Here is a guide to Setting up a Linux Webserver with SSH. This is for Debian 8 (Jessie) although other versions of Debian will be similar, and Debian-based versions of Linux, like Ubuntu will also use similar commands. I'll just call it the webserver because it can be a dedicated server, a VPS, or a cloud instance.
A lot of this comes from these excellent guides... Getting Started with Linode and Securing your Server... but I'd say that searching around and getting different information from different sources is definitely a good way to go. I wanted to install PHP 7.0 so some of this guide is different to other guides, which tend to use PHP 5.6. This guide is also primarily for people using a Windows PC to talk to a remote Linux webserver, but other operating systems will be the same for most of the stages. Most of the contents of this guide uses a terminal and an SSH connection, which windows needs software for (e.g. Putty), but other operating systems may have it built-in. This guide doesn't talk about FTPing (or SFTPing) much, but a good SFTP client for Windows is WinSCP.
There is often more than one way to get the same results. For example, you can reboot the system in a number of different ways. I tend to use the methods that appear simplest to me.
A linux server (Debian 8, in this case).
The IP address of the server.
The root password of the server.
A computer to access your remote linux webserver, in this case a Windows PC with Putty installed.
With Windows you can download and install some software, such as Putty, then connecting to your instance should be pretty straight-forward with the login information from your hosting company. To begin with you'll probably be logging in as "root" so you will not need to type
sudo as root is the master login (this is handy because sudo is not installed, yet). The commands on this guide may need sudo adding at the beginning if you are not logging in as "root".
Once you are logged in the first thing to do is to make sure everything is updated so that you are installing the latest versions of everything when you get to that stage.
apt-get update && apt-get upgrade
or, later if you login as another user, you'll need sudo...
sudo apt-get update && sudo apt-get upgrade
First, you can check if Apache is already installed by typing...
If it is not already installed, i.e. the above does not give you any results. To install Apache type...
apt-get install apache2
If your hosting company has not told you what the IP address is, this shows all IP's installed on your instance...
The hostname can be anything. If you have more than one instance you might name your instances so that they are all plant species, stars, geographical locations, chemical elements, Roman Emperors or Greek philosophers.
Add the hostname by opening up the hosts file in nano...
Then, the hosts file might look like using the IP address that you already know, above...
127.0.0.1 myhostnamegoeshere.example.com myhostnamegoeshere localhost 127.0.1.1 myhostnamegoeshere 123.123.456.789 example.com
Also, edit the hostname file...
Then, after this you'll need to reboot the instance from the control panel of the hosting company or by rebooting from the control panel:
shutdown -r now.
The hostname and FQDN are important for all kinds of server functions. Test your hostname settings like this...
hostname -i ip address
hostname -f or
hostname --fqdn fully qualified domain name
000-default.conf is off, copy it to
mywebsite.com.conf and enable. link
cd /etc/apache2/sites-available cp 000-default.conf example.com.conf nano example.com.conf
Then, edit the example.com.conf so that it looks like this...
ServerAdmin webmaster@localhost ServerName example.com ServerAlias www.example.com DocumentRoot /var/www/example.com
Then, enable the site by typing...
We specified the DocumentRoot should be /var/www/example.com, above. So, now we need to make it!
Move to the place for all your web directories...
Then, create the web directory...
Once you have the directory you can add an index.html inside it.
If you have not restarted apache2 since typing the
a2ensite command you need to do that before the domain name will work in your browser. Restart then test it by typingthe domain name into a browser.
You can install any version of PHP. For Debian 8, it seems that PHP5.6 is the default, whereas with Ubuntu 16.04 LTS PHP7.0 is the default. I wanted to go with PHP7.0 so followed this guide for setting it up on Debian 8... Installing PHP7
Add these two lines to your /etc/apt/sources.list file:
deb http://packages.dotdeb.org jessie all deb-src http://packages.dotdeb.org jessie all
Add the GPG key:
wget https://www.dotdeb.org/dotdeb.gpg apt-key add dotdeb.gpg
Install PHP 7:
apt-get update apt-get install php7.0
Then, straight away before you do too much else you'll want to add the other modules you need. There is information abput some common ones from here..
apt-get install php7.0-cli php7.0-common libapache2-mod-php7.0 php7.0 php7.0-mysql php7.0-fpm php7.0-curl php7.0-gd php7.0-bz2
You can then test out the PHP by making a page that has
phpinfo(); on it to show you 1) that it's working and 2) the modules that are installed and enabled. Assuming everything works fine it's time to do more setting up...
At this stage I normally make sure everything is installed that I'll need for phpmyadmin. Then enable mod_rewrite...
Set your server timezone by typing the following command...
Then, this command shows you the current time on your server...
You will want to keep everything as up-to-date as possible on your instance. You can do this by configuring the Unattended upgrades... Automatic updates. Then if you don't want to have to login to your instance and reboot/restart it after every upgrade, you can automatically reboot, if needed, after upgrading. First install the package...
apt-get install unattended-upgrades
Then configure the settings you want in nano...
To test unattended-upgrades as root or with sudo run...
From Installing sudo on Debian...
apt-get install sudo
Then, add the user to sudo...
usermod -aG sudo myname
You can check which users are in the group sudo by running...
getent group sudo
Then logout of root, login as myname and test sudo out by doing something that requires sudo privileges, e.g. restarting apache:
service apache2 restart.
This is the main thing that is different on Windows PCs than it is with either Linux or Macs. For Windows PCs you have to use downloadable software, such as putty. This guide: Use Public Key Authentication with SSH talks you through the process.
The most important thing to note is that you should either be logged in as the user you want to make the key pair for when you make the
~/.ssh directory and put the authorized_keys file in it, or if you do it as root the location should be "/home/yourusername/.ssh/authorized_keys" and the owner should the yourusername not root. So, if you're logged in as root you can run
su yourusername to login as the user you've just created, then when you go to
cd ~/ it will take you to "/home/yourusername/". If you do it this way you have to make sure to check that the owner of the "authorized_keys" file is yourusername...
chown yourusername:yourusername -R ~/.ssh as suggested here.
Then, logout of root and login with your user to check that the new user works correctly with the public key authentication. You should be asked for the keyphrase, as opposed to the password.
If you can login with the username you set up with the public/private key pair you can "turn off" root logins.
Turn off root logins and turn off password authentication in the sshd_config file using nano...
For the changes you have made to work, you will need to restart SSH...
service ssh restart
You will need to be able to send emails from the server to get the unattended-upgrades emails (if you have asked it to send emails).
The only thing I found a little confusing was the mapping on this line...
Really, as you'll mainly be sending emails as a user (e.g. www-data or root) you should have lines like this to allow that...
root [email protected]
If you've set up your Mailgun account to use a subdomain, e.g. mail.example.com you can still use an address like [email protected] here!
Alternatively, https://www.debian.org/releases/jessie/amd64/ch08s05.html.en allows server to send email.
apt-get install fail2ban
Then, you can edit the config file, and/or make a local file...
apt-get install ufw
As the guide says, you'll have to be very careful when switching on the firewall that you do not lock yourself out of SSH.
apt-get install mysql-server mysql_secure_installation apt-get install libapache2-mod-php7.0 php7.0-mysql php7.0-curl php7.0-json
Then, once MySQL is installed there is more MySQL information here about how to create a database and a new user.
A good place to begin before installing PHPmyAdmin is by checking the phpmyadmin prerequisites and installing everything needed (e.g. mbstring). If 500 server errors, check the prerequisites again, installing anything that isn't already installed, then re-install phpmyadmin to get rid of the error. Install PHPmyAdmin on Debian 8
sudo apt-get install phpmyadmin
For each virtual host that you would like to give access to your PHPMyAdmin installation, create a symbolic link from the document root to the phpMyAdmin installation location (/usr/share/phpmyadmin). You do this by moving into the public directory of each virtual host, then creating a symlink...
cd /var/www/example.com/public_html sudo ln -s /usr/share/phpmyadmin
You can monitor the performance and usage of the web server by using top... Just type
top into the terminal and you'll get a summary of the usage every few seconds.
You can also set up a script that will email you if certain conditions are met (RAM usage, for example).
It's a good thing to take a look at the apache2 config file to make sure it is configured correctly. One of the things you'll want to check is that KeepAlive is set to off. From Setting up LAMP on Debian 8.
sudo nano /etc/apache2/apache2.conf KeepAlive Off
Different setups are all slightly different. If you are getting errors the best thing to do is to either examine the error itself or find the relevant error logs and do some problem solving. Unix & Linux Stack Exchange and Server Fault tend to have a lot of problems already answered.
This is just a general guide to setting up a Linux Webserver with SSH with a Windows PC talking to a Debian 8 remote webserver. You may want to change the order I have followed here and there may well be steps I've missed out here, errors I get that you do not get, or vice versa. But, I hope it can be useful to someone.
After getting this far there will probably still be thing you need to do to your webserver. There will be other PHP and Apache modules that your web applications and/or frameworks require, such as
mod_rewrite... As before, figure out what you need for your application and add it as required. Have fun!