Ubuntu 18.04 Nginx PHP 7 MariaDB Server Setup

I have created a droplet with ubuntu 18.04 OS in Digital Ocean. I have also attached a storage. Made it auto format with aut mount.  The storage may be useful in future when we change the droplet and we may need to attach the same to another droplet. Added an SSH Key. You can create the ssh key through putty using the following link.


Login to your Server using putty.
Get your IP Address from Droplet Page. Copy IP address and connect to the server using putty.
If you are using a key file for authentication this key file may needed to be pointed within putty application. This can be done in the following page:

Linking your private key file:
In the Left side menu follow links
Connection>SSH> Auth
In this page point your private key file. Click Session in the menu and save settings for future use.

Now click your connection and open connection using the existing configurations.


After establishing connection create a new user and grant it administrative privileges. This is to avoid using root user extensively.

Create a New User

adduser john

To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as "superuser" or root privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word sudo before each command.

Add Public Key Authentication (Recommended)

The next step in securing your server is to set up public key authentication for your new user. Setting this up will increase the security of your server by requiring a private SSH key to log in.


Follow the instructions to create ssh key pair

Within the link please note. Because this is the place where some of you guys may stuck while configuring the server. :-  Working with PuTTY’s Public Key Format


To disable password authentication on your server, follow these steps.

As root or your new sudo user, open the SSH daemon configuration:

sudo nano /etc/ssh/sshd_config
Find the line that specifies PasswordAuthentication, uncomment it by deleting the preceding #, then change its value to "no".
sshd_config file — Disable password authentication
 It should look like this after you have made the change

PasswordAuthentication no


Here are two other settings that are important for key-only authentication and are set by default. sshd_config — Important defaults
If you haven't modified this file before, you do not need to change these settings:

PubkeyAuthentication yes
ChallengeResponseAuthentication no

When you are finished making your changes, save and close the file

Type this to reload the SSH daemon:

sudo systemctl reload sshd
Password authentication is now disabled. Your server is now only accessible with SSH key authentication.





Set Up a Basic Firewall


Initially run

sudo apt-get update

Installing Nginx from source
Choose mainline version. Copy link.
Download the file to the server using the following commang
wget paste-copied-link-location-here

Extract the tar.gz file with the following command
tar -zxvf archive-file-name
Example: tar -zxvf  nginx-1.15.8.tar.gz

We will have a directory after extracting. Cd into the directory
Example : cd nginx-1.15.8

First configure installer
In order to configure, within the installation directory type
./configure

If you see following error please follow below instructions:
            checking for C compiler ... not found
Follow the instructions
Install compiling tools-
sudo apt-get install build-essential

Install some more dependencies before we proceed
sudo apt-get install libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev libxml2-dev libxslt1-dev python-dev libgd-dev libgeoip-dev





Configure the installer with the following command.
To understand more about the modules please visit the given link

./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=www-data --group=www-data --build=ubuntu --builddir=nginx-1.15.8 --with-select_module --with-poll_module --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-compat --with-pcre --with-pcre-jit --with-openssl-opt=no-nextprotoneg

After successful execution  of ./configure run
Execute following commands
make
sudo make install



Symlink /usr/lib/nginx/modules to /etc/nginx/modules directory. etc/nginx/modules is a standard place for NGINX modules:

sudo ln -s  /usr/lib/nginx/modules/ /etc/nginx/modules



Check NGINX syntax and potential errors:

# Create NGINX cache directories and set proper permissions
sudo mkdir -p /var/cache/nginx/client_temp /var/cache/nginx/fastcgi_temp /var/cache/nginx/proxy_temp /var/cache/nginx/scgi_temp /var/cache/nginx/uwsgi_temp

sudo chmod 700 /var/cache/nginx/*

sudo chown nginx:root /var/cache/nginx/*

# Re-check syntax and potential errors.
sudo nginx -t
It should give a success message.


Now we need to access nginx service using systemctl command.


Create NGINX systemd unit file:

sudo vim /etc/systemd/system/nginx.service

Copy/paste the below content into /etc/systemd/system/nginx.service file:

[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target


Now Save and close the file.( Hit Escape , type :wq and hit Enter)


Enable NGINX to start on boot and start NGINX immediately:


sudo systemctl enable nginx.service
sudo systemctl start nginx.service


Try Accessing your host ip address through browser you should get a web page like this


Check if NGINX will automatically initiate after a reboot:

sudo systemctl is-enabled nginx.service
It should give result "enabled"

Create conf.d, snippets, sites-available and sites-enabled directories in /etc/nginx directory:

sudo mkdir /etc/nginx/{conf.d,snippets,sites-available,sites-enabled}



Change permissions and group ownership of NGINX log files:

sudo chmod 640 /var/log/nginx/*
sudo chown www-data:www-data /var/log/nginx/access.log /var/log/nginx/error.log

Now, you have the latest version of NGINX installed by building it from source code.


2. Install MariaDB
MariaDB is the drop-in replacement of MySQL database server.
It takes a single command line to install MariaDB Database Server.
To install it, run:

sudo apt update
sudo apt install mariadb-server mariadb-client

After installing, the commands below can be used to stop, start and enable MariaDB service to always start up when the server boots.

sudo systemctl stop mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service


Now our MariaDB instance is started and it is enabled to start automatically on every boot. Next we need to run the commands below to secure MariaDB server by creating the root user password and deleting the test database.

sudo mysql_secure_installation

When prompted, answer the questions below by following the guide.

Enter current password for root (enter for none): Just press the Enter
Set root password? [Y/n]: Y
New password: Enter password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]:  Y
Reload privilege tables now? [Y/n]:  Y

That’s it. Password for the database administrative user account has been set.

Restart MariaDB server when done.

sudo systemctl restart mariadb.service

Please Note:-  If you try to access your mariadb instance using mysql -u root -p command, you have to first login as a root user . Then execute the above command as a root user. Or else you may end up in error.

3. Install PHP
To install PHP, run:

sudo apt-get install php-fpm php-mysql

After installing PHP, we need to secure it by doing a simple change.

To do so, edit php.ini file:

sudo vim /etc/php/7.2/fpm/php.ini

Find the following line:

;cgi.fix_pathinfo=1
Uncomment it and change its value from 1 to 0 (zero).

cgi.fix_pathinfo=0
Save and close the file. Then, restart PHP-FPM service to take effect the changes.

sudo systemctl restart php7.2-fpm

Check PHP-FPM service is running or not using command:

sudo systemctl status php7.2-fpm

Sample output for the above command:


● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-01-03 19:39:41 IST; 2min 35s ago
     Docs: man:php-fpm7.2(8)
 Main PID: 10732 (php-fpm7.2)
   Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
    Tasks: 3 (limit: 2362)
   CGroup: /system.slice/php7.2-fpm.service
           ├─10732 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)
           ├─10746 php-fpm: pool www
           └─10747 php-fpm: pool www

Jan 03 19:39:41 xxxxx-dev1 systemd[1]: Stopped The PHP 7.2 FastCGI Process Manager.
Jan 03 19:39:41 xxxxx-dev1 systemd[1]: Starting The PHP 7.2 FastCGI Process Manager...
Jan 03 19:39:41 xxxxx-dev1 systemd[1]: Started The PHP 7.2 FastCGI Process Manager.

Sample Nginx Configuration


phpMyAdmin Installation

First, we'll update the server's local package index to make sure it has a fresh set of references to available packages. Then, we'll use the apt packaging tools to pull the software down from the repositories and install it on our system:

sudo apt-get update
sudo apt-get install phpmyadmin

Please choose the web server that should be automatically configured to run phpMyAdmin.
In our case we are using Nginx so please hit TAB and hit Enter to skip question without selecting any option.

The next prompt will ask if you would like dbconfig-common to configure a database for phpMyAdmin to use. Select "Yes" to continue.
You'll need to enter the database administrator password that you configured during the MySQL installation to allow these changes.


The next prompt will ask if you would like dbconfig-common to configure a database for phpMyAdmin to use. Select "Yes" to continue. You'll need to enter the database administrator password that you configured during the MySQL installation to allow these changes.

You will now be asked to choose and confirm a password for the phpMyAdmin application and its database (which will be created in this step). Choose and confirm a secure password and make note of it.

The installation will now complete. For the Nginx web server to find and serve the phpMyAdmin files correctly, we’ll need to create a symbolic link from the installation files to our Nginx document root directory:

sudo ln -s /usr/share/phpmyadmin /var/www/html

Installing Additional PHP Extensions
When setting up our LEMP stack, we only required a very minimal set of extensions in order to get PHP to communicate with MySQL. But in many cases these are some standard list of plugins leverage additional PHP extensions.

We can download and install some of the most popular PHP extensions for use with our application by typing:

sudo apt-get update
sudo apt-get install php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip


When you are finished installing the extensions, restart the PHP-FPM process so that the running PHP processor can leverage the newly installed features:

sudo systemctl restart php7.2-fpm
Upgrading phpMyAdmin from an older version

Sometimes the phpmyadmin installed form the default package list may be an older version. So if you would like to update your phpmyadmin version please follow these steps.


Warning
Never extract the new version over an existing installation of phpMyAdmin, always first remove the old files keeping just the configuration. This way you will not leave old no longer working code in the directory, which can have severe security implications or can cause various breakages.

Simply copy config.inc.php from your previous installation into the newly unpacked one. Configuration files from old versions may require some tweaking as some options have been changed or removed. For compatibility with PHP 5.3 and later, remove a set_magic_quotes_runtime(0); statement that you might find near the end of your configuration file.

You should not copy libraries/config.default.php over config.inc.php because the default configuration file is version- specific.

The complete upgrade can be performed in few simple steps:

1.    Download the latest phpMyAdmin version from <https://www.phpmyadmin.net/downloads/>.

First you have to download your phpMyAdmin version from the phpMyAdmin website.
Please see given link.
https://www.phpmyadmin.net/downloads/

You can now download a particular version of phpMyAdmin with wget command as follows.
wget <download link>
Example:

2.    Rename existing phpMyAdmin folder (for example to phpmyadmin-old).
3.    Unpack freshly downloaded phpMyAdmin to desired location (for example phpmyadmin).
4.    Copy config.inc.php from old location (phpmyadmin-old) to new one (phpmyadmin).
5.    Test that everything works properly.
6.    Remove backup of previous version (phpmyadmin-old).

If you have upgraded your MySQL server from a version previous to 4.1.2 to version 5.x or newer and if you use the phpMyAdmin configuration storage, you should run the SQL script found in sql/upgrade_tables_mysql_4_1_2+.sql.

If you have upgraded your phpMyAdmin to 4.3.0 or newer from 2.5.0 or newer (<= 4.2.x) and if you use the phpMyAdmin configuration storage, you should run the SQL script found in sql/upgrade_column_info_4_3_0+.sql.

Do not forget to clear the browser cache and to empty the old session by logging out and logging in again.

Comments


  1. This is great post - so clear and easy to follow. And very usefull information We have latest job posts in our portal.
    job seeker

    ReplyDelete
  2. This is a notable guideline for both entrepreneurs and freelancers whose services are in demand! Great work! Thanks for sharing the info.
    Hire Opencart Developer
    Hire Wordpress Developer
    Hire Magento Developer
    Hire Web Developer
    Hire Wordpress Programmer

    ReplyDelete

Post a Comment

Popular posts from this blog

Sending an Email to Multiple Recipients - Cc: and Bcc:

Livares joins hands with ICT Academy of Kerala