Setup a server
Install any kind of server for any purpose
From virtual machines to clouds, VPS or dedicated, whether LAMP or LEMP, here’s your need-to-know
Secure a server
Harden with solid layered server defence
Configure some cool tools to create safe networking, denying hackers and protecting your content & data
Maintain a server
Ease day-to-day server & app management
Add control panels and learn techniques to simplify use of the server, Linux & the command line interface
Setup: Whether you want to serve web applications or sites, need a dedicated mail server or crave a supercharged game or file server, vpsBible's setup guides are just what you need.
Secure: In setup we added a firewall + SSH connection but standard defence is insufficient. We'll harden the network & apps, automating failsafe backup & log monitoring procedures.
Maintain: We have a state-of-the-art, super-secure server. Now, use the best tools and techniques to keep it that way, also saving time when managing the box, apps & data.
- Need-to-know
- start here for server setupan introduction to vpsBible’s setup guides
- compare hosting typeswhat’s right for you? considering shared hosting, VPS, dedicated and clouds
- # managed & unmanaged
- hosts & securitydifferent hosting solutions carry varying risks. here’s a comparison
- # virtual architechtures
- # hardware requirement
- # which operating systems
- # 32bit or 64bit
- # installing Linux packages
- # web server options
- # how to host a db
- # alternative VPS uses
- # development servers
- Initial server setup
- setup VPS hostinghere’s an example of setting up a VPS provider account
- launch a systemchoose and launch an operating system on an unmanaged VPS, cloud or dedicated server
- prepare the DNStell your server about your primary domain
- Local > server connection
You won’t need to follow all these guides. Read the descriptions for guidance.
‘Create a user’ may seem out of place here. Trust me, it’s the best time to do so, so trust me.
- login with SSH (universal)recommended for all: create a local to remote connection, then secure it with authentication keys
- server login (Win)for Windows locally: an alternative guide to creating a local to remote server connection
- server login (Lnx/Mac)for Linux or Mac locally: an alternative guide to creating a local to remote server connection
- # create a user #recommended for all: create your primary server user (that’s you!) with a server location for your files
- safer SSH login (Win)if you followed server login (Win): secure the connection with authentication keys
- safer SSH login (Lnx/Mac)if you followed server login (Lnx/Mac): secure the connection with authentication keys
- harden SSHrecommended for all: important additional security for your server connection
- ## harden SSH (+firewall) vpsB
- Housekeeping
- update system packageslearn how to keep your system & packages up-to-date and set the system locale
- # set system locale
- user-friendly terminalmake the terminal easier to use with user-friendly shortcuts to otherwise complex commands
- Basic network defense
You’d be right to think there’s a whole lot more to network defense.
Essentially, we need a firewall. Later, in the security guides, we’ll trot out a series of further defensive measures.
- iptables firewallsetup an industry-standard firewall using my preferred method, iptables
- iptables GUI (CSF Firewall)prefer a GUI? CSF’s firewall sits atop iptables (you can always add it later)
- Your web files
We already setup a user and file space in the ‘Local > server connection’ section.
Now, we’ll secure a location for those wanting websites, as well as sorting a file transfer manager and, again for folks who need it, an advanced secure shared space.
- your website filessite owners need a specially secured place for web files, site logs and so on
- use SFTP not FTPyou’re likely used to using FTP. read this and you may never use it again, instead favoring SFTP
- FileZilla for SFTPsetup FileZilla for secure local to remote file management and transfer
- chroot SFTP jail (advanced)site owners often provide third party access to, say, developers. here’s how, safely
- Sorting the mail
- Postfix to send mailwant to send or receive email via a website, ie from a contact form? then you’ll be wanting this
- Google Apps for domainsGoogle Apps is the easiest & cheapest way to facilitate email accounts from yourdomain.com
- # full mail server with Axigen
- Hosting data (MySQL)
- install MySQLif you plan to serve data from databases you’ll need something like MySQL
- secure MySQLessential tips for securing your data and database users
- add/delete db from CLIhere’s how to add or delete a database using the terminal
- import db with CLIimport the contents of an old database into a new one, typically if you’re migrating a site
- backup with mysqldumpcopy your database with these ‘mysqldump’ commands
- batch replace/delete datasuper-handy commands for replacing multiple instances of a string
- reset lost passwordlost your MySQL password? oops! you’ll be wanting this guide then
- # install MariaDB
- Allowing for PHP
- install PHP (FastCGI) for Apacheif you want to serve PHP web files using the Apache web server then you’ll be wanting this
- install PHP (PHP-FPM) for Nginxor if you need to serve PHP web files using the Nginx web server then, hey, you’ll be needing this
- securing PHPwhatever your web server, PHP is vulnerable and requires some essential defense
- Web server (Apache or Nginx)
- install from official reposmost people setup Apache using the wrong source. let’s not make that mistake
- # compile source files
- site configuration (vhost)with Apache installed we need to tell it about our sites using ‘virtual host’ configuration files
- deny traffic with mod_accessmod_access is particularly useful to allow or deny access to admin panels by IP
- passwords with mod_authApache’s mod_auth modules are better for passwording client areas. I recommend auth_digest
- install from official reposmost will install Nginx from an out-of-date source. silly! let’s get the latest-greatest
- # compile source files
- advanced Nginx compilationalternatively, for the few people requiring a custom Nginx installation we can roll our own
- site configuration (vhost)tell Nginx about your website using a ‘virtual host’ configuration file
- update Nginx (compiled)for those who followed ‘advanced Nginx compilation’ this is how to update the software
- add sites cheatsheetadd extra sites nice and easily with this quick solution
- add sub-domainsmaybe you want sub-domains such as sub.domain.com? here’s how
- redirect rewrite rulesredirect www.example.com to example.com – or vice versa – using this syntax
- error & access logsbe sure to keep track of site errors and traffic using the logs
- park a domainif you have spare domain names, don’t waste them. let’s point them to a primary domain
- password protect web filesideal for client areas & online admin panels, here’s the password protection module
- no Nginx control panelNginx doesn’t have a compatible control panel, such as cPanel. It doesn’t need it
- control panel workaroundshere’s how we administer Nginx and our website configurations without a panel
- phpMyAdmin with Nginxmaking lighter work of database admin, let’s setup the phpMyAdmin GUI for Nginx
- Control panels
- # control panelswith the server set up, here’s a link to guides installing control panels for a variety of purposes
- Move a site
- Moving Day! How to Move a Site or Blogneed to migrate a site to the new server? here’s how with zero downtime
- Backup options
- backup optionstough-as-a-nut backup solutions for a range of web file and data scenarios
- Secure a web server
- an overview of server securityintroducing vpsBible’s security tutorials
- hosting options & securityconsidering the security implications with our server provider options
- WordPress.COM & .ORGbreaking down the difference between Automattic’s and self-hosting for WordPress
- domain namesyour domain name is a prime business asset so we’d best secure it
- using the terminalan introduction to the terminal from a security perspective
- files, users & permissionsunderstanding permissions and ownerships is a cornerstone of server admin
- secure Linux usersusers (generally us!) are dangerous so have a heads-up on do’s and don’ts
- find dodgy filessome simple ways to trace potentially malicious files on the server
- check package integritywhenever you install a package – on any system – you should check its legitimacy, like this
- Lockdown server login
- lockdown server loginkey notes on securing web & server credentials
- web protocolswhen to use what protocols (HTTP/S or S/FTP for example) & why
- SFTP *not FTP*FTP is dangerous so let’s enable SFTP
- FileZilla for SFTPconfigure the popular file manager for our preferred secure connection
- SSH for server loginsetting up SSH for the most secure server connection
- harden SSHimportant steps to further secure the SSH server connection
- chroot SFTP jailrestrict server access to a folder tree, ideal for a team working on a web project
- site-server admin with SSLhow to setup secure web pages for admin, e-commerce and more
- mod_access (Apache)for Apache setups (LAMP), ‘deny’ potential hackers with this module
- mod_auth (Apache)for Apache (LAMP), password protect specific web pages, client areas and so on
- password protection (Nginx)for Nginx setups (LEMP), password protect web pages, client areas and so on
- Secure the networking
- secure the networkingit’s crucial to understand server ports, its services & our firewall options
- iptables firewallsetting up an effective firewall on the server
- CSF Firewall (iptables GUI)this is iptables (above) as well but with an admin panel ** which for most of us is overkill **
- DoS & DDoS attacksprepare for a common assault, the denial of service attack
- disabling daemons & portscheck and remove unnecessary network apps, closing their ports, to reduce vulnerability
- TCP wrappersanother (dead simple) method to secure server ports
- hardening TCP-IPa generic copy-paste ruleset to enhance networking security (aka the network stack)
- App-specific hardening
- control panel (Webmin)my fave panel, Webmin’s free and very modular to ease administering the server
- securing PHPsome top tips for securing PHP which, no fault of its own, is vulnerable
- phpMyAdmin logindefault-installed, phpMyAdmin is a brute force password attack waiting to happen
- risk isolation with SuPHPSuPHP separates one user’s web files from another’s, crucial for servers you share
- secure MySQL databasesgood idea, take a peek (your clients, at least, may be grateful!)
- reset a MySQL passwordlost your MySQL password? Bugger. There’s nothing you can do about it. Haha, only kidding …
- Defense in depth
- rootkit protectionsimple counter-measures to combat the risk from a potentially devastating rootkit attack
- sniff traffic with Snortlet’s use the network intrusion detection system (NIDS) called Snort to surveil our server traffic
- kernel hardening (grsecurity)hardcore security for * enterprise-level * servers, adding things like memory protection, user rulesets & chrooting
- WAF (ModSecurity)front your content management system with a web application firewall (WAF)
- Backup options
- backup optionsread this for some key notes and to help you choose a suitable backup system
- files > Windowsbackup web files only to a local Windoze box
- db > PC / Macbackup a database to a local Windows, Linux or Mac machine
- Backup: How to Replicate a Database
- files & db > Mac / Linuxbackup both files & database to a local Mac or Linux box
- PuTTY PSFTP > Winsnot recommended for backup but a handy system for copying files to Windows
- SCP > Linux / Macnot a backup system but Secure Copy is top-notch for casual copying of files to local Linux and Macs
- Control panels
- # Control panels
- Webmin for GUI adminmy fave panel, Webmin’s free and very modular to ease administering the server
- cron to automate tasksnot a panel but a really handy ‘set it forget it’ utility that’s a must-know for system admins
- FileZilla for SFTPsetup FileZilla for secure local to remote file management and transfer
- no Nginx panelNginx doesn’t have a compatible control panel, such as cPanel. It doesn’t need it
- workarounds for Nginxhere’s how we administer Nginx and our website configurations without a panel
- phpMyAdmin for Nginxmaking lighter work of database admin, let’s setup the phpMyAdmin GUI for Nginx
- ConfigServer FirewallCSF Firewall sits on an iptables configuration giving a GUI plus extra functions
- # Piwik (stats)
- # Snorby (logs)
- # Integrate A CMS Like WordPress, WP MU, Drupal etc
- # bind
- phpMyAdmin (Apache)
- Secure backup & copying
- backup solutionsif you want to backup files/db, rather than to copy, click here to assess your options
- SCP > Linux / MacSecure Copy is top-notch for copying files to local Linux and Macs
- PuTTY PSFTP > Winscopy files from the server to a local Windows system
- Logging 101
- logging 101let’s demystify complex-looking log files so you can track suspect activity
- manage logs with OSSECOSSEC manages our many log files so we need not be daunted nor miss key alerts
- rotate logslog rotation keeps files small which, otherwise, become enormous and choke the machine
- log locations (Nginx)just a heads up as to where the logs live for Nginx-powered sites
- Database server (MySQL)
- add/delete db with CLIuse these commands at the command line to create or erase a database
- backup db with mysqldumpmysqldump is the app we tend to use to backup a database into a *.sql file
- import db with CLIimport the data from an old database into a newly created blank database
- batch replace/delete datarather than combing through a db here’s how to replace or delete multiple data occurrences
- reset lost passwordlost your MySQL password? Bugger. There’s nothing you can do about it. Haha, only kidding …
- Web server (Nginx)
- update Nginx (compiled)updating Nginx installed from repositories is simple but for for ‘compiled’, you want this
- add site cheatsheetadd new sites to Nginx nice and easily with these copy-paste commands
- adding sub-domainsin case you want to add sub-domains to Nginx here’s the deal …
- park a sitegot a spare domain? point it to your active domains using this guide
- password protectionsetup password protection for a site or part thereof
- redirections (rewrite)here’s teh syntax to redirect from one web address to another
- compile Nginxfor special requirements, such as needing a certain module, compile Nginx like this …
- Move a site
- move a sitehere’s how to migrate a website properly and ** with zero downtime **
Follow the 'bible & Contact Olly
Sign up to the newsletter for tutorial updates ...
© 2010-2015 Round Ideas SL | vpsBible, setting up VPS and web servers for Linux noobs!