This is a rough guide on how to install a new server. It has a lot of optional steps and is mainly a guide for myself, so that I don't forget anything.
So in some servers, you need to mount and prepare the volume yourself.
List all volumes
First list all volumes:
sudo lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL
Look for the external volume. Normally
/dev/vda is the boot volume and there should be at least one other volume, usually named
/dev/vdb. We need to format this other volume + mount it.
# and then
n # to create a new Volume
p # primary
1 # 1st partition
[Enter] # default first sector
[Enter] # default last sector
t # to set the typ
83 # type "Linux"
p # to show an overview of all partitions
w # to write and exit
If the volume is already mounted (it should not), you need to unmount it. Check via
all mounted volumes and possibly unmount via:
umount -l /dev/vdb1
Create the File System
First you need to look up the UUID of the volume:
You need the whole string in
Note: The following commands use an example UUID, you need to use the one given to you in blkid of course.
First you create the target directory and mount the volume to it:
mount /dev/disk/by-uuid/0123b567-1a34-1ab2-12a3-12345678d9d0 /var/data
Afterwards you want to configure, that the volume is automatically mounted after every boot. For that you need to add it to
# and then add the following line (with your UUID)
/dev/disk/by-uuid/0123b567-1a34-1ab2-12a3-12345678d9d0 /var/data auto defaults,nofail 0 3
# Generate German locale
sudo locale-gen de_DE.UTF-8
# Set locale
update-locale LANG=de_DE.UTF-8 LC_MESSAGES=POSIX
You should install ntpd, so that the system clock is automatically adjusted. In a common ubuntu system, that normally only happens when restarting the server – which is not enough and leads to a huge clock drift.
sudo apt-get install ntp
Deactivate TCP Timestamps
Deactivate it in the running system:
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
Edit the file
/etc/sysctl.conf, so that the changes also apply after restarting the server:
net.ipv4.tcp_timestamps = 0
You can test whether the settings were successfully applied (from your local machine):
sudo hping3 -p 80 -S --tcp-timestamp example.org
Install web stack
So now install the web stack, so Caddy / nginx, PHP, etc..
An overview of it has its own guide.
Set up a new project
On a shared server, you should always create a separate user per project. You can use a "project installation key" for everything related to the project on the server.
In this example, the key is
It makes sense to have a definite list of these keys and reuse them for everything: directory names, user names, database names + user, etc...
Note: a group with the same name is automatically created as well.
Set up your project directory like this:
# first: go to your webserver main directory
# set the owner of everything to the project user: my-project
chown -R my-project:my-project my-project
# set the group of the top level dir to: www-data
chgrp www-data my-project
# remove all permissions for "other" on the top level dir
chmod o-rwx my-project
Finish up installation
Some things that you might want to do now:
- Deploy actual applications to the server
- Configure Let's Encrypt
- Set up backups
- Install a logging client, like GrayLog, DataDog or Scalyr
- Configure log rotation
- Configure mail senders like Postmark or Mailjet
- Install application profilers, like Tideways or New Relic
Photo credit: Jake Givens