-
Notifications
You must be signed in to change notification settings - Fork 3
Creating a Full LAMP Stack Server in Digital Ocean
Creating a droplet and making it your server in Digital Ocean requires time and most of the times it requires a lot of searching. In this article I will be showing how to create a LAMP Server, install iRedMail and setup Wordpress to use SSH as a FTP option.
I'm using Digital Ocean as my main server provider. It supports a full VPS (virtual private server) and it's price is as low as a shared server. The best of it is that you can set-it-up in the way that you need.
If you haven't signed up to Digital Ocean do it so and when there create a Small Ubuntu Server. The server name doesn't necessarily requires to be the same name as your domain. I'm actually using a structure that is domain-srv-number, but you can use anything you want. For instance, you can use book characters or names. Think about Harry Porter or Lord of The Rings. There is enough names there to create a full warehouse of servers.
There are a few more steps to create your droplet so use this article as reference: How to Create Your First Digital Ocean Droplet VPS
From now on most of your actions will be done on the droplet just created and for that you will need to SSH into your droplet.
If you are on a Windows machine I suggest that you install GIT Bash. It will give you a set of tools that will allow you to work as a Linux Environment and thus making easier to work with your droplet.
To SSH to your droplet do:
ssh -l root [YOUR_DROPLET_IP_ADDRESS]
It will log you in as a root and it will ask for your password.
Now let's start by installing the LAMP server (Apache, MySQL and PHP).
Enter the following commands in order:
root@domain-srvr-02:~# sudo apt-get update
root@domain-srvr-02:~# sudo apt-get install apache2
Apache will start to be installed and it is done we can check it by simply running the command:
root@domain-srvr-02:~# service apache2 status
It should return: ``` * apache2 is running ````
root@domain-srvr-02:~# sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql
Even knowing that is very easy to reset the root password if you miss it during the setup, set-it-up at this moment. It will help you to avoid some steps afterwards.
Now let's activate MySQL
root@domain-srvr-02:~# sudo mysql_install_db
And once that step is done, run the secure installation from MySQL
root@domain-srvr-02:~# sudo /usr/bin/mysql_secure_installation
root@domain-srvr-02:~# sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt php5-curl php5-gd php5-mysql php5-dev libssh2-1-dev libssh2-php
Answer YES two times for the questions that PHP will do and it will install itself.
The next step is to enable PHP for Apache but before that, let's take a small look on how ```vi`` works. This will help on editing all the configurations that is required to be done.
All can be seen on the cheat-sheet bellow but here is a small list of commands that you really need to know:
esc - will return to the non-editing mode / menu
i - will enter in edit mode
esc + :wq - will write and quit
esc + :q! - will quit without any changes (forced)
esc + :q - will quit (it will ask you if you have changes)
/search_term will try to find the first search term matching that
Either way here is a full cheat-sheet that you can use: SmashMagazine.com - VI Help
Now that you know vi, let's edit our 1st config file:
root@domain-srvr-02:~# sudo vi /etc/apache2/mods-enabled/dir.conf
The index.php is out of order on the file so all we need to do is to move it to the 1st item to be checked. This is how it will look:
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>
To finalize the PHP and MySQL installation restart the apache server:
root@domain-srvr-02:~# sudo service apache2 restart
Still in doubt, there is a lot of little troubleshooting tips here in this article: How to install LAMP on Ubuntu
I will not explain how to do this because the article below explains way better than I ever could. Read the article and follow instructions. It is as simple as it can be.
Creating a Self Signed Certificate in Ubuntu
Honestly using FTP is a thing from the past even knowing that it will have situations where you will require FTP to send files, but for now, let's use GIT and Composer.
If you don't have an account with GitHub yet, create one. It will give you the option to create free public repositories. Git is not hard to understand but to get you quick-start read this article: Open Source with GIT and GitHub.
I will not explain how git works since it is very well explained on Lorna's post but from now on I will assume that you are using GIT to put your repositories into the server.
Enter the apache directory where the sites will be hosted and clone your site using it as domain. For example:
root@domain-srvr-02:~# cd /var/www
root@domain-srvr-02:/var/www# git clone git@github.com:YOURGITUSER/YOURGITREPOSITORY.git yourdomain.com
After a few seconds you should have all your files into yourdomain.com.
Now, to simplify things, let's create a symbolic link to the newly cloned repo.
root@domain-srvr-02:/var/www# ln -s /var/www/yourdomain.com /var/www/www.yourdomain.com
Again, using vi, let's edit a file.
root@domain-srvr-02:/var/www# sudo vi /etc/hosts
Add the following before # The following lines are desirable for IPv6 capable hosts
127.0.0.1 yourdomain.com www.yourdomain.com
If you will not install wordpress, skip this step completely.
If you want to install Wordpress, there is a easier way than downloading it all. We will use composer to install the latest version. I'm using the most used one from Packagist.org.
Create a new directory under /var/www
root@domain-srvr-02:/var/www# mkdir wordpress
root@domain-srvr-02:/var/www# cd wordpress
root@domain-srvr-02:/var/www/wordpress# vi composer.json
Add the following code to the composer.json file:
{
"require": {
"johnpbloch/wordpress": "dev-master"
}
}
Now install composer. Is pretty easy just do the following:
root@domain-srvr-02:/var/www/wordpress# curl -sS https://getcomposer.org/installer | php
root@domain-srvr-02:/var/www/wordpress# mv composer.phar /usr/local/bin/composer
root@domain-srvr-02:/var/www/wordpress# composer install
Composer will automatically download and setup the files for Wordpress but to finalize the installation we need to create symbolic links to tell apache that that Wordpress installation is actually a working domain.
root@domain-srvr-02:/var/www/wordpress# cd ..
root@domain-srvr-02:/var/www# ln -s /var/www/wordpress/wordpress /var/www/yourdomain.com
root@domain-srvr-02:/var/www# ln -s /var/www/wordpress/wordpress /var/www/www.yourdomain.com
So far very similar to install an site with Github, but we still need to configure it so it can work with an SSH install for themes and plugins instead of FTP.
To allow themes and plugins install on the Wordpress site we need to setup the SSH user / keys. So follow the commands:
sudo adduser wp-user
cd cd /var/www/wordpress/wordpress
sudo chown -R wp-user:wp-user *
This will jail the wp-user into the /var/www/wordpress/wordpress directory. This means that this is the only area of the server that he will have access to.
Now let's create a set of encryption keys for this user:
sudo su - wp-user
ssh-keygen -t rsa -b 4096
You will be asked a few questions, just press enter till the end and it will create a id_rsa / id_rsa.pub set of keys. Logoff from that user account.
exit
Now let's set file permissions and create the key that wordpress will have access to.
sudo chown wp-user:wp-user /home/wp-user/.ssh/
sudo chmod 0700 /home/wp-user/.ssh/
sudo cp /home/wp-user/id_rsa.pub /home/wp-user/.ssh/authorized_keys
sudo chown wp-user:wp-user /home/wp-user/.ssh/authorized_keys
sudo chmod 0644 /home/wp-user/.ssh/authorized_keys
Since these keys will only be used for logging in from within the WordPress site, which is on the same computer, we can restrict the login to this server:
sudo vi /home/wp-user/.ssh/authorized_keys
Before everything add:
from="127.0.0.1"
Save and close the file.
To finalize we will add the SSH key set on the wp-config file and restart apache.
vi /var/www/wordpress/wordpress/wp-config.php
In the end of the file add:
define('FS_METHOD','direct');
define('FTP_PUBKEY','/home/wp-user/.ssh/id_rsa.pub');
define('FTP_PRIKEY','/home/wp-user/.ssh/id_rsa');
define('FTP_USER','wp-user');
define('FTP_PASS','');
define('FTP_HOST','127.0.0.1:22');
Save and close and restart apache:
sudo service apache2 restart
Reference for the Wordpress secure config: how to configure secure updates and installations in wordpress
We have almost everything setup to make it work. Now it is time to enable the sites in Apache.
Apache provides a good Virtual Host config which allows us to have multiple sites within a unique server but for that to work we will need to enable a couple of modules and that is pretty simple, just do a symbolic link.
ln -s /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled/ssl.conf
ln -s /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled/ssl.load
ln -s /etc/apache2/mods-available/vhost_alias.load /etc/apache2/mods-enabled/vhost_alias.load
ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/rewrite.load
sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod vhost_alias
Edit your default config 000-default.conf for the server and change it to this:
vi /etc/apache2/sites-available/000-default.conf
And replace all for:
<VirtualHost *:80>
ServerName %0
ServerAlias *.%0
VirtualDocumentRoot /var/www/%0
<Directory "/var/www/%0">
Options +FollowSymLinks -Indexes
AllowOverride All
</Directory>
</VirtualHost>
If you want you can do a backup of the original file by simply copying it with another name:
cp 000-default.conf 000-default.conf.bak
We will do almost the same for the SSL version of it:
vi /etc/apache2/sites-available/default-ssl.conf
And replace:
<VirtualHost *:443>
VirtualDocumentRoot /var/www/%0
ServerName %0
ServerAlias *.%0
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLCipherSuite ALL:-ADH:HIGH:MEDIUM:-LOW:-SSLv2:-EXP
SetEnvIf X-Forwarded-Proto https HTTPS=1
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<Directory "/var/www/%0">
Options +FollowSymLinks -Indexes
AllowOverride All
</Directory>
</VirtualHost>
Save and close and restart apache.
Adding your domain from on the DNS list can be done from the Digital Ocean dashboard but after it is added you will need to add, for now, one more record:
Create a new record for your domain for the type CNAME.
On this record set it as www that will point to @.
Save it and wait for the DNS to propagate. This will create an alias from www.yourdomain.com to your main ip for that domain. In another words this means that your www.yourdomain.com will work.
We will do a couple more of this records after iRedMail is installed.
This is a must do. Every thing you have done till now was to create a full LAMP stack server and it is functioning with your sites all setup so now, stop and create snapshot. For that you will require to shutdown the server. To shutdown the server do the following command:
root@domain-srvr-02:~# sudo shutdown -h now
You will know that the server has stopped because the snapshot function from Digital Ocean will now be available. Create a snapshot and move forward.
You could simply install Postfix but configuring all that is related to it and making it use MySQL can be a real pain, so instead of complicating things, use iRedMail that will provide you, among some other things, an interface to create emails and add domains for the emails and an interface for RoundCube.
Before we start installing iRedMail the 1st thing we need to do is to look for the current release for it and for that we will go to iRedMail.org. The current released used for this article is the iRedMail-0.8.7 so use it as reference but don't forget to rename the commands with your current release.
1st Let's download and extract iRedMail:
wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.8.7.tar.bz2
tar jxvf iRedMail-0.8.7.tar.bz2
cd iRedMail-0.8.7
Before we start the installation let's set the hostname for iRedMail.
hostname yourdomain.com
Now let's start the installation:
bash iRedMail.sh
For the next screens, until selecting a database hit enter for all and if it asks for hostname, enter yourdomain.com (or the domain that will be the main one associated with the email server). When you get to the database selection screen, select MySQL (hit space to select it - will show a *) and then hit enter for next.
On the package selection page yo don't need to select phpMyAdmin, Fail2Ban and the anti-virus one (If you select anti-virus make sure that your droplet have more than 2GB's).
Now that everything is all set and done, reboot the droplet:
sudo shutdown -r now
Before moving forth with the configuration we need to create the A records for the domain so the email work.
On your Digital Ocean Account dashboard select the domain from the DNS menu and add a new MX record. Add these values for the record:
hostname: yourdomain.com
priority: 0
The next step is to add a new TXT record and we will use the following configuration for this:
name: @
text: "v=spf1 ip4:IP_ADDRESS -all"
Where IP_ADDRESS is the IP address from your droplet. You can find this number by simply looking at the @ record on your domain DNS.
All of the installation notes and logs can be found in iRedMail.tips file ( ~/iRedMail-0.8.7/iRedMail.tips). Here you will have information on passwords, SSL certificate locations, and DKIM records and to complete our installation we need to copy the DKIM information to our DNS as another TXT record type. For that do:
cd ~/iRedMail-0.8.7
vi iRedMail.tips
You will need to find a copy the portion of your DKIM from that file so we can add it on the TXT record. When you add the record you will enter:
name: dkim_domainkey
text: "v=DKIM; p=A_WHOLE_BUNCH_OF_CHARS_NUMBERS_BASE_512_ENCODE"
One step further would be setting up a valid certificate for your server so when your users login into the mail they don't see that invalid certificate message.
There is a good explanation on this article that goes a bit more in details of how to do that: How to Install iRedMail on Ubuntu
As a last step, restart apache.
sudo service apache2 restart
Become a code ninja! Learn PHP - PHP Series - Beginner Edition