I have set up several Slicehost slices as Ubuntu LAMP servers, but since I’m not a server admin, I always have to reference the tutorials to remember the steps. So, I’ve compiled the list of steps here, as concisely as possible. This process sets up everything you need for hosting multiple sites on a single server, and it works equally well for most servers running Ubuntu including Slices and Linodes.
- Disclaimer
- Please use these only if you already know the whys and wherefores. If you don’t generally understand one or more of these steps, consult the Slicehost Articles or the Linode Articles before asking questions here. Most of the information here comes from the Slicehost Articles for Ubuntu. I have also added a few extra steps from sources cited in the footnotes.
- Helping Me Out
- If you need to sign up for a Slicehost or Linode account, and you plan on using this article as a guide to configure your server, please use these referral links:
Sign up for a Slicehost account(I no longer use Slicehost.)- Sign up for a Linode account
- Corrections to this article are also appreciated. Please note, however, that corrections != personal preference. If you have a different way of doing something, you’ll need to present a convincing case as to why it is better.
- Assumptions
- This guide/cheatsheet assumes you have already created a virtual server with Ubuntu installed.
- You should also set up your DNS. If you’re using Slicehost, my Slicehost DNS script will help.
- Conventions
- For this article, I’m using:
xxx.xxx.xxx.xxx
to indicate the IP address of your serverbob
as the server’s name (hostname)example.com
as the domain namedemo
as the admin usernano
as my editor because I have no vi skills.
Configure Server for Terminal.app (Mac users only)
Terminal.app behaves as dtterm, but Ubuntu doesn’t have the dtterm entry in its terminfo database. This fixes that.1
Save Terminal Info to a File
On your Mac (local machine)…
- infocmp > /tmp/dtterm
- scp /tmp/dtterm root@xxx.xxx.xxx.xxx:/tmp
Import Terminal Info
- Log into your server as root
- tic /tmp/dtterm
Some Basic Package Setup
Aptitude Upgrade
Still logged in as root…
- Make sure you have access to the universe repositories nano /etc/apt/sources.list and uncomment the universe repositories
- Update
aptitude update - Upgrade
aptitude safe-upgrade aptitude full-upgrade
Install Build Essentials
- Install
aptitude install build-essential
Install CURL
- Install
aptitude install curl - Install ca-certificates for ssl connections aptitude install ca-certificates
SSH and Users
Create New User and Allow sudo
Still logged in as root…
- Change root password, if desired passwd
- Add user
adduser demo - Set up sudo config
visudo and adddemo ALL=(ALL) ALL
to the end - Log out or switch to your local machine
Set up SSH Keys
- On your local machine, copy local public ssh key to server (assuming you have already created your public key on your local machine) scp ~/.ssh/id_rsa.pub demo@xxx.xxx.xxx.xxx:/home/demo/
- Switch back to your server or log back in as root
- Create authorized_keys file
cd /home/demo mkdir .ssh mv id_rsa.pub .ssh/authorized_keys - Set permissions chown -R demo:demo .ssh chmod 700 .ssh chmod 600 .ssh/authorized_keys
Configure sshd
- Open sshd_config nano -w /etc/ssh/sshd_config
- Set these:
Port 30000 (change to a port of your choosing) Protocol 2 PermitRootLogin no PasswordAuthentication no X11Forwarding no UsePAM no UseDNS no AllowUsers demo
Setup iptables
- Dump existing rules cd /etc iptables-save > iptables.up.rules
- Copy rules file from Slicehost example curl -o iptables.test.rules http://articles.slicehost.com/assets/2007/9/4/iptables.txt
- Edit it and set port number for sshd nano -w iptables.test.rules
- Load it iptables-restore < iptables.test.rules
- Check the new rules iptables -L
- Save the new rules iptables-save > iptables.up.rules
- Make sure the new rules are read every time
nano -w network/interfaces and make it look like this:
... auto lo iface lo inet loopback pre-up iptables-restore < /etc/iptables.up.rules # The primary network interface ...
Restart and Test sshd
- Reload sshd
/etc/init.d/ssh reload - Try to log in from another terminal
- If successful, logout
User Config
Logged in as demo...
Configure Nano
- Set some configuration cp /etc/nanorc ~/.nanorc nano -w ~/.nanorc
- Uncomment these lines:
# set brackets ""')>]}"
# set nowrap
(should be set by default in recent versions)# set tabsize 8
- Change tabsize to 2 or 4 or something:
set tabsize 4
Add Bash Aliases
- Create aliases file nano -w .bash_aliases and add:
alias lo='logout' alias mksite='sudo /usr/local/a2mksite/a2mksite.sh' alias free='free -m' alias ag='sudo apache2ctl graceful' if [ "$TERM" != "dumb" ] && [ -x /usr/bin/dircolors ]; then eval "`dircolors -b`" alias ls='ls -la --color=auto' fi # Git alias gst='git status' # alias gl='git pull' alias ga='git add' alias gp='git push' alias gd='git diff | mate' alias gc='git commit -v' alias gca='git commit -v -a' alias gb='git branch' alias gba='git branch -a' alias gco='git checkout' alias glog='git log --pretty=format:"# %aD : %an%n%n* %s%n%n%b%n"' alias glt='glog --since=yesterday' alias gly='glog --since="2 days ago" --until="1 day ago"'
- If necessary, activate aliases in .bashrc nano -w .bashrc and uncomment the part that loads .bash_aliases
- Get the aliases working source ~/.bashrc
Basic Server Config
Set Hostname2
- Name your server by setting a short hostname in /etc/hostname
sudo nano /etc/hostname
and type
bob.example.com
- Set the fully-qualified domain name in hosts
sudo nano /etc/hosts and addxxx.xxx.xxx.xxx bob.example.com bob
below the127.0.0.1 localhost
entry - Reboot sudo reboot
- Check hostname
hostname - Check FQDN
hostname -f
Set Locale
- Generate locale info
sudo locale-gen en_US.UTF-8 - Update locale
sudo /usr/sbin/update-locale LANG=en_US.UTF-8
Set Timezone
- Start up timezone configurator and follow instructions
sudo dpkg-reconfigure tzdata
Git
Install Git
- Install
sudo aptitude install git-core
Subversion
Install svn
- Install
sudo aptitude install subversion
Web Server
Install a2mksite
a2mksite is a script that I wrote that allows you to create an Apache virtual host with one command (including the document root, config files, log rotation, etc). One thing you should know is that it creates a directory structure for multiple web sites (virtual hosts), placing each site's public and log directories in its own directory like so: /var/www/sites/example.com
Read the description here to learn more about what it does.
- Clone a2mksite from Github git clone git://github.com/postpostmodern/a2mksite.git
- Move it to /usr/local sudo mv a2mksite /usr/local
- CHOWN it to root sudo chown 0:0 /usr/local/a2mksite
- Make sure you have the script aliased as
mksite
in your.bash_aliases
file (see Bash Aliases snippet earlier in this post).
Install Logrotate
- Install
sudo aptitude install logrotate
Install Apache
- Install sudo aptitude install apache2 apache2.2-common apache2-mpm-prefork apache2-utils libexpat1 ssl-cert
- Set up basic config using my httpd.conf as an example wget https://raw.github.com/gist/236374/httpd.conf sudo mv httpd.conf /etc/apache2/httpd.conf sudo nano /etc/apache2/httpd.conf
- Enable Modules
sudo a2enmod auth_digest dav dav_lock rewrite - Create errors dir
sudo mkdir /var/www/errors - Create maintenance dir
sudo mkdir /var/www/maintenance - CHOWN them
sudo chown -R demo:demo /var/www/errors /var/www/maintenance - Create global 404
nano -w /var/www/errors/404.html - Create maintenance page
nano -w /var/www/maintenance/index.html - Make default site
mksite default and overwrite the original default
MySQL
Install MySQL
- Install
sudo aptitude install mysql-server mysql-client libmysqlclient15-dev - Set root password (follow instructions during installation)
PHP
Install PHP
- Install PHP sudo aptitude install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl php5-xcache
- Edit xcache.ini
sudo nano /etc/php5/apache2/conf.d/xcache.ini
and set
xcache.var_size
to something other than zero - Edit php.ini sudo nano /etc/php5/apache2/php.ini and set error output, max upload size, etc.
- Restart Apache sudo /etc/init.d/apache2 restart
Mail (for sending via PHP)
Reverse DNS
- Set Reverse DNS in SliceManager or Linode Manager to your server's FQDN, i.e. what you see when you type hostname -f
- Check it
sudo aptitude install dnsutils dig -x xxx.xxx.xxx.xxx
Postfix
- Install Postfix
sudo aptitude install postfix mailx - Test Postfix
mail someone@somewhereelse.com and send a message. Don't forget: ctrl-d ends the message. - Optionally continue configuration as described here
A Backup Solution
The following is my own backup solution for my web sites. It backs up the MySQL databases and web site files. Then, it sends a copy to Amazon S3.
Install Ruby for S3Sync
- Install Ruby sudo aptitude install ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8
- Symlink locations sudo ln -s /usr/bin/ruby1.8 /usr/bin/ruby sudo ln -s /usr/bin/ri1.8 /usr/bin/ri sudo ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc sudo ln -s /usr/bin/irb1.8 /usr/bin/irb
- Install Ruby Gems (optional) wget http://production.cf.rubygems.org/rubygems/rubygems-1.3.7.tgz tar xzvf rubygems-1.3.7.tgz cd rubygems-1.3.7 sudo ruby setup.rb cd .. rm -R rubygems-1.3.7* sudo ln -s /usr/bin/gem1.8 /usr/bin/gem
- Update gems sudo gem update sudo gem update --system
Install S3Sync
- Download and move S3Sync wget http://s3.amazonaws.com/ServEdge_pub/s3sync/s3sync.tar.gz tar xvzf s3sync.tar.gz sudo mv s3sync /usr/local/ sudo chown 0:0 /usr/local/s3sync/ rm s3sync.tar.gz
- Make sure you installed the ca-certificates package earlier (see "Install CURL" above)
Install Web Server Backup Script
- Clone it from Github sudo git clone git://github.com/postpostmodern/web-server-backup.git /usr/local/web-server-backup
- Configure it according to the README sudo nano /usr/local/web-server-backup/backup.sh
- Test Run sudo /usr/local/web-server-backup/backup.sh
Schedule the Backup with Cron
- Create a cron job sudo nano /etc/cron.d/web_server_backup
- Make it look something like this:
SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin MAILTO=demo@example.com HOME=/root 30 4 * * * root /usr/local/web-server-backup/backup.sh > /dev/null
There is no step 54.
Okay. That was a lot of steps, but everything should be running properly now. Though this article is mostly for my own reference, your comments are welcome.
Nov 17th, 2009 at 6:00 pm Trey Piepmeier
Thanks for writing that up. I was about to offer you a steak dinner if you’d tell me how to install S3Sync. That saved me some cash!
Nov 17th, 2009 at 6:17 pm Jason Johnson
Aw crap. I should have waited a little longer.
Nov 26th, 2009 at 4:52 pm Matthew
I get this any ideas??? Thanks
mksite default -bash: mksite: command not found
Nice site by the way!!
Nov 26th, 2009 at 11:06 pm Jason Johnson
Hey Matthew. Make sure you have
mksite
aliased in your .bash_aliases like so:alias mksite='sudo /usr/local/a2mksite/a2mksite.sh'
It is in the sample .bash_aliases code under ‘User Config’ above.
Glad you like the site!
Nov 26th, 2009 at 11:11 pm Jason Johnson
I updated the a2mksite section of this article with a reminder to check the alias.
Nov 27th, 2009 at 3:46 am Matthew
Thanks for the response. I will give it a go later.
Yes found your article very informative and great looking design to the site. I hope you keep up the good work. I’ve added it to my bookmarks :-)
Mar 1st, 2010 at 4:43 am James
Thanks, will possibly use something like this. There’s a typo in the apache section, the link to your http conf goes to the wrong one.
May 2nd, 2010 at 5:51 pm Jason Johnson
Thanks for letting me know, James. I’ve updated the link.
Sep 30th, 2010 at 11:22 am Joel
ThankyouThankyouThankyouThankyouThankyou. I had slugged my way though most of this (gets better with time) but this helped so much. Bookmarked definitely!
Feb 18th, 2011 at 11:28 am Steve
When Restart and Test sshd I had to use ssh -p 1121 username@hostname to login from a new terminal. 1121 was the new port I assigned earlier in the setup.
Great so far. Thanks.
Apr 18th, 2011 at 11:58 am Joel
Not sure on others but I had to install mailutils as well when I installed postfix and mailx. Kept getting mail command not found.