Wanted to try out a different WebServer.
Setup a basic VPS Server on Vultr.com, Reliability and Performance is very good. Good prices also. If you are interested in Vultr.com here is my referral link http://www.vultr.com/?ref=6818914
I deployed Debian 8 and see below for basic configuration.
Hostname
Setting the hostname.
# hostname vps.yourdomain.com
Edit hostname so it will set after a reboot.
# nano /etc/hostname
vps.yourdomain.com
Systemd
The most notable distribution using systemd is Fedora. Though it is used by many others. Additionally, with Debian having chosen to go with systemd over upstart, it will become the defacto upstart system for most distributions (ubuntu has already announced they will be dropping upstart for systemd).
List services:
# systemctl list-unit-files
Start service:
# systemctl start {SERVICENAME}
Stop service:
# systemctl stop {SERVICENAME}
Enable service:
# systemctl enable {SERVICENAME}
Disable service:
# systemctl disable {SERVICENAME}
Iptables Firewall
Setup a basic firewall. We will start the firewall from rc.local.
# nano /etc/rc.local
# Launch my netfilter rules
if
[ -e '/etc/firewall.rules.v4' ]
then
/bin/sh '/etc/firewall.rules.v4'
fi
Lets create a basic firewall file.
# nano /etc/firewall.rules.v4
# configure iptables
iptables -F iptables -X
iptables -Z
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
#
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -s 0/0 --icmp-type echo-request -j ACCEPT
#
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -j ACCEPT
Swap Space
Setup a swap space, so you won't have any out of memory errors.
Create a swap file.
# dd if=/dev/zero of=/swapfile bs=1024k count=1000
Make the operating system see the swap file.
# mkswap /swapfile
Setup permissions on swap file.
# chmod 600 /swapfile
Turns on swap.
# swapon /swapfile
Edit fstab so after reboot the swap is enabled.
# nano /etc/fstab
/swapfile none swap sw 0 0
WebServer
Install Lighttpd WebServer.
# apt-get install lighttpd
Install MySQL Server and MySQL Client.
# apt-get install mysql-server mysql-client
Install Php-fpm Server.
# apt-get install php5 php5-fpm php5-mysql php5-cgi php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-pspell php5-recode php5-tidy php5-xmlrpc php5-xsl
Edit the php.ini file.
# nano /etc/php5/fpm/php.ini
cgi.fix_pathinfo=1
The default username and groupname for Lighttpd is www-data.
Lets edit the lighttpd.conf file.
# nano /etc/lighttpd/lighttpd.conf
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
# "mod_rewrite",
)
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
>static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
compress.allowed-encodings = ("gzip", "deflate")
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
url.rewrite-final = (
# Exclude some directories from rewriting
#"^/(wp-admin|wp-includes|wp-content|gallery2)/(.*)" => "$0",
"^/(wp-.+).*/?" => "$0",
# Exclude xmlrpc access
"^/(xmlrpc.php)" => "$0",
# Exclude .php files at root from rewriting
"^/(.*.php)" => "$0",
# Handle permalinks and feeds
"^/(.*)$" => "/index.php/$1"
)
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
Lets edit and add or changes some settings.
# nano /etc/lighttpd/conf-available/15-fastcgi-php.conf
# "socket" => "/var/run/php5-fpm.sock",
"host" => "127.0.0.1",
"port" => "9000",
Lets edit and add or changes some settings.
# nano /etc/php5/fpm/pool.d/www.conf
;listen = /var/run/php5-fpm.sock
listen = 127.0.0.1:9000
Run theses commands to start Lighttpd and Php-fpm.
Enable fastcgi.
# lighttpd-enable-mod fastcgi
Enable fastcgi-php.
# lighttpd-enable-mod fastcgi-php
Restart lighttpd webserver.
# service lighttpd restart
Restart php5-fpm.
# service php5-fpm restart
MySQL
Start the MySQL Server and initialize MySQL Data Directory
Stop MySQL service.
# systemctl stop mysql.service
Delete MySQL data.
# rm –rf /var/lib/mysql
Rebuild MySQL data.
# mysql_install_db
Start MySQL Server.
# systemctl start mysql.service
Secure your MySQL Server.
# mysql_secure_installation
There is a lot more you can play with but this is the basic setup.