Host Websites in Linode (LAMP stack)

We assume that you have already bought a domain name for your website. Hope you know why should one buy a domain name. You need to change DNS server of your domain to host it. For example the DNS records for Linode hosting will be:

ns1.linode.com
ns2.linode.com
ns3.linode.com
ns4.linode.com
ns5.linode.com

Buy a Linode 1GB @ 10 USD per month.

Linode 1 GB is a good start to host single or multiple websites. It costs 10 USD per month. We recommend you buy VPS hosting from Linode only because it is awesome. Take our word for it.

Update: Linode is now offering 2 GB RAM @ 10 USD per month.

Linode Data Center Location:

Choosing data center should be proper. It should be nearest to the location from which major traffic comes from. This is always not the truth, however. If major traffic of your website is from India, you should choose London as your data center. Check out this post for an in-depth analysis: Data Center for Indian Websites

Buy a Linode

Install Linux, Apache, MySQL, PHP.

This tutorial is for a LAMP stack i.e. Linux, Apache, MySQL and PHP. If you want to create a LEMP stack i.e. Linux, NGINX, MySQL, PHP stack then follow this tutorial: Host Multiple Sites on LEMP Server in a 1GB Linode.

From Linode Manager, install debian / ubuntu 64 bit into the linode. This installation will take some time. Then Boot it. Your linode is now loaded with a linux operating system.

You can not install other softwares direct from linode manager. You have to connect through ssh client e.g. PuTTY in windows. Open up PuTTY. Use linux root user/password and IP address to connect with your linode.

After successful connect execute following commands each one by one:-

Set Hostname

echo "yourhostname" > /etc/hostname
hostname -F /etc/hostname
nano /etc/hosts

Edit: Change debian/ubuntu to yourhostname.

hostname

will give output “yourhostname”

Troubleshooting: Unable to resolve hostname.

Set Timezone

dpkg-reconfigure tzdata

System Update

apt-get update
apt-get upgrade

Create User

adduser admin
usermod -a -G sudo admin

Securing Linode

To secure your linode you need to restrict root user access. Admin user will do the job of root instead. You also need to create ssh key pair authentication method.

Open puTTYgen in your own PC; (Download puTTy from here).
Generate a Public/Private key pair.
Copy Public key into a Text file (Use Notepad++)
Save Private key in your PC.

Now go to terminal window of linode again. But this time login as admin

mkdir .ssh
sudo nano .ssh/authorized_keys

Paste the copied text i.e. public key into this file.

sudo chown -R admin:admin .ssh
sudo chmod 700 .ssh
sudo chmod 600 .ssh/authorized_keys
sudo nano /etc/ssh/sshd_config

Disable Root Login

PasswordAuthentication no
PermitRootLogin no

Restart SSH

sudo service ssh restart

Set Firewall Rules

sudo nano /etc/iptables.firewall.rules

Paste the following code into this:

*filter

#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

#  Allow SSH connections
#
#  The -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

#  Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

#  Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

Activate Firewall

sudo iptables-restore < /etc/iptables.firewall.rules

sudo nano /etc/network/if-pre-up.d/firewall

Add the following code:-

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.firewall.rules

sudo chmod +x /etc/network/if-pre-up.d/firewall

Secure Fail2ban

sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

Set “enabled” to “true” in the [ssh-ddos] section.

Restart Fail2ban

sudo service fail2ban restart

Adding DNS Records

Install Apache

sudo apt-get install apache2
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.backup.conf
sudo nano /etc/apache2/apache2.conf

Optimize Apache

KeepAlive Off
...

StartServers 2
MinSpareServers 6
MaxSpareServers 12
MaxClients 30
MaxRequestsPerChild 3000

Further Tuning Apache

sudo echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn
sudo service apache2 restart
sudo a2enmod rewrite
sudo a2dissite *default

Create directory for your first website

mkdir -p /var/www/example.com/html
mkdir /var/www/example.com/logs

Create directory for your second website

mkdir -p /var/www/example.org/html
mkdir /var/www/example.org/logs

You may host as many websites as you wish in a single Linode. So, carry on.

Create Name-based Virtual Host for your first domain

sudo nano /etc/apache2/sites-available/example.com.conf

Add the follwing code:

ServerAdmin webmaster@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/html/
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined

Create Name-based Virtual Host for your first domain

sudo nano /etc/apache2/sites-available/example.org.conf

Add the following:

ServerAdmin webmaster@example.org
ServerName example.org
ServerAlias www.example.org
DocumentRoot /var/www/example.org/html/
ErrorLog /var/www/example.org/logs/error.log
CustomLog /var/www/example.org/logs/access.log combined

Enable Hosting

sudo a2ensite example.com.conf
sudo a2ensite example.org.conf
sudo service apache2 restart

Install MySQL

sudo apt-get install mysql-server
sudo mysql_install_db
sudo mysql_secure_installation

Optimize MySQL

cp /etc/mysql/my.cnf /etc/mysql/my.backup.cnf
sudo nano /etc/mysql/my.cnf

Set the following:

max_connections = 75
key_buffer = 32M
max_allowed_packet = 1M
thread_stack = 128K
table_cache = 32

Restart MySQL

sudo service mysql restart

Create Database/User

mysql -u root -p
show databases;
create database example;
use mysql;
show tables;
select user,host from mysql.user;
create user 'exuser'@'localhost' identified by 'expwd';
grant all privileges on example.* to 'exuser'@'localhost';
flush privileges;

Install PHP

sudo apt-get install php5 php-pear php5-mysql
sudo nano /etc/apache2/mods-enabled/dir.conf

Add the following:

DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm

Optimize PHP

sudo cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.backup.ini
sudo nano /etc/php5/apache2/php.ini

Set the following:

max_execution_time = 30
memory_limit = 128M
error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR
display_errors = Off
log_errors = On
error_log = /var/log/php/error.log
register_globals = Off

Restart PHP

sudo service apache2 restart

Adding into DNS Manager

In Linode Manager, go to DNS Manager and add your domain zone like this picture:

Browse your Website

Write http://example.com/ in your browser and hit enter. you should see its working.

For WordPress Installation

sudo wget https://wordpress.org/latest.zip
sudo apt-get install unzip
sudo unzip latest.zip
sudo cp -R wordpress/* /var/www/example.com/html/
cd /var/www/example.com/html/
chown -R www-data html
sudo cp -R wordpress/* /var/www/example.com/html/

You may install other Web-Software at your convenience.

If you have any query, let us know, we’ll get back to you.

References:-

Getting Started – Linode Guides & Tutorials
Securing Your Server – Linode Guides & Tutorials
Hosting a Website – Linode Guides & Tutorials
How To Set Up Your Linode For Maximum Awesomeness