This document describes a basic LAMP (GNU/Linux, Apache2, MySQL, PHP) + GIT server installation, based on a Ubuntu 14.04 GNU/Linux distro. MySQL Databases are backuped locally, the whole server is backup via daily snapshots, as configured by the Client himself while he bought the server.
THIS DOCUMENT IS FOR A LAN DEV ENVIRONMENT ONLY. PRODUCTION/DMZ ENVS CONF ALWAYS UP TO PROFESSIONAL SYSADMINS.
THIS DOCUMENT IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SERVER OR THE USE OR OTHER DEALINGS IN THE SERVER.
- This server configuration do not include any monitoring.
- One you started to fill logins / passwords, this document become f*cking confidential
- version: 1.0.0
- licence : http://creativecommons.org/licenses/by-sa/3.0/fr/
- author: Ronan GUILLOUX ([email protected]), Les Polypodes
- This free/open document is available online here
ssh [email protected]/ThePassWordssh [email protected]/ThePassWord- MySQL
rootpassword:ThePassWord - PhpMyAdmin 'obfuscated' access is: http://IP.ADDRESS/VeryVerySecretPhpMyAdmin
- PhpMyAdmin
rootpassword:ThePassWord - Client MySQL connection (database/login/password) :
TheClient_prod/TheClient_prod/ThePassWord
This is not a valid reliable production-ready recommandation, consider it only as an example:
- OVH VPS Cloud 4 or GANDI custom VPS Server or WhateverCloudProvider VPS
- vCores: 2
- RAM: 2 Go
- HD: 10 Go
- OS : GNU/Linux
- Distribution : Ubuntu
- Version : 14.04
- Locale : fr_FR.UTF-8
- bandwidth: 100 Mb
- Reverse DNS :
myServer.myProvider.com/IP.ADDRESS
root can connect remotely :
[Les Polypodes] ALWAYS use a different Linux (sudoer) user:
locale-gen fr_FR.UTF-8adduser lespolypodes
adduser lespolypodes sudoPassword for lespolypodes : ThePassword
(we use newlines in snippets here because of the f*cking PDF generation of this original markdown document, via LightPaper)
ntpdate cdns.ovh.net > /dev/nullapt-get update
apt-get upgrade
apt-get dist-upgradeapt-get install vim zsh curl ngrep tree htop sysstat di
apt-get install discus pydf hardinfo lynx ack-grep pandoc
apt-get install most exuberant-ctags
apt-get install linux-headers-generic build-essential
apt-get install manpages-fr manpages-fr-extra
apt-get install manpages-dev silversearcher-agapt-get install apache2 apache2-mpm-prefork
apt-get install libapache2-mod-php5 apache2-utils php5
apt-get install mysql-server imagemagick
apt-get install php5-dev phpmyadmin"(...) configuring PhpMyAdmin with dbconfig-common?": yes then apache2
apt-get install php-apc php5-mysql php5-sqlite php5-cli
apt-get install php5-curl php5-gd php5-imagick
apt-get install php5-imap php5-xsl php5-common
apt-get install php5-mcrypt php5-memcache
apt-get install php5-ps php5-intl php5-mcryptThen for some unclear reasons, PhpMyAdmin asked later to install /activate mcrypt. Extension is already installed, but just have to run this command:
sudo php5enmod mcryptSetup with Ubuntu:
curl -sL https://deb.nodesource.com/setup | sudo bash -Then install with Ubuntu:
sudo apt-get install -y nodejsSetup with Debian (as root):
apt-get install curl
curl -sL https://deb.nodesource.com/setup | bash -Then install with Debian (as root):
apt-get install -y nodejsOther CLI-related tools
apt-get install tidy markdown git git-core git-doc
apt-get install git-svn git-email tigCurrent lespolypodes Linux user becomes an Apacher
adduser lespolypodes www-dataAdding TheClient as ServerName to Apache2 in /etc/apache2/apache2.conf
vim /etc/apache2/apache2.confEnabling Apache2 mods
a2enmod rewrite
a2enmod headers
a2enmod deflate
a2enmod expires
a2enmod setenvif
service apache2 restartConfiguring php.ini (php-cli & apache2):
vim /etc/php5/apache2/php.ini /etc/php5/cli/php.ini -p[Date]
date.timezone = Europe/Paris
.phar PHP archives need special options:
[Phar]
; http://php.net/phar.readonly
phar.readonly = Off
; http://php.net/phar.require-hash
phar.require_hash = Off
detect_unicode = Off
suhosin.executor.include.whitelist = phar
curl -L http://install.ohmyz.sh | sh
chsh - Login shell to indicates :
/bin/zsh
Composer (dependency manager for PHP) :
cd /usr/local/bin
sudo su
curl -s http://getcomposer.org/installer | php
mv composer.phar composer
chmod a+x composerConfiguration:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vim /etc/fail2ban/jail.local- Add a /etc/fail2ban/filter.d/apache-w00tw00t.conf
[DEFAULT] > ignoreip: add Les Polypodes IP address
Configuring PhpMyAdmin: Modify ServerAlias phpmyadmin into $$$VeryVerySecretPhpMyAdminURL==! in /etc/apache2/conf-enabled/phpmyadmin.conf
vim /etc/apache2/conf-enabled/phpmyadmin.conf
service apache2 reloadCreating a dedicated Client SQL User + production database: TheClient_prod / TheClient_prod / ThePassword)
Backups archives are generated in /var/backups/mysql every night at 01:00 via root crontab. Backup script uses the /root/.my.cnf configuration file to connect into mysql.
Create a /root/.my.cnf file:
[client]
user=root
pass=ThePassWord
Give it appropriate permissions
chmod 700 /root/.my.cnf
chown root:root /root/.my.cnfFetch a copy of the backup script onto the server:
sudo mkdir /var/backups/mysql
sudo chown lespolypodes:root /var/backups/mysql -R
cd /usr/local/bin
sudo curl https://gist.githubusercontent.com/ronanguilloux/1595563/raw/mysqlBackup.sh > automysqlbackup.sh
vim automysqlbackup.shConfigure backup engine, automysqlbackup.sh with these options:
MYNCF=trueMAILADDR="[email protected]"LATEST=yes
(as root):
su
mv automysqlbackup.sh automysqlbackup
chmod a+x automysqlbackup
crontab -eCrontab configuration:
# m h dom mon dow command
0 1 * * * automysqlbackup
Backup manual test (as root):
cd
automysqlbackup
tree /var/backups/mysqlBash function to generate passwords
# usage:
# $~: genpassword 12
genpasswd() {
local l=$1
[ "$l" == "" ] && l=16
tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
}