apache2

  • Host Multiple Sites with SSL in LAMP

    ·

    Install Ubuntu 16.04 LTS

    From the dashboard of your VPS hosting provider, you will find how to install/ deploy operating system. Create Password for root user.

    Login to your VPS

    Run Putty to login with the host IP address as shown below:

    run-putty

    A security alert will pop up. Click Yes. Login as: root.

    Set Hostname

    Set a hostname for your VPS. hostname is anything you like to name your VPS server. e.g. “hydrogen”.
    Execute the following command:

    echo "hydrogen" > /etc/hostname
    hostname -F /etc/hostname
    nano /etc/hosts

    Add: IP address <space> hydrogen

    hostname

    will give output “yourhostname”

    Set Timezone

    Run the following command to setup your local time.

    dpkg-reconfigure tzdata

    To check it shows proper date and time run:

    date

    It will show you current date and time.

    System Update

    Run the following to update your system softwares:

    apt-get update
    apt-get upgrade

    During upgrade you need to press y to continue.

    Create User

    adduser admin

    add-admin

    usermod -aG sudo admin

    Now logout of root account. Run putty again and login as admin.

    Secure with SSH Key-Pair

    Now login your VPS as admin

    Open puTTYgen in your own Windows PC. Generate a Public/Private key pair.

    puttygen
    Save Private key in your PC.
    Copy Public key.

    Now run the following commands with admin user in your linode terminal.

    mkdir .ssh
    sudo nano .ssh/authorized_keys

    Paste the copied public key into this file.
    Save and Exit.

    sudo chown -R admin:admin .ssh
    sudo chmod 700 .ssh
    sudo chmod 600 .ssh/authorized_keys
    sudo nano /etc/ssh/sshd_config

    Now disable root login by changing the following value:

    PasswordAuthentication no
    PermitRootLogin no

    Restart SSH

    sudo service ssh restart

    Now you can not login with root account. Also you can not login with password. admin user can only login with the private key. Open the private key you saved and you can login with admin user.

    Set up a Firwall

    sudo ufw app list

    Output:
    Available applications:
    OpenSSH

    sudo ufw allow OpenSSH
    sudo ufw enable
    sudo ufw status

    Output:
    Status: active
    And few lines.

    Install Apache

    sudo apt-get install apache2
    sudo ufw allow "Apache Full"
    sudo nano /etc/apache2/apache2.conf

    Optimize Apache

    KeepAlive On
    MaxKeepAliveRequests 50
    KeepAliveTimeout 5
    sudo nano /etc/apache2/mods-available/mpm_prefork.conf

    Adjust inside mpm_prefork_module for 2 GB VPS

    StartServers 4
    MinSpareServers   3
    MaxSpareServers   40
    MaxRequestWorkers 200
    MaxConnectionsPerChild 10000

    Disable event module and enable prefork

    sudo a2dismod mpm_event
    sudo a2enmod mpm_prefork

    Restart Apache

    sudo service apache2 restart

    Create directory for your first website

    sudo mkdir -p /var/www/example1.com/html
    sudo mkdir /var/www/example1.com/logs

    Create directory for your second website

    mkdir -p /var/www/example2.com/html
    mkdir /var/www/example2.com/logs

    You may host as many websites as you wish in a single VPS. So, carry on.

    Create Virtual Host for your first domain

    sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example1.com.conf
    sudo nano /etc/apache2/sites-available/example1.com.conf

    Set the following:

    ServerAdmin admin@example1.com
    ServerName example1.com
    ServerAlias www.example1.com
    DocumentRoot /var/www/example1.com/html/
    ErrorLog /var/www/example1.com/logs/error.log
    CustomLog /var/www/example1.com/logs/access.log combined
    

    Create Virtual Host for your second domain

    sudo nano /etc/apache2/sites-available/example2.com.conf

    Set the following:

    ServerAdmin admin@example2.com
    ServerName example2.com
    ServerAlias www.example2.com
    DocumentRoot /var/www/example2.com/html/
    ErrorLog /var/www/example2.com/logs/error.log
    CustomLog /var/www/example2.com/logs/access.log combined
    

    Enable Virtual Hosts

    sudo a2ensite example1.com.conf
    sudo a2ensite example2.com.conf

    Disable default Virtual Host

    sudo a2dissite 000-default.conf
    sudo service apache2 restart

    Install MySQL

    Run the following commands one by one.

    sudo apt-get install mysql-server
    sudo mysql_install_db
    sudo mysql_secure_installation

    You will be prompted a series of questions after you enter root password. Just type y or n as required.

    Change the root password? [y/n]: n
    Remove anonymous users? [y/n]: y
    Disallow root login remotely? [y/n]: y
    Remove test database and access to it? [y/n]: y
    Reload privilege tables now? [y/n]: y

    Refer: MySQL Commands for Hosting Websites in Linux VPS

    Install PHP

    sudo apt-get install php7.0 libapache2-mod-php7.0 php7.0-mysql
    sudo apt-get install php7.0-curl php7.0-json php7.0-cgi
    sudo nano /etc/apache2/mods-enabled/dir.conf

    Add the following:

    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm

    SSL Certificates for all Domains

    sudo apt-get install software-properties-common python-software-properties
    sudo add-apt-repository ppa:certbot/certbot
    sudo apt-get update
    sudo apt-get install python-certbot-apache

    Install certificate for first domain.

    sudo certbot --apache -d example1.com

    Install certificate for second domain.

    sudo certbot --apache -d example2.com

    SSL Auto Renewal

    sudo crontab -e

    At the end of line add:

    15 3 * * * /usr/bin/certbot renew --quiet

    Copy Files from Old Host to New Host

    Check this: Copy Files from Old Host to New Host

  • If you know IP address of your website then enter it in a browser. Does it load your website with the IP address? Then be careful, your server IP is not forwarding to your website’s domain name. IP should redirect to your website’s URL or to a page from your website hosting provider. Search engines like Google are now able to index your website with its IP instead of its domain name. This will result in duplicate content.

    So to avoid the problem of duplicate content you should do an htaccess 301 redirect to make sure the IP does not get indexed.

    This can be achieved in Nginx by changing the default vhost configuration.

    sudo nano /etc/nginx/sites-available/default

    Add the following code at the top of the above file.

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
    
        return 403;
    }

    Then restart nginx.

    sudo service nginx restart

    Similarly, in apache you should paste the following code at the end of the .htaccess file

    RewriteCond %{HTTP_HOST} ^123\.345\.567\.789
    RewriteRule (.*) http://www.example.com/$1 [R=301,L]
    

    Replace your IP with the numbers and example.com with your domain name.

    Now check again with the IP. You should see a redirect.

  • It is always good idea to host your blog in wordpress platform rather than blogger platform. If you ever migrated your existing blog from blogger to wordpress platform, you need to fix permalink structure.

    In Blogger, generally permalink looks like:-

    http://example.com/2015/03/hello-world.html

    But in wordpress it looks like:-

    wordpress-permalink

    Now, in the mean time your valuable content which were liked by many people and the links of your content were shared by many people. So, when you shift from blogger to wordpress you will lose all those links that people loved.

    But do not worry you can redirect all those old links to the new links of contents. You just need to create a redirect rule from this permalink generator.

    And add this rule at the end of your .htaccess file.

    RedirectMatch 301 ^/([0-9]{4})/([0-9]{2})/([^/]+).html$ http://example.com/$3
  • Host Websites in Linode (LAMP stack)

    ·

    We assume that you have already bought a domain name for your website. Hope you know why should one buy a domain name. You need to change DNS server of your domain to host it. For example the DNS records for Linode hosting will be:

    ns1.linode.com
    ns2.linode.com
    ns3.linode.com
    ns4.linode.com
    ns5.linode.com

    Buy a Linode 1GB @ 10 USD per month.

    Linode 1 GB is a good start to host single or multiple websites. It costs 10 USD per month. We recommend you buy VPS hosting from Linode only because it is awesome. Take our word for it.

    Update: Linode is now offering 2 GB RAM @ 10 USD per month.

    Linode Data Center Location:

    Choosing data center should be proper. It should be nearest to the location from which major traffic comes from. This is always not the truth, however. If major traffic of your website is from India, you should choose London as your data center. Check out this post for an in-depth analysis: Data Center for Indian Websites

    Buy a Linode

    Install Linux, Apache, MySQL, PHP.

    This tutorial is for a LAMP stack i.e. Linux, Apache, MySQL and PHP. If you want to create a LEMP stack i.e. Linux, NGINX, MySQL, PHP stack then follow this tutorial: Host Multiple Sites on LEMP Server in a 1GB Linode.

    From Linode Manager, install debian / ubuntu 64 bit into the linode. This installation will take some time. Then Boot it. Your linode is now loaded with a linux operating system.

    You can not install other softwares direct from linode manager. You have to connect through ssh client e.g. PuTTY in windows. Open up PuTTY. Use linux root user/password and IP address to connect with your linode.

    After successful connect execute following commands each one by one:-

    Set Hostname

    echo "yourhostname" > /etc/hostname
    hostname -F /etc/hostname
    nano /etc/hosts

    Edit: Change debian/ubuntu to yourhostname.

    hostname

    will give output “yourhostname”

    Troubleshooting: Unable to resolve hostname.

    Set Timezone

    dpkg-reconfigure tzdata

    System Update

    apt-get update
    apt-get upgrade

    Create User

    adduser admin
    usermod -a -G sudo admin

    Securing Linode

    To secure your linode you need to restrict root user access. Admin user will do the job of root instead. You also need to create ssh key pair authentication method.

    Open puTTYgen in your own PC; (Download puTTy from here).
    Generate a Public/Private key pair.
    Copy Public key into a Text file (Use Notepad++)
    Save Private key in your PC.

    Now go to terminal window of linode again. But this time login as admin

    mkdir .ssh
    sudo nano .ssh/authorized_keys

    Paste the copied text i.e. public key into this file.

    sudo chown -R admin:admin .ssh
    sudo chmod 700 .ssh
    sudo chmod 600 .ssh/authorized_keys
    sudo nano /etc/ssh/sshd_config

    Disable Root Login

    PasswordAuthentication no
    PermitRootLogin no

    Restart SSH

    sudo service ssh restart

    Set Firewall Rules

    sudo nano /etc/iptables.firewall.rules

    Paste the following code into this:

    *filter
    
    #  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
    -A INPUT -i lo -j ACCEPT
    -A INPUT -d 127.0.0.0/8 -j REJECT
    
    #  Accept all established inbound connections
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    #  Allow all outbound traffic - you can modify this to only allow certain traffic
    -A OUTPUT -j ACCEPT
    
    #  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
    -A INPUT -p tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp --dport 443 -j ACCEPT
    
    #  Allow SSH connections
    #
    #  The -dport number should be the same port number you set in sshd_config
    #
    -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
    
    #  Allow ping
    -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
    
    #  Log iptables denied calls
    -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
    
    #  Drop all other inbound - default deny unless explicitly allowed policy
    -A INPUT -j DROP
    -A FORWARD -j DROP
    
    COMMIT
    

    Activate Firewall

    sudo iptables-restore < /etc/iptables.firewall.rules
    sudo nano /etc/network/if-pre-up.d/firewall

    Add the following code:-

    #!/bin/sh
    /sbin/iptables-restore < /etc/iptables.firewall.rules
    sudo chmod +x /etc/network/if-pre-up.d/firewall

    Secure Fail2ban

    sudo apt-get install fail2ban
    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
    sudo nano /etc/fail2ban/jail.local

    Set “enabled” to “true” in the [ssh-ddos] section.

    Restart Fail2ban

    sudo service fail2ban restart

    Adding DNS Records

    Install Apache

    sudo apt-get install apache2
    sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.backup.conf
    sudo nano /etc/apache2/apache2.conf

    Optimize Apache

    KeepAlive Off
    ...
    
    StartServers 2
    MinSpareServers 6
    MaxSpareServers 12
    MaxClients 30
    MaxRequestsPerChild 3000
    
    

    Further Tuning Apache

    sudo echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn
    sudo service apache2 restart
    sudo a2enmod rewrite
    sudo a2dissite *default

    Create directory for your first website

    mkdir -p /var/www/example.com/html
    mkdir /var/www/example.com/logs

    Create directory for your second website

    mkdir -p /var/www/example.org/html
    mkdir /var/www/example.org/logs

    You may host as many websites as you wish in a single Linode. So, carry on.

    Create Name-based Virtual Host for your first domain

    sudo nano /etc/apache2/sites-available/example.com.conf

    Add the follwing code:

    ServerAdmin webmaster@example.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/html/
    ErrorLog /var/www/example.com/logs/error.log
    CustomLog /var/www/example.com/logs/access.log combined
    
    

    Create Name-based Virtual Host for your first domain

    sudo nano /etc/apache2/sites-available/example.org.conf

    Add the following:

    ServerAdmin webmaster@example.org
    ServerName example.org
    ServerAlias www.example.org
    DocumentRoot /var/www/example.org/html/
    ErrorLog /var/www/example.org/logs/error.log
    CustomLog /var/www/example.org/logs/access.log combined
    
    

    Enable Hosting

    sudo a2ensite example.com.conf
    sudo a2ensite example.org.conf
    sudo service apache2 restart

    Install MySQL

    sudo apt-get install mysql-server
    sudo mysql_install_db
    sudo mysql_secure_installation

    Optimize MySQL

    cp /etc/mysql/my.cnf /etc/mysql/my.backup.cnf
    sudo nano /etc/mysql/my.cnf

    Set the following:

    max_connections = 75
    key_buffer = 32M
    max_allowed_packet = 1M
    thread_stack = 128K
    table_cache = 32

    Restart MySQL

    sudo service mysql restart

    Create Database/User

    mysql -u root -p
    show databases;
    create database example;
    use mysql;
    show tables;
    select user,host from mysql.user;
    create user 'exuser'@'localhost' identified by 'expwd';
    grant all privileges on example.* to 'exuser'@'localhost';
    flush privileges;

    Install PHP

    sudo apt-get install php5 php-pear php5-mysql
    sudo nano /etc/apache2/mods-enabled/dir.conf

    Add the following:

    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm

    Optimize PHP

    sudo cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.backup.ini
    sudo nano /etc/php5/apache2/php.ini

    Set the following:

    max_execution_time = 30
    memory_limit = 128M
    error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR
    display_errors = Off
    log_errors = On
    error_log = /var/log/php/error.log
    register_globals = Off

    Restart PHP

    sudo service apache2 restart

    Adding into DNS Manager

    In Linode Manager, go to DNS Manager and add your domain zone like this picture:

    wbxpress-linode

    Browse your Website

    Write http://example.com/ in your browser and hit enter. you should see its working.

    For WordPress Installation

    sudo wget https://wordpress.org/latest.zip
    sudo apt-get install unzip
    sudo unzip latest.zip
    sudo cp -R wordpress/* /var/www/example.com/html/
    cd /var/www/example.com/html/
    chown -R www-data html
    sudo cp -R wordpress/* /var/www/example.com/html/

    You may install other Web-Software at your convenience.

    If you have any query, let us know, we’ll get back to you.

    References:-

    Getting Started – Linode Guides & Tutorials
    Securing Your Server – Linode Guides & Tutorials
    Hosting a Website – Linode Guides & Tutorials
    How To Set Up Your Linode For Maximum Awesomeness