WBXPress.NET

php5

  • Host Multiple Sites on LEMP Server in Linode

    ·

    wbxpress

    Linode provides unmanaged VPS hosting. Linode 1GB (1024) 2GB (2048) costs 10USD per month. You may host unlimited websites in a Linode. Here we will describe the steps involved to host many websites in a single Linode 2048.

    1. Create an Account with Linode

    Goto Linode.com and create an account. you need to provide your credit card details.

    2. Add a Linode

    Select a plan and add a linode as follows:

    add-linode

    From your Dashboard copy the IP of your Linode and note down some place else.

    3. Install OS e.g. Debian 8.1

    The process is called Rebuild. Rebuild you Linode with Debian 8.1.

    debian-rebuild

    Choose a Password for Root.

    4. Boot Linode

    Click the Boot button and your linode will start.

    linode-boot

    you will see your linode booting

    linode-booting

    5. Run Putty in Windows

    Run Putty with the IP address you copied in step 2.

    run-putty

    A security alert will pop up. Click Yes.

    Login with your root password, you already set in step 3.
    You will see a command prompt in black screen.

    6. Set a Hostname

    Set a hostname for your linode. hostname is anything you like to name your VPS server. e.g. “supercom”.
    Execute the following command:

    hostnamectl set-hostname supercom

    Check whether the hostname has been set properly. Run:

    hostname

    You will get supercom as output.

    Again Run the following to set hostname in everywhere:

    nano /etc/hosts

    Now change the text debian to supercomp.

    etc-hosts

    Save and Exit by Pressing Ctrl+X and y.

    7. Set the Timezone

    Run the following command to setup your local time.

    dpkg-reconfigure tzdata

    To check it shows proper date and time run:

    date

    It will show you current date and time.

    8. Install software Updates

    Run the following to update your system softwares:

    apt-get update
apt-get upgrade

    During upgrade you need to press y to continue.

    9. Create User

    adduser admin

    add-admin

    usermod -a -G sudo admin

    Now logout of root account. Run putty again and login as admin.

    10. Secure Linode with SSH Key Pair

    Open puTTYgen in your own Windows PC. Generate a Public/Private key pair.

    puttygen
    Save Private key in your PC.
    Copy Public key.

    Now run the following commands with admin user in your linode terminal.

    mkdir .ssh
sudo nano .ssh/authorized_keys

    Paste the copied public key into this file.
    Save and Exit.

    sudo chown -R admin:admin .ssh
sudo chmod 700 .ssh
sudo chmod 600 .ssh/authorized_keys
sudo nano /etc/ssh/sshd_config

    Now disable root login by changing the following value:

    PasswordAuthentication no
PermitRootLogin no

    Restart SSH

    sudo service ssh restart

    Now you can not login with root account. Also you can not login with password. admin user can only login with the private key. Open the private key you saved and you can login with admin user.

    11. Create a Firewall

    Run the following:

    sudo nano /etc/iptables.firewall.rules

    Paste the following into this file.

    *filter

-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A OUTPUT -j ACCEPT

-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

    Activate the rules:-

    sudo iptables-restore < /etc/iptables.firewall.rules

    Make sure the rules always activate while you restrat linode

    sudo nano /etc/network/if-pre-up.d/firewall

    Paste the following script.

    #!/bin/sh
/sbin/iptables-restore < /etc/iptables.firewall.rules

    Run this:

    sudo iptables -L

    If everything is OK, you will find the following output.

    iptables

    12. DDOS Protection

    Run the following commands:

    sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

    Set “enabled” to “true” in the [ssh-ddos] section. Then restart Fail2ban.

    ssh-ddos

    sudo service fail2ban restart

    13. Install Nginx Web server

    Run the following command:

    sudo apt-get update
sudo apt-get install nginx

    After successful instal open your browser and type the IP address. You will see the following:

    nginx

    To configure Nginx according to your hardware specification, run:

    sudo nano /etc/nginx/nginx.conf

    Change worker_processes value to 1. To further optimize nginx configuration is out of the scope of this guide. It will be posted some other day.

    To prepare Nginx to run PHP, you need to edit default values. Run

    sudo nano /etc/nginx/sites-available/default

    And uncomment by removing # from the following segment

    location ~ \.php$ {
include snippets/fastcgi-php.conf
fastcgi_pass unix:/var/run/php5-fpm.sock;
}

    Restart Nginx Server by typing the following:

    sudo service nginx restart

    14. Install MySQL

    Run the following commands one by one.

    sudo apt-get install mysql-server
sudo mysql_install_db
sudo mysql_secure_installation

    You will be prompted a series of questions after you enter root password. Just type y or n as required.

    Change the root password? [y/n]: n
    Remove anonymous users? [y/n]: y
    Disallow root login remotely? [y/n]: y
    Remove test database and access to it? [y/n]: y
    Reload privilege tables now? [y/n]: y

    Refer: MySQL Commands for Hosting Websites in Linux VPS

    15. Install PHP

    Run the following command:

    sudo apt-get install php5-fpm php5-mysql

    Change Configuration

    sudo nano /etc/php5/fpm/php.ini

    Find cgi.fix_pathinfo inside the configuration file and make it like

    cgi.fix_pathinfo=0

    You need to remove initial ; from the above line.

    Save and Exit. Restart PHP5

    sudo service php5-fpm restart

    To check whether php successfully installed you need to run:

    sudo nano /var/www/html/info.php

    Type the following code:

    phpinfo

     

    Now type the following in your browser:

    http://your_server_IP/info.php

    Replace your_server_IP with your actual IP.
    You will see the following output.
    phpinfo
    At this point, your server is ready to host as many websites as you like. All you need is to create different nginx virtual hosts for different websites.

    16.Host Multiple Websites

    In this example we will show how to host 2 websites. For multiple websites you just need to repeat the process as described.
    Suppose we want to host example1.com and example2.com

    At first create content directories for websites. Run:

    sudo mkdir /var/www/html/example1
sudo mkdir /var/www/html/example2

    Now create virtual host for example1.com

    sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example1
sudo nano /etc/nginx/sites-available/example1

    This file looks like the following after removing unnecessary comments.

    server {
	listen 80 default_server;
	listen [::]:80 default_server;
	root /var/www/html;
	index index.html index.htm index.nginx-debian.html;
	server_name _;
	location / {
		try_files $uri $uri/ =404;
	}
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/var/run/php5-fpm.sock;
	}
}

    Now change the above file to host example1.com

    server {
	listen 80;
	listen [::]:80;
	root /var/www/html/example1;
	index index.php index.html index.htm;
	server_name example1.com;
	location / {
		try_files $uri $uri/ /index.php?$args;
	}
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/var/run/php5-fpm.sock;
	}
}

    Now enable example1.com and restart nginx.

    sudo ln -s /etc/nginx/sites-available/example1.com /etc/nginx/sites-enabled
sudo service nginx restart

    If you have already changed your DNS settings for your domain name example1.com as

    ns1.linode.com
ns2.linode.com
ns3.linode.com
ns4.linode.com
ns5.linode.com

    You should see example1.com in your browser in action. Hurray, you just successfully hosted your first website example1.com.
    Again to host example2.com, first copy the vhost file:

    sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example2
sudo nano /etc/nginx/sites-available/example2

    Now change the above file to host example2.com like this:

    server {
	listen 80;
	listen [::]:80;
	root /var/www/html/example2;
	index index.php index.html index.htm;
	server_name example2.com;
	location / {
		try_files $uri $uri/ /index.php?$args;
	}
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/var/run/php5-fpm.sock;
	}
}

    Now enable example2.com and restart nginx.

    sudo ln -s /etc/nginx/sites-available/example2.com /etc/nginx/sites-enabled
sudo service nginx restart

    Similarly, you should see example2.com in your browser in action. So go ahead and repeat the process to host unlimited websites in Linode.

  • Increase File Upload Limit in NGINX and PHP5-FPM

    ·

    wbxpress

    Running NGINX web server along with php5-fpm scripting language is an excellent choice for hosting any type of websites in a VPS. Being NGINX as web server, it can handle huge number of traffic compared to any other web server. In a typical first installation of LEMP stack i.e. Linux, Nginx, MySQL and PHP, the file upload limit is 2MB by default.
    To increase file upload limit in Nginx and php5-fpm environment you need to change few php5 settings as well as nginx settings. Here is what you need to change to increase the file upload limit.

    Increase file upload limit by editing php.ini

    To change upload limit in php.ini you need to open the file. The typical location of the file is:

    /etc/php5/fpm/php.ini

    or

    /etc/php5/cgi/php.ini

    Run the following command:-

    sudo nano /etc/php5/cgi/php.ini

    Find “max_filesize” by pressing Ctrl+W and change the default value to this:

    upload_max_filesize = 50M

    if you need to change the upload limit to 50MB.
    Again find “post_max” by pressing Ctrl+W and change the default value.

    post_max_size = 50M

    Increase file upload limit by editing nginx.conf

    There is one more thing you need to change from nginx.conf
    Run:

    sudo nano /etc/nginx/nginx.conf

    Add the following inside http block:

    client_max_body_size 50m;

    Finally restart php5-fpm and nginx so that the changes take effect.

    sudo service nginx restart
sudo service php5-fpm restart

    or reboot from your hosting provider’s end.

  • Host Websites in Linode (LAMP stack)

    ·

    wbxpress

    We assume that you have already bought a domain name for your website. Hope you know why should one buy a domain name. You need to change DNS server of your domain to host it. For example the DNS records for Linode hosting will be:

    ns1.linode.com
ns2.linode.com
ns3.linode.com
ns4.linode.com
ns5.linode.com

    Buy a Linode 1GB @ 10 USD per month.

    Linode 1 GB is a good start to host single or multiple websites. It costs 10 USD per month. We recommend you buy VPS hosting from Linode only because it is awesome. Take our word for it.

    Update: Linode is now offering 2 GB RAM @ 10 USD per month.

    Linode Data Center Location:

    Choosing data center should be proper. It should be nearest to the location from which major traffic comes from. This is always not the truth, however. If major traffic of your website is from India, you should choose London as your data center. Check out this post for an in-depth analysis: Data Center for Indian Websites

    Buy a Linode

    Install Linux, Apache, MySQL, PHP.

    This tutorial is for a LAMP stack i.e. Linux, Apache, MySQL and PHP. If you want to create a LEMP stack i.e. Linux, NGINX, MySQL, PHP stack then follow this tutorial: Host Multiple Sites on LEMP Server in a 1GB Linode.

    From Linode Manager, install debian / ubuntu 64 bit into the linode. This installation will take some time. Then Boot it. Your linode is now loaded with a linux operating system.

    You can not install other softwares direct from linode manager. You have to connect through ssh client e.g. PuTTY in windows. Open up PuTTY. Use linux root user/password and IP address to connect with your linode.

    After successful connect execute following commands each one by one:-

    Set Hostname

    echo "yourhostname" > /etc/hostname
hostname -F /etc/hostname
nano /etc/hosts

    Edit: Change debian/ubuntu to yourhostname.

    hostname

    will give output “yourhostname”

    Troubleshooting: Unable to resolve hostname.

    Set Timezone

    dpkg-reconfigure tzdata

    System Update

    apt-get update
apt-get upgrade

    Create User

    adduser admin
usermod -a -G sudo admin

    Securing Linode

    To secure your linode you need to restrict root user access. Admin user will do the job of root instead. You also need to create ssh key pair authentication method.

    Open puTTYgen in your own PC; (Download puTTy from here).
    Generate a Public/Private key pair.
    Copy Public key into a Text file (Use Notepad++)
    Save Private key in your PC.

    Now go to terminal window of linode again. But this time login as admin

    mkdir .ssh
sudo nano .ssh/authorized_keys

    Paste the copied text i.e. public key into this file.

    sudo chown -R admin:admin .ssh
sudo chmod 700 .ssh
sudo chmod 600 .ssh/authorized_keys
sudo nano /etc/ssh/sshd_config

    Disable Root Login

    PasswordAuthentication no
PermitRootLogin no

    Restart SSH

    sudo service ssh restart

    Set Firewall Rules

    sudo nano /etc/iptables.firewall.rules

    Paste the following code into this:

    *filter

#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

#  Allow SSH connections
#
#  The -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

#  Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

#  Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

    Activate Firewall

    sudo iptables-restore < /etc/iptables.firewall.rules
    sudo nano /etc/network/if-pre-up.d/firewall

    Add the following code:-

    #!/bin/sh
/sbin/iptables-restore < /etc/iptables.firewall.rules
    sudo chmod +x /etc/network/if-pre-up.d/firewall

    Secure Fail2ban

    sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

    Set “enabled” to “true” in the [ssh-ddos] section.

    Restart Fail2ban

    sudo service fail2ban restart

    Adding DNS Records

    Install Apache

    sudo apt-get install apache2
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.backup.conf
sudo nano /etc/apache2/apache2.conf

    Optimize Apache

    KeepAlive Off
...

StartServers 2
MinSpareServers 6
MaxSpareServers 12
MaxClients 30
MaxRequestsPerChild 3000

    Further Tuning Apache

    sudo echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn
sudo service apache2 restart
sudo a2enmod rewrite
sudo a2dissite *default

    Create directory for your first website

    mkdir -p /var/www/example.com/html
mkdir /var/www/example.com/logs

    Create directory for your second website

    mkdir -p /var/www/example.org/html
mkdir /var/www/example.org/logs

    You may host as many websites as you wish in a single Linode. So, carry on.

    Create Name-based Virtual Host for your first domain

    sudo nano /etc/apache2/sites-available/example.com.conf

    Add the follwing code:

    ServerAdmin webmaster@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/html/
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined

    Create Name-based Virtual Host for your first domain

    sudo nano /etc/apache2/sites-available/example.org.conf

    Add the following:

    ServerAdmin webmaster@example.org
ServerName example.org
ServerAlias www.example.org
DocumentRoot /var/www/example.org/html/
ErrorLog /var/www/example.org/logs/error.log
CustomLog /var/www/example.org/logs/access.log combined

    Enable Hosting

    sudo a2ensite example.com.conf
sudo a2ensite example.org.conf
sudo service apache2 restart

    Install MySQL

    sudo apt-get install mysql-server
sudo mysql_install_db
sudo mysql_secure_installation

    Optimize MySQL

    cp /etc/mysql/my.cnf /etc/mysql/my.backup.cnf
sudo nano /etc/mysql/my.cnf

    Set the following:

    max_connections = 75
key_buffer = 32M
max_allowed_packet = 1M
thread_stack = 128K
table_cache = 32

    Restart MySQL

    sudo service mysql restart

    Create Database/User

    mysql -u root -p
show databases;
create database example;
use mysql;
show tables;
select user,host from mysql.user;
create user 'exuser'@'localhost' identified by 'expwd';
grant all privileges on example.* to 'exuser'@'localhost';
flush privileges;

    Install PHP

    sudo apt-get install php5 php-pear php5-mysql
sudo nano /etc/apache2/mods-enabled/dir.conf

    Add the following:

    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm

    Optimize PHP

    sudo cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.backup.ini
sudo nano /etc/php5/apache2/php.ini

    Set the following:

    max_execution_time = 30
memory_limit = 128M
error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR
display_errors = Off
log_errors = On
error_log = /var/log/php/error.log
register_globals = Off

    Restart PHP

    sudo service apache2 restart

    Adding into DNS Manager

    In Linode Manager, go to DNS Manager and add your domain zone like this picture:

    wbxpress-linode

    Browse your Website

    Write http://example.com/ in your browser and hit enter. you should see its working.

    For WordPress Installation

    sudo wget https://wordpress.org/latest.zip
sudo apt-get install unzip
sudo unzip latest.zip
sudo cp -R wordpress/* /var/www/example.com/html/
cd /var/www/example.com/html/
chown -R www-data html
sudo cp -R wordpress/* /var/www/example.com/html/

    You may install other Web-Software at your convenience.

    If you have any query, let us know, we’ll get back to you.

    References:-

    Getting Started – Linode Guides & Tutorials
    Securing Your Server – Linode Guides & Tutorials
    Hosting a Website – Linode Guides & Tutorials
    How To Set Up Your Linode For Maximum Awesomeness