Set up a web stack
This is a continuation of the install a new server guide, and explains – after the set up of the OS and the actual server – what to do to install a web stack.
This guide uses explicit version numbers in some commands. You need to regularly go through the tools and update these numbers to always stay up-to-date.
Be sure that you are root
All of the following commands only work as root, so be sure that you are root
sudo suUpgrade System
apt update && apt -y upgradeConfigure Bash
Add the following lines to your ~/.bashrc:
alias ll='\''ls -alh --color=always'\''Add the following lines to your ~/.bash_profile:
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fiInstall default environment
These are tools you need for basic server maintenance and some build systems
apt -y install curl nano software-properties-common build-essential g++ zip htop iotop ntp bash-completion autoconfInstall fail2ban
You only need to do that if you are not already behind a cloud firewall.
apt -y install fail2banNow add the following to /etc/fail2ban/jail.local:
[DEFAULT]
bantime = 604800 # ban for 1 week
maxretry = 3
[sshd]
enabled = trueYou now need to restart fail2ban:
service fail2ban restartInstall MySQL
apt -y install mysql-server mysql-clientFinish up the MySQL configuration:
mysql_secure_installationAlso you might need to update the auth mechanism to use passwords instead of local users, use one of:
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY '<password>';"
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<password>';"Install Certbot + nginx
You don't need to do that if you are using Caddy.
For certbot, you should look up on what's the current way to install it is, on certbot's website.
Installing nginx:
apt update && apt -y install nginxInstall node.js
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - && \
apt -y install nodejs && \
npm -g install npmInstall PHP
LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php && \
apt update && \
apt -y install php7.4-cli php7.4-common php7.4-curl php7.4-fpm php7.4-gd php7.4-intl php7.4-json php7.4-mbstring php7.4-mysql php7.4-xml php7.4-zip php-imagick
Install Composer
Install composer according to the documentation.
Install Cachetool
curl -sLO https://github.com/gordalina/cachetool/releases/latest/download/cachetool.phar && \
chmod +x cachetool.phar && \
mv cachetool.phar /usr/local/bin/cachetoolInstall Git
apt -y install gitDisable TCPv4 timestamps
echo 0 > /proc/sys/net/ipv4/tcp_timestamps && \
echo 'net.ipv4.tcp_timestamps = 0' >> /etc/sysctl.confInstall mail delivery
If you are not using an API for mail delivery, you need to install postfix for sending mails (which then can use a smart relay for actual delivery)
apt -y install postfix libsasl2-modulesCleaning apt
apt -y autoclean && \
apt -y autoremoveCheck installed versions
echo '' && \
echo '> PHP' && \
php -v && \
echo '' && \
echo '> composer' && \
composer -V
echo '' && \
echo '> Git' && \
git --version && \
echo '' && \
echo '> Certbot' && \
certbot --version && \
echo '' && \
echo '> mysql' && \
mysql -V && \
echo '' && \
echo '> nginx' && \
nginx -V && \
echo '' && \
echo '> node' && \
node -v && \
echo '' && \
echo '> npm' && \
npm -v && \
echo '' && \
echo '> Postfix' && \
postconf -d | grep mail_version && \
echo '' && \
echo '> fail2ban' && \
fail2ban-client -VFinishing up
You still need to do some things
- Add further config for
fail2ban - Update postfix config (
inet_interfaces = loopback-only)
Troubleshooting
MySQL
No password set during installation
In case you weren't offered setting a MySQL password during installation, this can be done by executing mysql_secure_installation.
Can't connect to MySQL database with newly set password
This happened a couple of times already and resulted in a completely purge of MySQL and a clean new install.
Purging MySQL:
apt remove --purge mysql*
apt purge mysql*
apt autoremove
apt autoclean
apt remove dbconfig-mysqlAfter that, install MySQL again:
apt install mysql-server mysql-clientPhoto credit: Jason Blackeye
