LinkBack URL
About LinkBacks
More about this tutorial
This tutorial is for Ubuntu 10.10 Server, but it's similar to other Linux distribution.
In this tutorial I'll show you how to install and configure Ubuntu 10.10 Server and your own home web server based on nginx. For those who don't know, ngnix provide the best performance at the moment. For more info: here, here, and here.
In few words: in the end of this tutorial you will have fully worked server with nginx, php, mysql, phpmyadmin, SSH, FTP (with SSL encrypten connection).
Let's start - Install Ubuntu 10.10 Server Edition
1. Download Ubuntu 10.10 Server Edition - click here to view download page.
For this tutorial I'll use 32bit version, but if you like you may use 64bit, it's up to you.
2. Burn to disk, and boot
3. Choose your language, and select Install Ubuntu Server
4. Again choose your language
5. Detect keyboard layout? - No
After that choose your kayboard layout manualy
6. Configure your network
Choose h.o.s.t.n.a.m.e
7. Select your time zone
8. Partitions disks
I use Guide - use entire disk, but you can manage your disks based on your preferences
9. Set root user name and password
10. HTTP Proxy information - leave it blank
This in case you don't use any proxy to access the web
11. Software selection - here select ONLY OpenSSH Server
To select (not to continue) press space bar (not enter)
12. After the installation complete eject/unmout disk and restart
First boot - update OS
1. Log on with your root name and password
2. Get Power user access
Type:
Enter your password.sudo su
3. Edit souces.list
Type:
4. Uncomment the following linescd ..
cd ..
cd /etc/apt
nano sources.list
Save & Close!deb cdrom:[Ubuntu-Server 10.10 _Maverick Meerkat_ - Release i386 (20101007)] / $
deb Index of /ubuntu maverick-backports main restricted un$
deb-src Index of /ubuntu maverick-backports main restricte$
deb Index of /ubuntu maverick portner
deb-src Index of /ubuntu maverick portner
To Save the file hold "CTL" and press "O".
To Close, hold "CTL" and press "X".
5. Update
Type:
Wait do finish. After that type:sudo apt-get update
Now everything is up to date.sudo apt-get upgrade
Start building your our server
Install and configure nginx, php5 and MySQL
1. Installing MySQL
Type:
When you asked, type password for root user for MySQLaptitude install mysql-server mysql-client
2. Installing Nginx
Type:
3. Start Nginxaptitude install nginx
Type:
Now you can test it. Type your IP address in browser (http://192.168.1.1 for example)/etc/init.d/nginx start
If evertyhing is OK, you'll get 403 forbidden error. Don't worry it's normal, because the default nginx root document is located in /var/www/nginx-default instead of /var/www.
4. Installing PHP5
Type:
5. Configuring nginxaptitude install php5-fpm
Edit nginx conf file:
We will increase the number of worker proccess and set keepalive_timeout to a reasonable value:nano /etc/nginx/nginx.conf
Save & Close!...
worker_processes 5;
...
keepalive_timeout 2;
...
5.1 Modify the virtual hosts
Type:
Change values, like this:nano /etc/nginx/sites-available/default
Little info in short, of what I've done:...
server {
listen 80; ## listen for ipv4
listen [::]:80 default ipv6only=on; ## listen for ipv6
server_name _;
access_log /var/log/nginx/localhost.access.log;
location / {
root /var/www;
index index.php index.html index.htm;
}
location /doc {
root /usr/share;
autoindex on;
allow 127.0.0.1;
deny all;
}
location /images {
root /usr/share;
autoindex on;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
#proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
...
server_name _; - Make this a default vhost name.
In localtion - add index.php to index line. Define new directory of our root folder - /var/www.
Uncomment:
Change fastcgi_param line to fastcgi_param SCRIPT_FILENAME /var/www$fastcgi_script_name;. Replace /var/www with your vhost's document root.location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www$fastcgi_script_name;
include fastcgi_params;
}
!IMPORTANT!: For nginx, there is a bug for default. For that we need to make sure that there are spaces between include and fastcgi_params;.
Save & Close!
5.2 Restart nginx
Type:
5.3 Create a new php file to test our server so far/etc/init.d/nginx restart
Type:
Fill the empty file with:nano /var/www/info.php
Save & Close!<?php
phpinfo();
?>
5.4 Test it!
Open this file in your browser:
Replace 192.168.1.1 - with your IP.
6. Add MySQL Support In PHP5
To do this we need to install one more package (php5-mysql). It's a good idea to install additional php5 modules (you may need it in feature). I'll install these for me:
To find all php5 modules type this:aptitude install php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-ps
php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-json
6.1 Restart PHP-FPMaptitude search php5
Type:
Now we have fully worked nginx with php5 and MySQL./etc/init.d/php5-fpm restart
Install and configure phpmyadmin
For default phpmyadmin is configured for Apache and Lighttpd, for that we need to edit it to make it work with nginx
1. Install phpmyadmin
Type:
2. Configure to work with nginxsudo apt-get install phpmyadmin
Setup vhost:
Fill the empty file with this:nano /etc/nginx/sites-available/phpmyadmin
Save & Close!server {
listen 80;
server_name phpmyadmin;
access_log /var/log/phpmyadmin.access_log;
error_log /var/log/phpmyadmin.error_log;
location / {
root /usr/share/phpmyadmin;
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin$fastcgi_script_name;
include fastcgi_params;
}
}
2.1 Add phpmyadmin to 'sites-enabled'
Type:
2.2 Add new value to hostsln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled/phpmyadmin
Open hosts:
Add this line:nano /etc/hosts
Save & Close!127.0.0.1 localhost phpmyadmin
2.3 Restart nginx and php-fpm
Type:
2.4 To make phpmyadmin available from (http://localhost/phpmyadmin)service nginx restart
service php5-fpm restart
Type:
ln -s /usr/share/phpmyadmin /var/wwwSSH Configure
We have already installed SSH, so now we just need to configure it
1. Backup and chmod
Make backup of config file:
2. Change default port (22) for security reasoncp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
chmod a-w /etc/ssh/sshd_config.original
Open and edin config file:
Now change Port 22 to 512 (for example)nano /etc/ssh/sshd_config
3. User restriction
Make only specific user/s to log on.
Add this to the end of the config file:
Change USERNAME with your username.AllowUsers USERNAME
4. Prevent user 'root' to log on
It's good idea to 'block' root user to log on via SSH.
In same file (conf) add this line:
Save & Close!PermitRootLogin no
5. Restart and test
To restart type:
5.1 SSH Windows Client/etc/init.d/ssh restart
For Windows OS you can use Putty to log into your Ubuntu Server.
Install & configure ProFTPD (with SSL encryption)
The last step of building our web server is to install and configure FTP server. Also we are make it more secure by adding SSL encryption.
1. Install ProFTPD
Type:
2. Add one new line to /etc/shellsapt-get install proftpd
To open /etc/shells type:
At the bottom add this:nano /etc/shells
Save & Close!/bin/false
3. Create new user for your FTP server
Type:
This user will only be used to access your FTP server.useradd userftp -p your_password -d /var/www -s /bin/false
!IMPORTANT!: Never use shell user especially 'root' to lon on into FTP!
3.1 Verify password
Type:
Enter the password you typed when create the new user.passwd userftp
OK. Now we have user userftp, with how directory /var/ww. This is the default directory for most HTTP UNIX/LINUX server.
4. Permissions
For /var/www set 775:
5. ProFTPD confing filecd /var
chmod 755 www
Open ProFTPD conf file:
5.1 Make some changesnano /etc/proftpd.conf
Make sure your conf file look like this:
Save & Close!# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on
# Choose here the user alias you want !!!!
UserAlias sauron userftp
ServerName "YourServerName"
ServerType standalone
DeferWelcome on
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
DisplayChdir .message
ListOptions "-l"
RequireValidShell off
TimeoutLogin 20
RootLogin off
# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log
#DenyFilter \*.*/
# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off
# Allow to restart a download
AllowStoreRestart on
# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
PersistentPasswd off
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8
# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "Secure FTP!"
# Lock all the users in home directory, ***** really important *****
DefaultRoot ~
MaxLoginAttempts 3
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>
<Directory /var/www>
Umask 022 022
AllowOverwrite on
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
'Under' userftpd we create new user called mikeftp. When you need to log on your ftp you need to use this name (mikeftp).
6. Restart ProFTPD
To apply changes we need to restart ProFTPD:
7. Make your FTP more secure by adding SSL encryption/etc/init.d/proftpd restart
Open conf file:
Make some changes:nano /etc/proftpd/proftpd.conf
Save & Close!...
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
...
7.1 Create SSL Certificate for TLS
To use TLS we need to create SSL certificate.
Create new directory for your certificate:
7.2 Generate the SSL certificatemkdir /etc/proftpd/ssl
To generate the SSL sertification you need to use this command:
After you execute the command you'll be ask for little information:openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem
7.3 Enable TLS in ProFTPDCountry Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Some-State]: <-- Enter your State or Province Name.
Locality Name (eg, city) []: <-- Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, YOUR name) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.
Open conf file:
Uncomment Include /etc/proftpd/tls.conf:nano /etc/proftpd/proftpd.conf
Save & Close!#
# This is used for FTPS connections
#
Include /etc/proftpd/tls.conf
...
7.4 Edit tls.conf file
Open tls.conf file:
And make some changes:nano /etc/proftpd/tls.conf
Save & Close!<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient off
TLSRequired on
</IfModule>
!IMPORTANT!: TLSRequired must be 'on' to make sure only SSL connection are allowed.
7.5 Restart ProFTPD
Type:
That's it! Now we have high performance web server with SSH and FTP SSL./etc/init.d/proftpd restart
I'm glad to share my knowledge and experience with you guys.
If this tutorial was helpful to you, make free to use iGiver.
Reply With Quote
