Host Multiple Sites with SSL in Ubuntu 20.04


Prerequisite

A VPS account which starts from $5 per month from any reputed company. (We prefer Linode)

You can host as many websites you like in this account.

We will show only the commands necessary for hosting website. We will also show how to use https i.e. SSL for the websites. Your website can be of any type. We are showing WordPress installation although the commands are almost same.

Technology Used

OS: Ubuntu 20.04
Web Server: NginX
Database: MariaDB
PHP: PHP FPM 7.4
Application: WordPress
SSL: Lets’ Encrypt

1. Install Ubuntu 20.04 LTS

From the dash board of VPS the first thing is to install an operating system. We use Ubuntu 20.04 LTS. Set Root password.

2. Access Root

From the dashboard Copy the IP address of your VPS. From your own computer Run Putty to login as root user to the IP address.

3. Set Timezone

Execute:

dpkg-reconfigure tzdata

Check with:

date

It will show you exact current date and time.

4. Create a Non-Root User

Execute:

adduser admin
usermod -aG sudo admin

Now logout from root account. Run putty again and login as admin.

5. System Update

sudo apt update
sudo apt upgrade

6. Secure with SSH Key Pair

Open puTTYgen from your own computer. Generate a Public/ Private key pair. Save Private key in your PC.

Copy Public key. Login to the VPS using Putty as admin.

mkdir .ssh
sudo nano .ssh/authorized_keys

Paste the copied public key into this file.
Save and Exit.

sudo chown -R admin:admin .ssh
sudo chmod 700 .ssh
sudo chmod 600 .ssh/authorized_keys

7. Disable root login

sudo nano /etc/ssh/sshd_config

Set:PasswordAuthentication no
PermitRootLogin no

Restart SSH

sudo service ssh restart

Now you can not login with root account or using password. You only need to the private key to login. This is a great way to secure the server.

8. Setup a Firewall

sudo ufw app list

Output:
Available applications:
OpenSSH

sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status

Output:
Status: active

9. Install Nginx

sudo apt install nginx
sudo systemctl start nginx
sudo systemctl enable nginx
sudo nano /etc/nginx/nginx.conf

Set: server_names_hash_bucket_size 128;
Add: client_max_body_size 100m;
Set: server_tokens off;

If you would like to also install SSL, then also add:

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

Save and Exit.

sudo ufw app list
sudo ufw allow 'Nginx Full'
sudo ufw enable
sudo ufw status

10. Install MariaDB

sudo apt install mariadb-server
sudo systemctl start mariadb
sudo systemctl enable mariadb
sudo mysql_secure_installation

11. Install PHP-FPM

sudo apt install php-fpm php-mysql php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip php-bcmath php-imagick
sudo systemctl restart php7.4-fpm
sudo nano /etc/php/7.4/fpm/php.ini

Set: post_max_size = 100M
upload_max_filesize = 100M

sudo service php7.4-fpm restart
sudo service nginx restart

12. Create directory for Websites

sudo mkdir -p /var/www/website1
sudo mkdir -p /var/www/website2

etc.
If you are installing a fresh WordPress site then:-

sudo wget https://wordpress.org/latest.zip
sudo apt install unzip
sudo unzip latest.zip
sudo cp -R wordpress/* /var/www/website1/
sudo rm latest.zip
sudo rm -rf wordpress

If you are transferring existing website from other host to the new host the:-

sudo scp -v -r admin@172.105.43.12:/var/www/oldhost/* /var/www/website1/

Replace the IP address of your old host. Take similar action for website2.

13. Set Proper File Permission

sudo chown -R www-data:www-data /var/www/website1
sudo find /var/www/website1 -type d -exec chmod 775 {} \;
sudo find /var/www/website1 -type f -exec chmod 664 {} \;

Similar action for website2.

14. Create Virtual Hosts

sudo rm /etc/nginx/sites-enabled/default
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/website1.com
sudo cp /etc/nginx/sites-available/default
sudo nano /etc/nginx/sites-available/website1.com

Remove all except the following lines:-

server {
	root /var/www/website1;
	index index.php index.html index.htm;
	server_name website1.com www.website1.com;

	location / {
		try_files $uri $uri/ /index.php$is_args$args;
	}

	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	}

location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
	expires max;
	log_not_found off;
}
}

Similarly, for second website create another virtual host.

sudo cp /etc/nginx/sites-available/website1 /etc/nginx/sites-available/website2.com
sudo nano /etc/nginx/sites-available/website2.com

Change to:

server {
	root /var/www/website2;
	index index.php index.html index.htm;
	server_name website2.com www.website2.com;

	location / {
		try_files $uri $uri/ /index.php?args;
	}

	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	}

location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
	expires max;
	log_not_found off;
}
}

15. Enable Virtual Hosts

sudo ln -s /etc/nginx/sites-available/website1.com /etc/nginx/sites-enabled
sudo ln -s /etc/nginx/sites-available/website2.com /etc/nginx/sites-enabled
sudo service nginx restart

16. Create Database

CREATE DATABASE website1 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
GRANT ALL ON website1.* TO 'wp1User'@'localhost' IDENTIFIED BY 'wp1Pass';

CREATE DATABASE website2 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
GRANT ALL ON website2.* TO 'wp2User'@'localhost' IDENTIFIED BY 'wp2Pass';

If you are transferring your site from old host create a database backup from old host:

sudo mysqldump -u root olddbsite1 > olddbsite1.sql

Then copy the back up file to new host.

sudo scp -v -r admin@172.105.43.12:/home/admin/olddbsite1.sql /home/admin/

17. Update DNS Settings

Set DNS of all the domains point to the correct IP address. You need to add A/AAAA records pointing to the IP address of the VPS.

18. Test Run Websites

Now that your site has both filesystem and database it should be viewable at this point. So try hitting the browser:-

http://website1.com/

Congrats, your website1 is live now. Now, we shall install SSL so that the site can be accessed securely as follows:-

http://website1.com/

19. Create SSL Certificates

sudo apt update
sudo apt upgrade
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d website1.com -d www.website1.com
sudo certbot --nginx -d website2.com -d www.website2.com

You can check all existing SSL certificates.

sudo ls /etc/letsencrypt/live

To delete any Execute:

sudo certbot delete

20. Automatic Renewal of SSL Certificates

Execute:

sudo crontab -e

Add At the end:

15 3 * * * /usr/bin/certbot renew --quiet

That’s it. Hope you have successfully host websites in your own VPS. If you still have any query, you are free to ask. We surely get back to reply.

, , , ,

Leave a Reply

Your email address will not be published.