Installing a web server for a production environment, with Ubuntu as operating system, is not too difficult because most of the required packages don’t need a lot of configurations. In this tutorial we create a (power) user, we install Apache, PHP and MySQL, phpMyAdmin and several other services needed to run a powerful and secure web server.

Preparations
First you need a web server (VPS or a dedicated server). Try to get a cloud server, they are very powerful, redundant and flexible. Choose a Linux image like Ubuntu 10.04 LTS and validate that the SSH server is up and running. Don’t use an image where any web service is pre-installed.

Creating the “Admin” user

1. 1. Login via SSH using root user account
   2. Create a new user with useradd -d /home/newuser -m newuser (-d points to the directory and -m will create the directory). Use passwd newuser to create a password for the user.

1. Make the new user owner of the newly created user directory: chown newuser:newuser /home/newuser
2. Add the new user to the sudo group using adduser newuser sudo
3. Optional: change the “shell” for this user with: chsh -s /bin/bash newuser
4. Restrict root access; use the command sudo passwd -l root to disable the root password. Open a second terminal window login with the new user name and close the first terminal window ONLY if your new account works (test an admin command using sudo first).

 

Installing Sendmail

We don’t install a mailserver like postfix, but we need a simple mail demon which is able to send simple mail messages.

7. Install the sendmail program using sudo apt-get install sendmail
8. Test the program using
   echo "hello world" | /usr/sbin/sendmail -v your@email.com

Install the CSF Firewall

To finish the installation of csf the LWP perl module (libwww-perl) has to be installed. The csf setup script will stop the installation process if this package is not yet installed. If this is the case install the module using sudo apt-get install libwww-perl and restart the csf setup script.

9. Change to your home directory and download csf using
   wget http://www.configserver.com/free/csf.tgz
10. Untar the downloaded file: tar -xzf csf.tgz
11. Change into the csf directory cd csf and start the install script (as root) sudo sh install.sh
12. Now let’s test that the required iptables modules are working for 100% in our system, type this command sudo perl /etc/csf/csftest.pl. You get a small report and if everything looks fine, continue to the next step.
13. Open the csf config file sudo nano /etc/csf/csf.conf, check the default port numbers and eventually other settings. Each setting is well documented, if you’re ready than change also this row TESTING = “1” to enable the firewall (use ctrl+x to save the file).
14. Now we need to restart the csf service using sudo csf -r, open a second terminal and login using SSH. You need this extra step to be sure that your firewall doesn’t have blocked ssh access for yourself 😉

Installing Apache, PHP and MySQL

15. First we install Apache: sudo apt-get install apache2
16. We want to use the MPM prefork module instead of the MPM worker module for the best performance: sudo apt-get install apache2-mpm-prefork
17. Next we can install PHP using sudo apt-get install php5-cgi php5-cli (these two libs are enough for the moment, we will add more of them later)
18. We install suPHP for more security, suPHP makes it possible that PHP scripts are executed by the user who has created the script. Enter into the terminal:
    sudo apt-get install libapache2-mod-suphp
19. Now install the MySQL service:
    sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql. Provide a strong password for the MySQL root user.

Create your first virtual hosting account

We created already a user in the begin of this tutorial, now we like to install phpMyAdmin as our first web application.

20. Move to your user’s home directory and create a new directory mkdir phpmyadmin
21. Now we create a host file for Apache:
    sudo nano /etc/apache2/sites-available/myphpmyadmin.conf
22. Inside this new file we will add the following code:
    1 2 3 4 5 6 7 8

    <VirtualHost *:80> ServerName myhostname.com ServerAdmin webmaster@localhost DocumentRoot /home/newuser/phpmyadmin/ ErrorLog /var/log/apache2/phpmyadmin-error.log LogLevel warn CustomLog /var/log/apache2/phpmyadmin-access.log combined </VirtualHost>

23. Save the file with ctrl+x
24. Enable the site configuration with sudo a2ensite myphpmyadmin.conf and reload Apache with sudo /etc/init.d/apache2 reload.

Now we’re able to install phpMyAdmin for the virtual host we have just created.

26. Return to your user’s home directory and download phpMyAdmin using
    wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.4.3.1/phpMyAdmin-3.4.3.1-english.tar.gz
27. Untar the gz archive with tar xvfz phpMyAdmin-3.4.3.1-english.tar.gz  and move the extracted directory to your host directory with
    mv /home/newuser/phpMyAdmin-3.4.3.1-english /home/newuser/phpmyadmin
28. Open your web browser, enter the server name in the address bar and you should see the phpMyAdmin login page. (you can login with the MySQL root password)

Additional tasks

We mentioned before that you should install additional PHP libs.

• • Install these common PHP libraries:
    sudo apt-get install php5-curl php5-gd php5-mcrypt You need to fix the #; comment bug inside the mcrypt.ini file or you get depreciated warnings. Restart Apache after your installed these PHP functions
  • Create a kind of super user for your database using phpMyAdmin, it’s much safer to use a different user than the “root” user for normal database operations.
  • Your phpMyAdmin host is accessible for everyone, you should protect your database tool against bots using
    1 2 3 4 5 6 7

    <Directory /home/newuser/phpmyadmin>          Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny # add here your IP addresses allow from 100.100.100.100 </Directory>

    You need to enter these rules into your host configuration file.

That’s all so far, add additional hosts and install your websites. A DNS service is not part of this tutorial, use instead the DNS zone from your domain name provider and create A records for your server’s IP address.

If you have any problems using this tutorial for your own server or for any other question please post your comment below.