htop-web2

All in one webserver from the ground up. A Virtualized Debian How-to

< This is the only image you get, as this is going to be a very text centered post.htop-web2

I figured after virtualizing my entire network a few weeks ago and while learning alot, I also rebuilt several machines, and documented the rebuild. So from those notes, I’m going to finally get around to how to securely host and build a website, from the ground up.

We’ll start with a bare bones debian 6 install (this guide will work for ubuntu server 12.04 as well) on a virtual host.

I’m also using this guide as a walk-through for myself, so I’ve included the instructions on getting vmware-tools installed, if you’re doing this on bare metal, skip that part. :)

Most of this should be done as the root user. In ubuntu, to gain root use the command:

Also to get the basics out of the way I will be using nano as my text editor, to save in nano use the keys

or to save and exit use the command

I will assume you know how to save a file from this point forward.

To get started let’s get our environment setup, it makes life easier in the end.

Uncomment the lines in the root .bashrc file

Save and exit * I won’t be telling you this again, if the files done being edited, save and close it! :)*

Force your current session to use the new .bashrc file.

You should now have colors when displaying the contents of your directories and have a shortcut to restart apache once we have it installed.

But before we install the web server let’s finish getting prepped. (ubuntu users, don’t add the netselect-apt in the next command, it’s not available in your repos.)

If your curious on how any of these programs work in more detail, you can always turn to the “man” command. I do often, so I like my man pages in color. If you do as well, use this, and select the option that references “most” (usually 3 in my experience)

Now let’s create another normal user (if you already have all the normal users you want, skip this part)
*replace <yourname> with Your name.*

and then answer the questions it asks as best you want.

Now let’s also give this user the ability to manage this server using sudo.

Find the line for the root user and copy it on a new line, replacing root with your username.

Or better yet, just add them to either the “admin” or “sudo” groups (On some distro’s you might know this as the “wheel” group)

If you just added yourself to the sudo group, you’ll need to log off and back on for this to take effect.

Now Debian users with netselect installed, use this list of commands:

then

Now we can start installing the vmware-tools. First click the option on your vmware console to install tools or guest additions.

2013-09-02 12_21_03-192.168.0.173 - vSphere Client

This will insert a virtual cd-rom in your virtual machine. I know right!?! How deep DOES the rabbit hole go?! Anyways.

Welcome back :) Login as your normal user from here on out and gain root using “sudo su“. It’s just good practice.

Comment out the default settings for the eth0 interface as we want a static IP address for a server and add something like this (changing the values as needed for your network of course!)

Then restart your network.

You will probably get disconnected if you’re using ssh to connect. This is to be expected and you should now be able to ssh to the IP address you just set.

Now let’s set the hostname of the server.

And append the same name to the hostname file and restart the service.
(Note the &gt; should be a > but my syntax highlighter breaks these… keep an eye out!)

Being ssh is probably going to be left open, let’s start to automate banning of brute force attempts for our ssh login (moving ssh to a non standard port is also a good idea!)

Setup the times and purge options as you see fit and then restart denyhosts.

And let’s FINALLY get to installing that webserver like I promised!

That’s it! your webserver’s installed! Now let’s configure it!

Now let’s build the config for the website you’ll be hosting.

There are alot of options you can define in here, but to get you started make sure you have the DocumentRoot, ErrorLog and CustomLog defined in this config file.
(again the &lt; and &gt; should be < and > respectivly, stay sharp!!!)

Using our example above, let’s create those directories.

And bring this site online, and remove the default site

Your website should now be online! w00t!

Let’s get the rest going so we can get something more dynamic then html websites.

Enter in a SQL root password when prompted. (SHOULDNT BE THE SAME AS YOUR ROOT PASSWORD!!!!!!!!!!!!!)

And let’s harden our SQL environment as this is not a developer server.

You don’t need to change your SQL root password if you set a good one above. if it’s the same as your normal root user’s password, change it ffs! Answer yes to the rest of the questions.

Now this next line will install php. Lot’s of php. This command should be entered in as one single line!

These settings will get you off to a good start, but more tuning can be done. Search for the following and make the needed changes in this file. (search in nano using “Ctrl+w” and typing in the keyword.

(You do remember you can type in ^ arestart ^ instead of that line throughout this gude if you used my .bashrc edits, right? ;) )

And of course a web-gui to your SQL server is super handy, so let’s add that as well.

Select apache2 when asked, and choose yes to create the default database. Enter in the SQL root password, and then leave the next password prompt blank to have a random one generated, as you won’t need it.

Almost done!

Let’s set the permissions on the folders we created.

And your set!

Let’s go one step further and setup a firewall to finish it up, just in case you’re not behind a seperate firewall (Check out untangle if you’re looking for a good one!)

This will install the “Uncomplicated Firewall” that works with iptables, and makes life alot easier!
For more help with ufw settings check out this guys site, it’s got a pretty good rundown and examples.

You should now get a result that says the following:

Of course this is the basic setup, you can further limit ssh to local connections only etc.

And your website is ready for stage 2, Content! You now have a memcached apache http server with php5 and mysql ready for the world wide web! Good luck!

(The stage 2 post will come soon!)

 

** EDIT **

After a few month’s with this setup I’ve started getting several mail objects that say:

This is a RAID status update from mpt-statusd.
The mpt-status program reports that one of the RAIDs changed state:

Report from /etc/init.d/mpt-statusd on virtual-proxy

Being it’s a virtual machine there’s no raid state to worry about (at least not from the guest side…) so unless you have a reason for it, just stop the mpt-status daemon. Do the following:

to stop it from it’s currently running state, and then

which will remove it from several startup scripts that run on boot.

That’s it, no more mail from that problem :) Hope your install is running as smoothly as mine has been!

2 thoughts on “All in one webserver from the ground up. A Virtualized Debian How-to”

  1. running Google Chrome 26.0.1410.64 Google Chrome 26.0.1410.64 on Windows 7 x64 Edition Windows 7 x64 Edition
    Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31

    So I was helping a friend install a webserver on an amazon ubuntu micro instance and rememberd the ease of tasksel and wanted to reference that here as well.
    sudo tasksel install lamp-server
    That’s all there is to it!
    That command will install apache, php, mysql and configure it to work together serving websites out of “/var/www”
    (I would highly recommend installing phpmyadmin as well!)
    Of course I would still recommend editing your php.ini and setting up ufw afterwards as well.
    Good luck and enjoy!

  2. running Pale Moon 20.0.1 Pale Moon 20.0.1 on Windows 7 x64 Edition Windows 7 x64 Edition
    Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:20.0) Gecko/20130409 Firefox/20.0 PaleMoon/20.0.1-x64

    Also I should mention if you want things like sun’s java jre or jdk etc, you’ll want to add the non-free repos to your sources.list as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">