I have created a droplet with ubuntu 18.04 OS in the Digital Ocean. I have also attached storage. Made it auto-format with automount. The storage may be useful in the future when we change the droplet and we may need to attach the same to another droplet. Added an SSH Key. You can create the ssh key through putty using the following link.
https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/create-with-putty/
Login to your server using putty. Get your IP Address from Droplet Page. Copy IP address and connect to the server using putty. If you are using a key file for authentication this key file may need to be pointed within the putty application. This can be done on the following page:
Linking your private key file: On the left side, menu follow links Connection>SSH> AuthIn this page point your private key file. Click Session in the menu and save settings for future use.
Now click your connection and open connection using the existing configurations.
After establishing a connection create a new user and grant it administrative privileges. This is to avoid using root user extensively.
Create a New User
add user john
To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as “superuser” or root privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word sudo before each command.
The next step in securing your server is to set up public-key authentication for your new user. Setting this up will increase the security of your server by requiring a private SSH key to log in.
Follow the instructions to create ssh key pair
https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/create-with-putty/
Within the link please note. Because this is the place where some of you guys may stuck while configuring the server. :- Working with PuTTY’s Public Key Format
To disable password authentication on your server, follow these steps:
As root or your new sudo user, open the SSH daemon configuration:
sudo nano /etc/ssh/sshd_configFind the line that specifies
PasswordAuthentication, uncomment it by deleting the preceding #, then change its value to “no“.
sshd_config file — Disable password authentication
It should look like this after you have made the change
PasswordAuthentication no
Here are two other settings that are important for key-only authentication and are set by default. sshd_config — Important defaults. If you haven’t modified this file before, you do not need to change these settings:
PubkeyAuthentication yes
ChallengeResponseAuthentication no
When you are finished making your changes, save and close the file
Type this to reload the SSH daemon:
sudo systemctl reload sshd
Password authentication is now disabled. Your server is now only accessible with SSH key authentication.
Initially run
sudo apt-get update
Goto http://nginx.org/en/download.html
Choose the mainline version. Copy link. Download the file to the server using the following command
wget paste-copied-link-location-here
Example:
wget http://nginx.org/download/nginx-1.15.8.tar.gz
Extract the tar.gz file with the following command
tar -zxvf archive-file-name
Example:
tar -zxvf nginx-1.15.8.tar.gz
We will have a directory after extracting. Cd into the directory
Example :
cd nginx-1.15.8
First configure installerIn order to configure, within the installation directory type.
./configure
If you see following error please follow below instructions:
checking for C compiler … not found
Follow the instructions
Install compiling tools-
sudo apt-get install build-essential
Install some more dependencies before we proceed
sudo apt-get install libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev libxml2-dev libxslt1-dev python-dev libgd-dev libgeoip-dev
To understand more about the modules please visit the given link http://nginx.org/en/docs/configure.html
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=www-data --group=www-data --build=ubuntu --builddir=nginx-1.15.8 --with-select_module --with-poll_module --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-compat --with-pcre --with-pcre-jit --with-openssl-opt=no-nextprotoneg
After successful execution of ./configure run, execute the following commands
make sudo make install
Symlink /usr/lib/nginx/modules to /etc/nginx/modules directory. etc/nginx/modules is a standard place for NGINX modules:
sudo ln -s /usr/lib/nginx/modules/ /etc/nginx/modules
Check NGINX syntax and potential errors:
# Create NGINX cache directories and set proper permissions
sudo mkdir -p /var/cache/nginx/client_temp /var/cache/nginx/fastcgi_temp /var/cache/nginx/proxy_temp /var/cache/nginx/scgi_temp /var/cache/nginx/uwsgi_temp sudo chmod 700 /var/cache/nginx/* sudo chown nginx:root /var/cache/nginx/*
# Re-check syntax and potential errors.
sudo nginx -t
It should give a success message.
Now we need to access nginx service using systemctl command.
Create NGINX systemd unit file:
sudo vim /etc/systemd/system/nginx.service
Copy/paste the below content into /etc/systemd/system/nginx.service file:
[Unit]
Description=nginx - high performance web serverDocumentation=https://nginx.org/en/docs/After=network-online.target remote-fs.target nss-lookup.targetWants=network-online.target
[Service]
Type=forkingPIDFile=/var/run/nginx.pidExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.confExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.confExecReload=/bin/kill -s HUP $MAINPIDExecStop=/bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.target
Now Save and close the file. ( Hit Escape, type: wq and hit Enter)
Enable NGINX to start on boot and start NGINX immediately:
sudo systemctl enable nginx.service sudo systemctl start nginx.service
Try Accessing your host ip address through a browser you should get a web page like this
Check if NGINX will automatically initiate after a reboot:
sudo systemctl is-enabled nginx.service
It should give result “enabled“
Create conf.d, snippets, sites-available and sites-enabled directories in /etc/nginx directory:
sudo mkdir /etc/nginx/{conf.d,snippets,sites-available,sites-enabled}
Change permissions and group ownership of NGINX log files:
sudo chmod 640 /var/log/nginx/*sudo chown www-data:www-data /var/log/nginx/access.log /var/log/nginx/error.log
Now, you have the latest version of NGINX installed by building it from source code.
MariaDB is the drop-in replacement of MySQL database server. It takes a single command line to install MariaDB Database Server. To install it, run:
sudo apt update
sudo apt install mariadb-server mariadb-client
After installing, the commands below can be used to stop, start and enable MariaDB service to always start up when the server boots.
sudo systemctl stop mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
Now our MariaDB instance is started and it is enabled to start automatically on every boot. Next, we need to run the commands below to secure the MariaDB server by creating the root user password and deleting the test database.
sudo mysql_secure_installation
When prompted, answer the questions below by following the guide.
Enter current password for root (enter for none): Just press the Enter
Set root password? [Y/n]: Y
New password: Enter password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
That’s it. The Password for the database administrative user account has been set.
Restart the MariaDB server when done.
sudo systemctl restart mariadb.service
Please Note:- If you try to access your MariaDB instance using
mysql -u root -p
You have to first log in as a root user. Then execute the above command as a root user. Or else you may end up in error.
To install PHP, run:
sudo apt-get install php-fpm php-mysql
After installing PHP, we need to secure it by doing a simple change.
To do so, edit php.ini file:
sudo vim /etc/php/7.2/fpm/php.ini
Find the following line:
;cgi.fix_pathinfo=1
Uncomment it and change its value from 1 to 0 (zero).
cgi.fix_pathinfo=0
Save and close the file. Then, restart PHP-FPM service to take effect the changes.
sudo systemctl restart php7.2-fpm
Check PHP-FPM service is running or not using the command:
sudo systemctl status php7.2-fpm
Sample output for the above command:
● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2019-01-03 19:39:41 IST; 2min 35s ago Docs: man:php-fpm7.2(8) Main PID: 10732 (php-fpm7.2) Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec" Tasks: 3 (limit: 2362) CGroup: /system.slice/php7.2-fpm.service ├─10732 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf) ├─10746 php-fpm: pool www └─10747 php-fpm: pool www Jan 03 19:39:41 xxxxx-dev1 systemd[1]: Stopped The PHP 7.2 FastCGI Process Manager. Jan 03 19:39:41 xxxxx-dev1 systemd[1]: Starting The PHP 7.2 FastCGI Process Manager... Jan 03 19:39:41 xxxxx-dev1 systemd[1]: Started The PHP 7.2 FastCGI Process Manager.
Sample Nginx Configuration
First, we’ll update the server’s local package index to make sure it has a fresh set of references to available packages. Then, we’ll use the apt packaging tools to pull the software down from the repositories and install it on our system:
sudo apt-get update
sudo apt-get install phpmyadmin
Please choose the web server that should be automatically configured to run phpMyAdmin.In our case we are using Nginx so please hit TAB and hit Enter to skip question without selecting any option.
The next prompt will ask if you would like dbconfig-common to configure a database for phpMyAdmin to use. Select “Yes” to continue.
You’ll need to enter the database administrator password that you configured during the MySQL installation to allow these changes.
You will now be asked to choose and confirm a password for the phpMyAdmin application and its database (which will be created in this step). Choose and confirm a secure password and make note of it.
The installation will now complete. For the Nginx web-server to find and serve the phpMyAdmin files correctly, we’ll need to create a symbolic link from the installation files to our Nginx document root directory:
sudo ln -s /usr/share/phpmyadmin /var/www/html
Installing Additional PHP Extensions
When setting up our LEMP stack, we only required a very minimal set of extensions in order to get PHP to communicate with MySQL. But in many cases, these are some standard list of plugins leverage additional PHP extensions.
We can download and install some of the most popular PHP extensions for use with our application by typing:
sudo apt-get update
sudo apt-get install php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip
When you are finished installing the extensions, restart the PHP-FPM process so that the running PHP processor can leverage the newly installed features:
sudo systemctl restart php7.2-fpm
UpgradingphpMyAdmin from an older version
Sometimes the phpmyadmin installed form the default package list may be an older version. So if you would like to update your phpmyadmin version please follow these steps.
Warning
Never extract the new version over an existing installation of phpMyAdmin, always first remove the old files keeping just the configuration. This way you will not leave old no longer working code in the directory, which can have severe security implications or can cause various breakages.
Simply copy config.inc.php from your previous installation into the newly unpacked one. Configuration files from old versions may require some tweaking as some options have been changed or removed. For compatibility with PHP 5.3 and later, remove a set_magic_quotes_runtime(0);
a statement that you might find near the end of your configuration file.
You should not copy libraries/config.default.php over config.inc.php because the default configuration file is version-specific.
The complete upgrade can be performed in a few simple steps:
1. Download the latest phpMyAdmin version from <https://www.phpmyadmin.net/downloads/>.
First, you have to download your phpMyAdmin version from the phpMyAdmin website.
Please see the given link. https://www.phpmyadmin.net/downloads/
You can now download a particular version of phpMyAdmin with wget command as follows.
wget <download link>
Example:
wget https://files.phpmyadmin.net/phpMyAdmin/4.8.5/phpMyAdmin-4.8.5-english.zip
2. Rename existing phpMyAdmin folder (for example to phpmyadmin-old).
3. Unpack freshly downloaded phpMyAdmin to the desired location (for example phpmyadmin).
4. Copy config.inc.php from old location (phpmyadmin-old) to the new one (phpmyadmin).
5. Test that everything works properly.
6. Remove backup of a previous version (phpmyadmin-old).
If you have upgraded your MySQL server from a version previous to 4.1.2 to version 5.x or newer and if you use the phpMyAdmin configuration storage, you should run the SQL script found in sql/upgrade_tables_mysql_4_1_2+.sql.
If you have upgraded your phpMyAdmin to 4.3.0 or newer from 2.5.0 or newer (<= 4.2.x) and if you use the phpMyAdmin configuration storage, you should run the SQL script found in sql/upgrade_column_info_4_3_0+.sql.
Do not forget to clear the browser cache and to empty the old session by logging out and logging in again.