ssh root@192.12.345.67 apt-get update apt-get upgrade dpkg-reconfigure tzdata date hostnamectl set-hostname classic nano /etc/hosts 192.12.345.67 classic 2400:8904::f03c:92ff:fe6a:58cd/64 classic hostname adduser admin adduser admin sudo exit ssh-keygen -b 4096 ssh-copy-id admin@192.12.345.67 ssh admin@192.12.345.67 sudo nano /etc/ssh/sshd_config PermitRootLogin no PasswordAuthentication no sudo service ssh restart sudo ufw app list sudo ufw allow OpenSSH sudo ufw enable sudo ufw status sudo apt install nginx sudo systemctl start nginx sudo systemctl enable nginx sudo nano /etc/nginx/nginx.conf server_names_hash_bucket_size 128; client_max_body_size 100m; server_tokens off; sudo ufw app list sudo ufw allow 'Nginx Full' sudo ufw enable sudo ufw status sudo apt install mariadb-server sudo systemctl start mariadb sudo systemctl enable mariadb sudo mysql_secure_installation sudo apt install php-fpm php-mysql php-curl php-gd php-intl php-soap php-mbstring php-zip php-imagick php-xml php-xmlrpc sudo sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.4/fpm/php.ini sudo nano /etc/php/7.4/fpm/php.ini post_max_size = 100M upload_max_filesize = 100M sudo service php7.4-fpm restart sudo service nginx restart sudo mkdir -p /var/www sudo rm -rf /var/www/html sudo wget https://wordpress.org/latest.zip sudo apt install unzip sudo unzip latest.zip sudo cp -R wordpress/* /var/www/ sudo rm latest.zip sudo rm -rf wordpress sudo mysqldump -u root wbxpress > wbxpress.sql sudo scp -v -r admin@192.46.212.51:/home/admin/wbxpress.sql /home/admin/ sudo scp -v -r admin@192.46.212.51:/var/www/wp-config.php /var/www/ sudo scp -v -r admin@192.46.212.51:/var/www/ads.txt /var/www/ sudo scp -v -r admin@192.46.212.51:/var/www/wp-content/* /var/www/wp-content/ sudo chown -R www-data:www-data /var/www sudo find /var/www -type d -exec chmod 755 {} \; sudo find /var/www -type f -exec chmod 664 {} \; sudo chmod 444 /var/www/wp-config.php sudo chown admin:admin /var/www/wp-config.php sudo nano /etc/nginx/sites-available/default sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/wbxpress.net.conf sudo nano /etc/nginx/sites-available/wbxpress.net.conf location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; } sudo ln -s /etc/nginx/sites-available/wbxpress.net.conf /etc/nginx/sites-enabled/ sudo rm /etc/nginx/sites-enabled/default sudo service nginx restart sudo mysql -u root show databases; CREATE DATABASE wbxpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; GRANT ALL ON wbxpress.* TO 'wbUser1'@'localhost' IDENTIFIED BY 'wbPass2'; flush privileges; sudo mysql -u root wbxpress < wbxpress.sql sudo nano /var/www/wp-config.php sudo apt install certbot python3-certbot-nginx sudo certbot --nginx -d wbxpress.net -d www.wbxpress.net sudo crontab -e 15 3 * * * /usr/bin/certbot renew --quiet
SSL
-
-
Prerequisite
A VPS account which starts from $5 per month from any reputed company. (We prefer Linode)
You can host as many websites you like in this account.
We will show only the commands necessary for hosting website. We will also show how to use https i.e. SSL for the websites. Your website can be of any type. We are showing WordPress installation although the commands are almost same.
Technology Used
OS: Ubuntu 20.04
Web Server: NginX
Database: MariaDB
PHP: PHP FPM 7.4
Application: WordPress
SSL: Lets’ Encrypt1. Install Ubuntu 20.04 LTS
From the dash board of VPS the first thing is to install an operating system. We use Ubuntu 20.04 LTS. Set Root password.
2. Access Root
From the dashboard Copy the IP address of your VPS. From your own computer Run Putty to login as root user to the IP address.
3. Set Timezone
Execute:
dpkg-reconfigure tzdata
Check with:
date
It will show you exact current date and time.
4. Create a Non-Root User
Execute:
adduser admin usermod -aG sudo admin
Now logout from root account. Run putty again and login as admin.
5. System Update
sudo apt update sudo apt upgrade
6. Secure with SSH Key Pair
Open puTTYgen from your own computer. Generate a Public/ Private key pair. Save Private key in your PC.
Copy Public key. Login to the VPS using Putty as admin.
mkdir .ssh sudo nano .ssh/authorized_keys
Paste the copied public key into this file.
Save and Exit.sudo chown -R admin:admin .ssh sudo chmod 700 .ssh sudo chmod 600 .ssh/authorized_keys
7. Disable root login
sudo nano /etc/ssh/sshd_config
Set:PasswordAuthentication no
PermitRootLogin noRestart SSH
sudo service ssh restart
Now you can not login with root account or using password. You only need to the private key to login. This is a great way to secure the server.
8. Setup a Firewall
sudo ufw app list
Output:
Available applications:
OpenSSHsudo ufw allow OpenSSH sudo ufw enable sudo ufw status
Output:
Status: active9. Install Nginx
sudo apt install nginx sudo systemctl start nginx sudo systemctl enable nginx sudo nano /etc/nginx/nginx.conf
Set: server_names_hash_bucket_size 128;
Add: client_max_body_size 100m;
Set: server_tokens off;If you would like to also install SSL, then also add:
ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off;
Save and Exit.
sudo ufw app list sudo ufw allow 'Nginx Full' sudo ufw enable sudo ufw status
10. Install MariaDB
sudo apt install mariadb-server sudo systemctl start mariadb sudo systemctl enable mariadb sudo mysql_secure_installation
11. Install PHP-FPM
sudo apt install php-fpm php-mysql php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip php-bcmath php-imagick sudo systemctl restart php7.4-fpm sudo nano /etc/php/7.4/fpm/php.ini
Set: post_max_size = 100M
upload_max_filesize = 100Msudo service php7.4-fpm restart sudo service nginx restart
12. Create directory for Websites
sudo mkdir -p /var/www/website1 sudo mkdir -p /var/www/website2
etc.
If you are installing a fresh WordPress site then:-sudo wget https://wordpress.org/latest.zip sudo apt install unzip sudo unzip latest.zip sudo cp -R wordpress/* /var/www/website1/ sudo rm latest.zip sudo rm -rf wordpress
If you are transferring existing website from other host to the new host the:-
sudo scp -v -r admin@172.105.43.12:/var/www/oldhost/* /var/www/website1/
Replace the IP address of your old host. Take similar action for website2.
13. Set Proper File Permission
sudo chown -R www-data:www-data /var/www/website1 sudo find /var/www/website1 -type d -exec chmod 775 {} \; sudo find /var/www/website1 -type f -exec chmod 664 {} \;
Similar action for website2.
14. Create Virtual Hosts
sudo rm /etc/nginx/sites-enabled/default sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/website1.com sudo cp /etc/nginx/sites-available/default sudo nano /etc/nginx/sites-available/website1.com
Remove all except the following lines:-
server { root /var/www/website1; index index.php index.html index.htm; server_name website1.com www.website1.com; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; } location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { expires max; log_not_found off; } }
Similarly, for second website create another virtual host.
sudo cp /etc/nginx/sites-available/website1 /etc/nginx/sites-available/website2.com sudo nano /etc/nginx/sites-available/website2.com
Change to:
server { root /var/www/website2; index index.php index.html index.htm; server_name website2.com www.website2.com; location / { try_files $uri $uri/ /index.php?args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; } location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { expires max; log_not_found off; } }
15. Enable Virtual Hosts
sudo ln -s /etc/nginx/sites-available/website1.com /etc/nginx/sites-enabled sudo ln -s /etc/nginx/sites-available/website2.com /etc/nginx/sites-enabled sudo service nginx restart
16. Create Database
CREATE DATABASE website1 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; GRANT ALL ON website1.* TO 'wp1User'@'localhost' IDENTIFIED BY 'wp1Pass'; CREATE DATABASE website2 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; GRANT ALL ON website2.* TO 'wp2User'@'localhost' IDENTIFIED BY 'wp2Pass';
If you are transferring your site from old host create a database backup from old host:
sudo mysqldump -u root olddbsite1 > olddbsite1.sql
Then copy the back up file to new host.
sudo scp -v -r admin@172.105.43.12:/home/admin/olddbsite1.sql /home/admin/
17. Update DNS Settings
Set DNS of all the domains point to the correct IP address. You need to add A/AAAA records pointing to the IP address of the VPS.
18. Test Run Websites
Now that your site has both filesystem and database it should be viewable at this point. So try hitting the browser:-
http://website1.com/
Congrats, your website1 is live now. Now, we shall install SSL so that the site can be accessed securely as follows:-
http://website1.com/
19. Create SSL Certificates
sudo apt update sudo apt upgrade sudo apt install certbot python3-certbot-nginx sudo certbot --nginx -d website1.com -d www.website1.com sudo certbot --nginx -d website2.com -d www.website2.com
You can check all existing SSL certificates.
sudo ls /etc/letsencrypt/live
To delete any Execute:
sudo certbot delete
20. Automatic Renewal of SSL Certificates
Execute:
sudo crontab -e
Add At the end:
15 3 * * * /usr/bin/certbot renew --quiet
That’s it. Hope you have successfully host websites in your own VPS. If you still have any query, you are free to ask. We surely get back to reply.
-
Let’s Encrypt is a free SSL provider. Porkbun is very good domain registrar. We can download free SSL from porkbun dashboard. All we need is to upload it into our VPS server and need to add the path of the certificates into virtual host file.
Download SSL from porkbun.
You shall get a ZIP file containing the following 4 files:-
- domain.cert.pem
- intermediate.cert.pem
- private.key.pem
- public.key.pem
Now Upload file no. 1 and 3 only (i.e. domain.cert.pem and private.key.pem) into your VPS home folder (i.e. /home/admin/).
Create a Virtual Host for your domain (for example: wbxpress.net) as shown below:
sudo nano /etc/nginx/sites-available/wbxpress.net.conf
server { server_name wbxpress.com www.wbxpress.net; root /var/www/wbxpress; index index.html index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~* \.php$ { fastcgi_pass unix:/run/php/php7.2-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /home/admin/domain.cert.pem; ssl_certificate_key /home/admin/private.key.pem; } server { if ($host = www.wbxpress.net) { return 301 https://wbxpress.net$request_uri; } if ($host = wbxpress.net) { return 301 https://wbxpress.net$request_uri; } listen 80; listen [::]:80; server_name wbxpress.net www.wbxpress.net; return 404; }
Also, we need to replace SSL settings as found from SSL Config File Generator at nginx.conf file.
sudo nano /etc/nginx/nginx.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_prefer_server_ciphers on;
The above configuration works perfectly well in our case.
-
In this tutorial we shall share all the commands necessary to host multiple websites in a VPS server. We used VPS servers from Linode and Digital Ocean. Both are excellent and best value for money.
This is a comprehensive guideline to host following domains:
- http://domain1.com
- http://www.domain2.com
- https://www.domain3.com
- https://domain4.com
- https://subdomain1.domain4.com
- https://www.subdomain2.domain4.com
In the above examples 3, 4, 5 and 6 will use SSL provided by Let’s Encrypt for free.
Proper redirection rules will also be applied. E.g.:
- http://www.domain1.com will be redirected to http://domain1.com
- http://domain2.com will be redirected to http://www.domain2.com
- https://domain3.com will be redirected to https://www.domain3.com
- https://www.domain4.com will be redirected to https://domain4.com
- https://www.subdomain1.domain4.com will be redirected to https://subdomain1.domain4.com
- https://subdomain2.domain4.com will be redirected to https://www.subdomain2.domain4.com
All the above sites will be hosted in high performance secured web server named Nginx.
We will also share WordPress specific configuration and optimization of the performance to achieve a very good score in GTMetrix. In addition to the fresh installation guide, we will also discuss how to transfer your websites from existing host to the newly created host of high performance.
1. Initial Server Setup
From the dash board of VPS the first thing is to install an operating system. We prefer Ubuntu 18.04LTS because it’s simple and easy to use. Copy the IP address of your VPS. Run Putty to login as root user to the IP address.
1.1 Set Hostname
Set a hostname for your VPS e.g. “supercomputer”. Execute the following commands:
echo "supercomputer" > /etc/hostname hostname -F /etc/hostname nano /etc/hosts
Add: IP address <space> supercomputer
hostname
will give output “supercomputer”.
1.2 Set Timezone
Execute:
dpkg-reconfigure tzdata
Check with:
date
It will show you current date and time.
1.3 Create a Non-Root User
Execute:
adduser admin usermod -aG sudo admin
1.4 Logout from Root
Now logout from root account. Run putty again and login as admin.
1.5 System Update
Execute:
sudo apt update sudo apt upgrade
2. Secure Server
2.1 Secure with SSH Key Pair
Open puTTYgen from your own Windows PC.
Generate a Public/Private key pair.
Save Private key in your PC.
Copy Public key.
Login to the VPS using Putty as admin.
Execute:
mkdir .ssh sudo nano .ssh/authorized_keys
Paste the copied public key into this file.
Save and Exit.sudo chown -R admin:admin .ssh sudo chmod 700 .ssh sudo chmod 600 .ssh/authorized_keys sudo nano /etc/ssh/sshd_config
Now disable root login by changing the following value:
PasswordAuthentication no PermitRootLogin no
Restart SSH
sudo service ssh restart
Now you can not login with root account or using password. You only need to the private key to login.
2.2 Firewall Setup
sudo ufw app list
Output:
Available applications:
OpenSSHsudo ufw allow OpenSSH sudo ufw enable sudo ufw status
Output:
Status: active3. Install LEMP Stack
3.1 Install Nginx
sudo apt install nginx sudo nano /etc/nginx/nginx.conf
Add: server_names_hash_bucket_size 128;
3.2 Add Exception to Firewall
sudo ufw app list sudo ufw allow 'Nginx Full' sudo ufw enable sudo ufw status
3.3 Install MySQL
Execute:
sudo apt install mariadb-server php-mysql sudo mysql_secure_installation sudo mysql -u root -p CREATE DATABASE testdb; CREATE USER 'testuser' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON testdb.* TO 'testuser'; quit;
3.4 Install PHP
sudo apt install php-fpm php-mysql php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip sudo systemctl restart php7.2-fpm
3.5 Increase File Upload Limit
sudo nano /etc/php/7.2/fpm/php.ini
Change: post_max_size = 200M
upload_max_filesize = 200Msudo nano /etc/nginx/nginx.conf
Add: client_max_body_size 200m;
sudo service php7.2-fpm restart sudo service nginx restart
4. Host Multiple Websites
4.1 Create directory and sub-directory for all the Domains and Sub-Domains
Execute:
sudo mkdir -p /var/www/html/domain1 sudo mkdir -p /var/www/html/domain2 sudo mkdir -p /var/www/html/domain3 sudo mkdir -p /var/www/html/domain4 sudo mkdir -p /var/www/html/domain4/subdomain1 sudo mkdir -p /var/www/html/domain4/subdomain2
4.2 Create Virtual Hosts
Execute:
sudo nano /etc/nginx/sites-available/domain1.com.conf
Add:
server { server_name domain1.com www.domain1.com; root /var/www/html/domain1; index index.html index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~* \.php$ { fastcgi_pass unix:/run/php/php7.2-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } }
Execute:
sudo nano /etc/nginx/sites-available/domain2.com.conf
Add:
server { server_name www.domain2.com domain2.com; root /var/www/html/domain2; index index.html index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~* \.php$ { fastcgi_pass unix:/run/php/php7.2-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } }
Execute:
sudo nano /etc/nginx/sites-available/domain3.com.conf
Add:
server { server_name www.domain3.com domain3.com; root /var/www/html/domain3; index index.html index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~* \.php$ { fastcgi_pass unix:/run/php/php7.2-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } }
Execute:
sudo nano /etc/nginx/sites-available/domain4.com.conf
Add:
server { server_name domain4.com www.domain4.com; root /var/www/html/domain4; index index.html index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~* \.php$ { fastcgi_pass unix:/run/php/php7.2-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } }
Execute:
sudo nano /etc/nginx/sites-available/subdomain1.domain4.com.conf
Add:
server { server_name subdomain1.domain4.com www.subdomain1.domain4.com; root /var/www/html/domain4/subdomain1; index index.html index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~* \.php$ { fastcgi_pass unix:/run/php/php7.2-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } if ($host ~* ^www\.(.*)) { set $host_without_www $1; rewrite ^(.*) http://$host_without_www$1 permanent; } }
Execute:
sudo nano /etc/nginx/sites-available/subdomain2.domain4.com.conf
Add:
server { server_name www.subdomain2.domain4.com subdomain2.domain4.com; root /var/www/html/domain4/subdomain2; index index.html index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~* \.php$ { fastcgi_pass unix:/run/php/php7.2-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } }
4.3 Enable Virtual Hosts
Execute:
sudo ln -s /etc/nginx/sites-available/domain1.com.conf /etc/nginx/sites-enabled sudo ln -s /etc/nginx/sites-available/domain2.com.conf /etc/nginx/sites-enabled sudo ln -s /etc/nginx/sites-available/domain3.com.conf /etc/nginx/sites-enabled sudo ln -s /etc/nginx/sites-available/domain4.com.conf /etc/nginx/sites-enabled sudo ln -s /etc/nginx/sites-available/subdomain1.domain4.com.conf /etc/nginx/sites-enabled sudo ln -s /etc/nginx/sites-available/subdomain2.domain4.com.conf /etc/nginx/sites-enabled
sudo service nginx restart
4.4 Check LEMP Working Status
Our LEMP system (Linux, Nginx, MySQL, PHP) is now ready to rock. However, we should to cross check whether everything so far is good.
Execute:sudo nano /var/www/html/domain1/test.php
Add:
You should get, “You have connected successfully.”Execute:
sudo rm /var/www/html/domain1/test.php sudo mysql -u root -p show databases; use mysql; select user, host from mysql.user; delete from mysql.user where user='testuser'; drop database testdb; exit;
4.5 Delete Virtual Hosts
Execute:
sudo ls /etc/nginx/sites-enabled
Check which vhost to delete and execute:
sudo rm -f /etc/nginx/sites-enabled/default sudo rm -f /etc/nginx/sites-available/default sudo service nginx restart
5. Install Let’s Encrypt SSL
5.1 Create SSL Certificates
sudo apt update && sudo apt upgrade sudo add-apt-repository ppa:certbot/certbot sudo apt update sudo apt install certbot python-certbot-nginx sudo ufw allow 80 sudo certbot --nginx -d www.domain3.com -d domain3.com sudo certbot --nginx -d domain4.com -d www.domain4.com sudo certbot --nginx -d subdomain1.domain4.com -d www.subdomain1.domain4.com sudo certbot --nginx -d www.subdomain2.domain4.com -d subdomain2.domain4.com
Check all existing SSL certificates.
sudo ls /etc/letsencrypt/live
To delete any of the above, Execute:
sudo certbot delete
5.2 Automatic Renewal of SSL Certificates
Execute:
sudo crontab -e
Add At the end:
15 3 * * * /usr/bin/certbot renew --quiet
6. Few Additional Steps
6.1 Leverage Browser Caching
Execute:
sudo nano /etc/nginx/sites-available/domain1.com.conf
Inside the Server block, Add:
location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ { expires 7d; }
6.2 Set Proper file and folder Permission
Execute:
sudo chown -R www-data:www-data /var/www/html sudo find /var/www/html -type d -exec chmod 775 {} \; sudo find /var/www/html -type f -exec chmod 664 {} \;
6.3 Create Database for the Websites
Execute:
sudo mysql -u root -p show databases; CREATE DATABASE domain1 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; GRANT ALL ON domain1.* TO 'd1username'@'localhost' IDENTIFIED BY 'd1password'; CREATE DATABASE domain2 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; GRANT ALL ON domain2.* TO 'd2username'@'localhost' IDENTIFIED BY 'd2password'; CREATE DATABASE domain3 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; GRANT ALL ON domain3.* TO 'd3username'@'localhost' IDENTIFIED BY 'd3password'; FLUSH PRIVILEGES; EXIT;
6.4 Transfer Existing Sites from Old Host
To Export database from Old host, Execute:
mysqldump -u root -p databasename > dbname.sql
To Export selected tables, Execute:
mysqldump -u root -p databasename tablename1 tablename2 tablename3 > dbname.sql
Copy files from Old host to New host:
sudo scp -v -r admin@123.456.78.90:/home/admin/dbname.sql /home/admin/
To Import database in New host, Execute:
sudo mysql -u root -p newdbname < dbname.sql
You may also need to copy old files from old host to new host. Execute:
sudo scp -v -r admin@123.456.78.90:/var/www/domain1/* /var/www/html/domain1/
If old host is secured with SSH key pair, then Execute:
sudo nano /etc/ssh/sshd_config
Change:
PasswordAuthentication yes
Execute:
sudo service ssh restart
6.5 WordPress Installation
Execute:
sudo wget https://wordpress.org/latest.zip sudo apt install unzip sudo unzip latest.zip sudo cp -R wordpress/* /var/www/html/domain1/ sudo rm latest.zip sudo rm -rf wordpress cd /var/www/html chown -R www-data:www-data domain1
6.6 MyBB Installation
Execute:
sudo wget https://resources.mybb.com/downloads/mybb_1817.zip sudo apt install unzip sudo unzip mybb_1817.zip sudo cp -R Upload/* /var/www/html/domain2/ sudo rm mybb_1817.zip sudo rm -rf Upload sudo rm -rf Documentation
6.7 Update DNS Settings
Set DNS of all the domains point to the correct IP address. You need to add A/AAAA records pointing to the IP address of the VPS.
That’s it. Hope you have successfully host websites in your own VPS. If you still have any query, you are free to ask. We surely get back to reply.
-
Install Ubuntu 16.04 LTS
From the dashboard of your VPS hosting provider, you will find how to install/ deploy operating system. Create Password for root user.
Login to your VPS
Run Putty to login with the host IP address as shown below:
A security alert will pop up. Click Yes. Login as: root.
Set Hostname
Set a hostname for your VPS. hostname is anything you like to name your VPS server. e.g. “hydrogen”.
Execute the following command:echo "hydrogen" > /etc/hostname hostname -F /etc/hostname nano /etc/hosts
Add: IP address <space> hydrogen
hostname
will give output “yourhostname”
Set Timezone
Run the following command to setup your local time.
dpkg-reconfigure tzdata
To check it shows proper date and time run:
date
It will show you current date and time.
System Update
Run the following to update your system softwares:
apt-get update apt-get upgrade
During upgrade you need to press y to continue.
Create User
adduser admin
usermod -aG sudo admin
Now logout of root account. Run putty again and login as admin.
Secure with SSH Key-Pair
Now login your VPS as admin
Open puTTYgen in your own Windows PC. Generate a Public/Private key pair.
Save Private key in your PC.
Copy Public key.Now run the following commands with admin user in your linode terminal.
mkdir .ssh sudo nano .ssh/authorized_keys
Paste the copied public key into this file.
Save and Exit.sudo chown -R admin:admin .ssh sudo chmod 700 .ssh sudo chmod 600 .ssh/authorized_keys sudo nano /etc/ssh/sshd_config
Now disable root login by changing the following value:
PasswordAuthentication no PermitRootLogin no
Restart SSH
sudo service ssh restart
Now you can not login with root account. Also you can not login with password. admin user can only login with the private key. Open the private key you saved and you can login with admin user.
Set up a Firwall
sudo ufw app list
Output:
Available applications:
OpenSSHsudo ufw allow OpenSSH sudo ufw enable sudo ufw status
Output:
Status: active
And few lines.Install Apache
sudo apt-get install apache2 sudo ufw allow "Apache Full" sudo nano /etc/apache2/apache2.conf
Optimize Apache
KeepAlive On MaxKeepAliveRequests 50 KeepAliveTimeout 5
sudo nano /etc/apache2/mods-available/mpm_prefork.conf
Adjust inside mpm_prefork_module for 2 GB VPS
StartServers 4 MinSpareServers 3 MaxSpareServers 40 MaxRequestWorkers 200 MaxConnectionsPerChild 10000
Disable event module and enable prefork
sudo a2dismod mpm_event sudo a2enmod mpm_prefork
Restart Apache
sudo service apache2 restart
Create directory for your first website
sudo mkdir -p /var/www/example1.com/html sudo mkdir /var/www/example1.com/logs
Create directory for your second website
mkdir -p /var/www/example2.com/html mkdir /var/www/example2.com/logs
You may host as many websites as you wish in a single VPS. So, carry on.
Create Virtual Host for your first domain
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/example1.com.conf sudo nano /etc/apache2/sites-available/example1.com.conf
Set the following:
ServerAdmin admin@example1.com ServerName example1.com ServerAlias www.example1.com DocumentRoot /var/www/example1.com/html/ ErrorLog /var/www/example1.com/logs/error.log CustomLog /var/www/example1.com/logs/access.log combined
Create Virtual Host for your second domain
sudo nano /etc/apache2/sites-available/example2.com.conf
Set the following:
ServerAdmin admin@example2.com ServerName example2.com ServerAlias www.example2.com DocumentRoot /var/www/example2.com/html/ ErrorLog /var/www/example2.com/logs/error.log CustomLog /var/www/example2.com/logs/access.log combined
Enable Virtual Hosts
sudo a2ensite example1.com.conf sudo a2ensite example2.com.conf
Disable default Virtual Host
sudo a2dissite 000-default.conf sudo service apache2 restart
Install MySQL
Run the following commands one by one.
sudo apt-get install mysql-server sudo mysql_install_db sudo mysql_secure_installation
You will be prompted a series of questions after you enter root password. Just type y or n as required.
Change the root password? [y/n]: n
Remove anonymous users? [y/n]: y
Disallow root login remotely? [y/n]: y
Remove test database and access to it? [y/n]: y
Reload privilege tables now? [y/n]: yRefer: MySQL Commands for Hosting Websites in Linux VPS
Install PHP
sudo apt-get install php7.0 libapache2-mod-php7.0 php7.0-mysql sudo apt-get install php7.0-curl php7.0-json php7.0-cgi sudo nano /etc/apache2/mods-enabled/dir.conf
Add the following:
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
SSL Certificates for all Domains
sudo apt-get install software-properties-common python-software-properties sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-apache
Install certificate for first domain.
sudo certbot --apache -d example1.com
Install certificate for second domain.
sudo certbot --apache -d example2.com
SSL Auto Renewal
sudo crontab -e
At the end of line add:
15 3 * * * /usr/bin/certbot renew --quiet
Copy Files from Old Host to New Host
Check this: Copy Files from Old Host to New Host
-
Complete guide to host multiple WordPress sites in a LEMP stack in a Ubuntu 16.04 LTS. Installation of SSL by Let’s Encrypt has been illustrated also.
Buy a VPS
This is the right time to move your sites from shared hosting to a VPS if you are getting moderate traffic for your sites. You can purchase a VPS with a minimum price of $5 per month from DigitalOcean.
You should select nearest data center region. Note down the ip address of the newly created droplet.
Login to your droplet
In Windows install Putty. Open it with ip address.
A security alert will pop up. Click Yes. Login as root.
Set a Hostname
Execute:
hostnamectl set-hostname wordpress nano /etc/hosts
Change the line of text where the cursor is, to
127.0.1.1 wordpress
Verify:
hostname
You will get wordpress as output.
Set Timezone
Execute:
dpkg-reconfigure tzdata
Verify:
date
It will show your local date and time.
Create User
adduser admin
usermod -a -G sudo admin logout
Run Putty again and login as admin.
Lock with a Private Key
Open puTTYgen. Generate a Public/Private key pair.
Save Private key in your PC.
Copy Public key.
Execute:mkdir .ssh sudo nano .ssh/authorized_keys
Paste the copied public key into this file.
Save and Exit.
Execute:sudo chown -R admin:admin .ssh sudo chmod 700 .ssh sudo chmod 600 .ssh/authorized_keys sudo nano /etc/ssh/sshd_config
Now disable root login and password authentication:
PasswordAuthentication no PermitRootLogin no
Execute:
sudo service ssh restart
Open the private key and login with admin user. No password is necessary.
Firewall Setup
Execute:
sudo ufw app list sudo ufw allow OpenSSH sudo ufw enable sudo ufw status
Install Nginx
Execute:
sudo apt-get update sudo apt-get install nginx sudo ufw allow 'Nginx HTTP' sudo ufw status
Open your browser and type IP address. You will see the following:
Configure Default Virtual Host
Execute:
sudo nano /etc/nginx/sites-available/default
Edit:
server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; index index.php index.html; server_name _; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; } location ~ /\.ht { deny all; } }
Create Virtual Host for example.com
Create root directory for example.com
Execute:sudo mkdir /var/www/html/example
Execute:
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example.com sudo nano /etc/nginx/sites-available/example.com
Edit:
server { listen 80; listen [::]:80; root /var/www/html/example; index index.php index.html; server_name example.com; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; } location ~ /\.ht { deny all; } }
Execute:
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled sudo service nginx restart
Multiple Virtual Host
Repeat the above process for example2.com and so on.
Now you can see example.com, example2.com etc in your browser if you have already changed DNS records of the domains pointing to new host.Install MySQL Server
Execute:
sudo apt-get install mysql-server sudo mysql_secure_installation
Since you have already set up a password for your root user, you can answer “no” to the question for changing root password. Answer “yes” to rest of other questions.
Create MySQL Databases
Execute:
mysql -u root -p show databases; CREATE DATABASE wpdb1 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; GRANT ALL ON wppdb1.* TO 'wp_user'@'localhost' IDENTIFIED BY 'wp_password'; FLUSH PRIVILEGES; EXIT;
Similarly, you can create as many database as you need.
PHP-FPM Install
Execute:
sudo apt-get install php-fpm php-mysql php-xml php-gd sudo nano /etc/php/7.0/fpm/php.ini
Set:
cgi.fix_pathinfo=0; post_max_size = 20M upload_max_filesize = 20M
Restart:
sudo service php7.0-fpm restart sudo service nginx restart
Execute:
sudo nano /var/www/html/test.php
Browse:http://ipaddress/test.php
if it results the following then all is okay. Now you can remove the test file.
sudo rm /var/www/html/test.php
Install WordPress
Execute:
sudo wget https://wordpress.org/latest.zip sudo apt-get install unzip sudo unzip latest.zip sudo cp -R wordpress/* /var/www/html/example/ cd /var/www/html/ chown -R www-data example
Hit the browser:
http://example.com
You should see:
Continue the installation:
Transfer files from Old Host to New Host
If you are migrating from any other host you should transfer your files as well as database.
Follow this guide: How to Copy Files from Old Host to New HostSecure example.com with SSL
Now that you have successfully hosted many wordpress sites. You may secure example.com with a FREE SSL provided by Let’s Encrypt.
Execute:sudo ufw disable sudo service nginx stop sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 sudo nano /etc/nginx/snippets/ssl-params.conf
Add:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; ssl_dhparam /etc/ssl/certs/dhparam.pem;
Execute:
sudo nano /etc/nginx/sites-available/example.com
Change to:
server { listen 80; listen [::]:80; server_name example.com; return 301 https://$server_name$request_uri; } server { server_name www.example.com; return 301 $scheme://example.com$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; include snippets/ssl-params.conf; root /var/www/html/example; index index.php index.html; server_name example.com; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; } location ~ /\.ht { deny all; } location ~ /.well-known { allow all; } }
Execute:
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto --server https://acme-v01.api.letsencrypt.org/directory --help ./letsencrypt-auto certonly -a webroot --webroot-path /var/www/html/example -d example.com -d www.example.com --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview sudo service nginx restart
As the SSL certificate should be renewed every three months, you should add the following to automate the renewal process.
Execute:sudo crontab -e 30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log 35 2 * * 1 /bin/systemctl reload nginx
Now hit the browser, you will be redirected to https://example.com with a green padlock. Happy Browsing.