Server

Server

Login

Log in to server and use root password (accept new fingerprint)

ssh root@<server-ip>
ssh [email protected]

Use -i flag to allow selection of an ssh private key if you have multiple

Upgrade Server

Update server packages and upgrade system

sudo apt-get update
sudo apt-get upgrade

Set / Check Hostname

Set machine hostname

hostnamectl set-hostname <host-name>

Alternatively set hostname manually

echo "<host-name>" > /etc/hostname
hostname -F /etc/hostname

Show hostname, FQDN and DNS domain name

Set Hosts

Add server IP entry and hostname for FQDN (fully qualified domain name) to /etc/hosts

Configure FQDN DNS

Set the following DNS records to point to the server IP via DNS admin for the fully qualified domain name

  • Point "A" record to server IPv4 address

  • Point "AAAA" record to server IPv6 address (if IPv6 enabled)

Set Timezone

Set the timezone

Check the server time

User and SSH Setup

Create Limited User

Create new limited user account and set a password (skip account details with enter)

Add user to sudo group

Exit and log in as new user

Set up SSH key

Create an RSA SSH key pair if you do not have one (on local machine)

Make an .ssh directory on the server if one doesn't exist

Copy public key from local machine authorized_keys file

Set permissions on authorized_keys file on the server

Configure SSH Daemon

Edit the sshd config file

Modify (or add) the following sshd_config settings

Use AddressFamily inet to limit to IPv4 or AddressFamily inet6 for IPv6

Reload ssh daemon config

Configure Firewall

Set initial default configuration

Configure http/s and ssh (use custom ssh port or ssh/tcp for default port 22)

Set firewall logging on (logs output to /etc/logs/)

Check status of firewall rules (add verbose for details about logging)

View UFW log files

Remove Unused Services

View list of network running services (note package name)

Remove unused service package if not required

Webserver

Apache

Install Apache web server

Configure Apache base settings

Set the following configuration settings in security.conf

Disable auto file listings and HTML based directory navigation

Disable the default test page (and replace the default html file at /var/www/html with a blank index.html)

Disable MPM Event and set MPM to Prefork for PHP (mod_php)

Start and stop the apache server

Reload apache configuration and show status

MySQL Server

Install MySQL Server (add a root user password when prompted)

Run MySQL secure installation and follow prompts

Create a utf8.cnf file to configure MySQL for UTF8

Add the following rules to utf8.cnf

Restart MySQL Server

Log in to MySQL Server

Check character set settings are correct

Alternatively check from settings output

MySQL commands

PHP

Install base PHP and additional PHP features

Create php log directory

Configure php.ini for logging

Add or update the error log file rule location

Restart/reload Apache for changes to apply

Mail

Install Postfix to allow PHP to send email

Set up using the following values

Postfix settings file (confirm host name is set correctly)

Configure mail to send/receive only from the local host (main.cf)

Restart postfix after making configuration changes

Postfix commands (status | start | stop | reload | restart)

Send a test email using sendmail via command line (finish command with .)

Send a test email one line command (add -v to generate debug information /var/mail/<user>)

Git

Install and configure git

Web site setup

Manage sites with git

Create bare repo on server

Add remote bare repo as an origin for local repo and push

Clone repo to www directory on server

Set folder and file permissions

Allow Apache write permission for folders used by upload scripts (eg. CMS uploads)

Configure and enable sites

Web server site directories

Create and edit virtual host configuration file

Enable/Disable site configuration

Reload Apache to apply changes

Add Subdomains

  • Using DNS Manager add a new A/AAAA record for the domain

  • Add a virtual hosts entry for your subdomain in the Apache site conf

  • Reload Apache configuration (DNS propagation for new entries will depend on TTL)

Database Setup

Import/Export Database

Export database data from existing DB

Import database data into new DB

Configure Database

Log in to MySQL Server

List the databases

Create general user

Grant general privileges

Get list of users

Show permission for user

General database commands

Crontab Setup

List (-l), edit (-e) and remove (-r) crontab entries

Edit crontab for a different user

Server Reboot Management

Display which services are currently running, and which are listed to start on boot

Domain management and DNS configuration

Set name servers

Set domain name server entries for host via domain registrar admin

Add email SPF rules

Add A record for SPF rule to allow scripts to send email from server via google

Google sending only

Google and domain allowed to send

Configure Reverse DNS

Set reverse DNS via host DNS manager to use server configured fully qualified domain name (FQDN)

Additional debugging and logs

Admin Mail

Local user mail messages

Empty system mail file for user using >

DNS Status

Check DNS status and update time remaining ("Answer" section shows time remaining in seconds)

Check DNS status for a specific domain name server

Logs

View PHP and Apache error log output

Browse other log files

Empty log files using >

Apache

View server status web summary

Test mod default gzip (fetch with and without gzip header to compare) on a uncompressed js or css file

PreviousRustNextSlack

Last updated