Log in to server and use root password (accept new fingerprint)
ssh root@<server-ip>
ssh [email protected]
Use -i flag to allow selection of an ssh private key if you have multiple
Update server packages and upgrade system
sudo apt-get update
sudo apt-get upgrade
Set / Check Hostname
Set machine hostname
hostnamectl set-hostname <host-name>
Alternatively set hostname manually
echo "<host-name>" > /etc/hostname
hostname -F /etc/hostname
Show hostname, FQDN and DNS domain name
Add server IP entry and hostname for FQDN (fully qualified domain name) to /etc/hosts
Set the following DNS records to point to the server IP via DNS admin for the fully qualified domain name
Point "A" record to server IPv4 address
Point "AAAA" record to server IPv6 address (if IPv6 enabled)
Set the timezone
Check the server time
User and SSH Setup
Create Limited User
Create new limited user account and set a password (skip account details with enter)
Add user to sudo group
Exit and log in as new user
Create an RSA SSH key pair if you do not have one (on local machine)
Make an .ssh directory on the server if one doesn't exist
Copy public key from local machine authorized_keys file
Set permissions on authorized_keys file on the server
Edit the sshd config file
Modify (or add) the following sshd_config settings
Use AddressFamily inet to limit to IPv4 or AddressFamily inet6 for IPv6
Reload ssh daemon config
Set initial default configuration
Configure http/s and ssh (use custom ssh port or ssh/tcp for default port 22)
Set firewall logging on (logs output to /etc/logs/)
Check status of firewall rules (add verbose for details about logging)
View UFW log files
Remove Unused Services
View list of network running services (note package name)
Remove unused service package if not required
Install Apache web server
Configure Apache base settings
Set the following configuration settings in security.conf
Disable auto file listings and HTML based directory navigation
Disable the default test page (and replace the default html file at /var/www/html with a blank index.html)
Disable MPM Event and set MPM to Prefork for PHP (mod_php)
Start and stop the apache server
Reload apache configuration and show status
Install MySQL Server (add a root user password when prompted)
Run MySQL secure installation and follow prompts
Create a utf8.cnf file to configure MySQL for UTF8
Add the following rules to utf8.cnf
Restart MySQL Server
Log in to MySQL Server
Check character set settings are correct
Alternatively check from settings output
MySQL commands
Install base PHP and additional PHP features
Create php log directory
Configure php.ini for logging
Add or update the error log file rule location
Restart/reload Apache for changes to apply
Install Postfix to allow PHP to send email
Set up using the following values
Postfix settings file (confirm host name is set correctly)
Configure mail to send/receive only from the local host (main.cf)
Restart postfix after making configuration changes
Postfix commands (status | start | stop | reload | restart)
Send a test email using sendmail via command line (finish command with .)
Send a test email one line command (add -v to generate debug information /var/mail/<user>)
Install and configure git
Manage sites with git
Create bare repo on server
Add remote bare repo as an origin for local repo and push
Clone repo to www directory on server
Set folder and file permissions
Allow Apache write permission for folders used by upload scripts (eg. CMS uploads)
Web server site directories
Create and edit virtual host configuration file
Enable/Disable site configuration
Reload Apache to apply changes
Using DNS Manager add a new A/AAAA record for the domain
Add a virtual hosts entry for your subdomain in the Apache site conf
Reload Apache configuration (DNS propagation for new entries will depend on TTL)
Import/Export Database
Export database data from existing DB
Import database data into new DB
Log in to MySQL Server
List the databases
Create general user
Grant general privileges
Get list of users
Show permission for user
General database commands
List (-l), edit (-e) and remove (-r) crontab entries
Edit crontab for a different user
Server Reboot Management
Display which services are currently running, and which are listed to start on boot
Domain management and DNS configuration
Set name servers
Set domain name server entries for host via domain registrar admin
Add email SPF rules
Add A record for SPF rule to allow scripts to send email from server via google
Google sending only
Google and domain allowed to send
Set reverse DNS via host DNS manager to use server configured fully qualified domain name (FQDN)
Additional debugging and logs
Local user mail messages
Empty system mail file for user using >
Check DNS status and update time remaining ("Answer" section shows time remaining in seconds)
Check DNS status for a specific domain name server
View PHP and Apache error log output
Browse other log files
Empty log files using >
View server status web summary
Test mod default gzip (fetch with and without gzip header to compare) on a uncompressed js or css file
