch.service# Elasticsearch can be started and stoped as followssudo systemctl start elasticsearch.servicesudo systemctl start elasticsearch.service## OR the old way/etc/init.d/elasticsearch start/etc/init.d/elasticsearch stopWhen
systemd
logging is enabled, the logging information are available using thejournalctl
commands:To tail the journal:
123<span class="pln">sudo journalctl </span><span class="pun">-</span><span class="pln">f</span>To list journal entries for the elasticsearch service:
123<span class="pln">sudo journalctl </span><span class="pun">--</span><span class="pln">unit elasticsearch</span>To list journal entries for the elasticsearch service starting from a given time:
123<span class="pln">sudo journalctl </span><span class="pun">--</span><span class="pln">unit elasticsearch </span><span class="pun">--</span><span class="pln">since </span><span class="str">"2016-10-30 18:17:16"</span> - NPM: Install the Node.js package manager (npm)
1234567sudo apt-get updatesudo apt-get install nodejssudo apt-get install npm
This would be the first part, in the second we will look into tools more common to magento 2.