How-to Install a Linux Web Server (Ubuntu)
Installing a web server for a production environment, with Ubuntu as operating system, is not too difficult because most of the required packages don’t need a lot of configurations. In this tutorial we create a (power) user, we install Apache, PHP and MySQL, phpMyAdmin and several other services needed to run a powerful and secure web server.
Preparations
First you need a web server (VPS or a dedicated server). Try to get a cloud server, they are very powerful, redundant and flexible. Choose a Linux image like Ubuntu 10.04 LTS and validate that the SSH server is up and running. Don’t use an image where any web service is pre-installed.
Creating the “Admin” user
-
- Login via SSH using root user account
- Create a new user with
useradd -d /home/newuser -m newuser
(-d points to the directory and -m will create the directory). Usepasswd newuser
to create a password for the user.
- Make the new user owner of the newly created user directory:
chown newuser:newuser /home/newuser
- Add the new user to the sudo group using
adduser newuser sudo
- Optional: change the “shell” for this user with:
chsh -s /bin/bash newuser
- Restrict root access; use the command
sudo passwd -l root
to disable the root password. Open a second terminal window login with the new user name and close the first terminal window ONLY if your new account works (test an admin command using sudo first).
Installing Sendmail
We don’t install a mailserver like postfix, but we need a simple mail demon which is able to send simple mail messages.
- Install the sendmail program using
sudo apt-get install sendmail
- Test the program using
echo "hello world" | /usr/sbin/sendmail -v your@email.com
Install the CSF Firewall
To finish the installation of csf the LWP perl module (libwww-perl) has to be installed. The csf setup script will stop the installation process if this package is not yet installed. If this is the case install the module using sudo apt-get install libwww-perl
and restart the csf setup script.
- Change to your home directory and download csf using
wget http://www.configserver.com/free/csf.tgz
- Untar the downloaded file:
tar -xzf csf.tgz
- Change into the csf directory
cd csf
and start the install script (as root)sudo sh install.sh
- Now let’s test that the required iptables modules are working for 100% in our system, type this command
sudo perl /etc/csf/csftest.pl
. You get a small report and if everything looks fine, continue to the next step. - Open the csf config file
sudo nano /etc/csf/csf.conf
, check the default port numbers and eventually other settings. Each setting is well documented, if you’re ready than change also this row TESTING = “1” to enable the firewall (use ctrl+x to save the file). - Now we need to restart the csf service using
sudo csf -r
, open a second terminal and login using SSH. You need this extra step to be sure that your firewall doesn’t have blocked ssh access for yourself 😉
Installing Apache, PHP and MySQL
- First we install Apache:
sudo apt-get install apache2
- We want to use the MPM prefork module instead of the MPM worker module for the best performance:
sudo apt-get install apache2-mpm-prefork
- Next we can install PHP using
sudo apt-get install php5-cgi php5-cli
(these two libs are enough for the moment, we will add more of them later) - We install suPHP for more security, suPHP makes it possible that PHP scripts are executed by the user who has created the script. Enter into the terminal:
sudo apt-get install libapache2-mod-suphp
- Now install the MySQL service:
sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql
. Provide a strong password for the MySQL root user.
Create your first virtual hosting account
We created already a user in the begin of this tutorial, now we like to install phpMyAdmin as our first web application.
- Move to your user’s home directory and create a new directory
mkdir phpmyadmin
- Now we create a host file for Apache:
sudo nano /etc/apache2/sites-available/myphpmyadmin.conf
- Inside this new file we will add the following code:
12345678<VirtualHost *:80>ServerName myhostname.comServerAdmin webmaster@localhostDocumentRoot /home/newuser/phpmyadmin/ErrorLog /var/log/apache2/phpmyadmin-error.logLogLevel warnCustomLog /var/log/apache2/phpmyadmin-access.log combined</VirtualHost>
- Save the file with ctrl+x
- Enable the site configuration with
sudo a2ensite myphpmyadmin.conf
and reload Apache withsudo /etc/init.d/apache2 reload
.
Now we’re able to install phpMyAdmin for the virtual host we have just created.
- Return to your user’s home directory and download phpMyAdmin using
wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.4.3.1/phpMyAdmin-3.4.3.1-english.tar.gz
- Untar the gz archive with
tar xvfz phpMyAdmin-3.4.3.1-english.tar.gz
and move the extracted directory to your host directory with
mv /home/newuser/phpMyAdmin-3.4.3.1-english /home/newuser/phpmyadmin
- Open your web browser, enter the server name in the address bar and you should see the phpMyAdmin login page. (you can login with the MySQL root password)
Additional tasks
We mentioned before that you should install additional PHP libs.
-
- Install these common PHP libraries:
sudo apt-get install php5-curl php5-gd php5-mcrypt
You need to fix the #; comment bug inside the mcrypt.ini file or you get depreciated warnings. Restart Apache after your installed these PHP functions - Create a kind of super user for your database using phpMyAdmin, it’s much safer to use a different user than the “root” user for normal database operations.
- Your phpMyAdmin host is accessible for everyone, you should protect your database tool against bots using
1234567<Directory /home/newuser/phpmyadmin>Options Indexes FollowSymLinks MultiViewsAllowOverride NoneOrder allow,deny# add here your IP addressesallow from 100.100.100.100</Directory>
You need to enter these rules into your host configuration file.
- Install these common PHP libraries:
That’s all so far, add additional hosts and install your websites. A DNS service is not part of this tutorial, use instead the DNS zone from your domain name provider and create A records for your server’s IP address.
If you have any problems using this tutorial for your own server or for any other question please post your comment below.
Leave a Reply