Install a New Server

This article wasn't updated in the last 4 years. Please double check if the content is still up-to-date.

If you find any error, please send me a quick heads-up.

This is a rough guide on how to install a new server. It has a lot of optional steps and is mainly a guide for myself, so that I don’t forget anything.

Prepare volume

So in some servers, you need to mount and prepare the volume yourself.

List all volumes

First list all volumes:

sudo lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL

Look for the external volume. Normally /dev/vda is the boot volume and there should be at least one other volume, usually named /dev/vdb. We need to format this other volume + mount it.

Format volume

fdisk /dev/vdb

# and then
n       # to create a new Volume
p       # primary
1       # 1st partition
[Enter] # default first sector
[Enter] # default last sector
t       # to set the typ
83      # type "Linux"
p       # to show an overview of all partitions
w       # to write and exit

Unmount volume

If the volume is already mounted (it should not), you need to unmount it. Check via

mount

all mounted volumes and possibly unmount via:

umount -l /dev/vdb1

Create the File System

As ext4:

mkfs.ext4 /dev/vdb1

Mount volume

First you need to look up the UUID of the volume:

blkid

You need the whole string in UUID="...".

Note: The following commands use an example UUID, you need to use the one given to you in blkid of course.

First you create the target directory and mount the volume to it:

mkdir /var/data
mount /dev/disk/by-uuid/0123b567-1a34-1ab2-12a3-12345678d9d0 /var/data

Afterwards you want to configure, that the volume is automatically mounted after every boot. For that you need to add it to /etc/fstab:

nano /etc/fstab

# and then add the following line (with your UUID)
/dev/disk/by-uuid/0123b567-1a34-1ab2-12a3-12345678d9d0 /var/data auto defaults,nofail 0 3

Configure Hostname

Edit /etc/hostname:

hostname example.org

Configure Locale

# Generate German locale
sudo locale-gen de_DE.UTF-8
# Set locale
update-locale LANG=de_DE.UTF-8 LC_MESSAGES=POSIX

Install ntpd

You should install ntpd, so that the system clock is automatically adjusted. In a common ubuntu system, that normally only happens when restarting the server – which is not enough and leads to a huge clock drift.

sudo apt install ntp

Deactivate TCP Timestamps

Deactivate it in the running system:

echo 0 > /proc/sys/net/ipv4/tcp_timestamps

Edit the file /etc/sysctl.conf, so that the changes also apply after restarting the server:

net.ipv4.tcp_timestamps = 0

You can test whether the settings were successfully applied (from your local machine):

sudo hping3 -p 80 -S --tcp-timestamp example.org

Install web stack

So now install the web stack, so Caddy / nginx, PHP, etc…
An overview of it has its own guide.

Set up a new project

On a shared server, you should always create a separate user per project. You can use a “project installation key” for everything related to the project on the server.

In this example, the key is my-project.

It makes sense to have a definite list of these keys and reuse them for everything: directory names, user names, database names + user, etc…

adduser --no-create-home --disabled-login --disabled-password --shell /bin/false my-project

Note: a group with the same name is automatically created as well.

Set up your project directory like this:

# first: go to your webserver main directory
cd /var/www

# set the owner of everything to the project user: my-project
chown -R my-project:my-project my-project

# set the group of the top level dir to: www-data
chgrp www-data my-project

# remove all permissions for "other" on the top level dir
chmod o-rwx my-project

Finish up installation

Some things that you might want to do now:

  • Deploy actual applications to the server
  • Configure Let’s Encrypt
  • Set up backups
  • Install a logging client, like GrayLog, DataDog or Scalyr
  • Configure log rotation
  • Configure mail senders like Postmark or Mailjet
  • Install application profilers, like Tideways or New Relic