How to Setup LEMP Server in Linode Cloud

Cloud providers like Digital Ocean and Liode are getting popular day by day. If you come to a point where you have to setup Cloud server it’s not as straight forward as hosting on cPanel server. Cloud servers are actually built for developers and sharp system administrators. Although I have mention here this setup guide for Linode, it can also work on digital ocean or godaddy cloud servers. This guide can be applied on Ubuntu or Debian Servers

After choosing the package, setting DNS and booting up maching, Login via SSH and start shooting the commands as mentioned below.

1. Set a Hostname

hostnamectl set-hostname meronetwork01

now edit host file
nano /etc/hosts

add line to /etc/hosts
127.0.0.1 meronetwork01

2. Set the Timezone

dpkg-reconfigure tzdata
check this configuration by typing ‘date’ in command line

3. Update your server with the following commands

apt-get update
apt-get upgrade

4. Create User

adduser admin
usermod -a -G sudo admin

Now logout of root account. Run putty again and login as admin

5. Secure Linode with SSH Key Pair

Generate keypair in your windows with puttygen or in ubuntu type ssh-keygen -t rsa

Now run the following commands with admin user in your linode terminal.
mkdir .ssh
sudo nano .ssh/authorized_keys
Paste the copied public key into this file.
Save and Exit.

sudo chown -R admin:admin .ssh
sudo chmod 700 .ssh
sudo chmod 600 .ssh/authorized_keys
sudo nano /etc/ssh/sshd_config

Now disable root login by changing the following value.

PasswordAuthentication no
PermitRootLogin no

Restart you SSH service
sudo service ssh restart

6 Create a firewall

Run the following command

sudo vim /etc/iptables.firewall.rules

paste the following

*filter

-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT

-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

-A OUTPUT -j ACCEPT

-A INPUT -p tcp –dport 80 -j ACCEPT
-A INPUT -p tcp –dport 443 -j ACCEPT

-A INPUT -p tcp -m state –state NEW –dport 22 -j ACCEPT

-A INPUT -p icmp –icmp-type echo-request -j ACCEPT

-A INPUT -m limit –limit 5/min -j LOG –log-prefix “iptables denied: ” –log-level 7

-A INPUT -j DROP
-A FORWARD -j DROP

COMMIT

Activate the rules:
sudo iptables-restore < /etc/iptables.firewall.rules

Make sure the rules always activate while you restrat linode
sudo vim /etc/network/if-pre-up.d/firewall

Paste the following script.

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.firewall.rules

Make sure you have no errors and see the rule by typing this
sudo iptables -L

7. DDOS Security

Run the commands

sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vi /etc/fail2ban/jail.local

Set “enabled” to “true” in the [ssh-ddos] section. Then restart Fail2ban.

sudo service fail2ban restart

Okay security part and getting server ready part is done, now lets start setting up server to host multiple website in our cloud server

8. Install Nginx Server

Run the following commands

sudo apt-get update
sudo apt-get install nginx

To configure Nginx run
sudo nano /etc/nginx/nginx.conf

Configure nginx to run php script, edit

sudo vi /etc/nginx/sites-available/default

And uncomment by removing # from the following segment

location ~ \.php$ {
include snippets/fastcgi-php.conf
fastcgi_pass unix:/var/run/php5-fpm.sock;
}

restart nginx
sudo service nginx restart

9. Install MySql

Run these commands

sudo apt install mysql-server
sudo mysql_install_db
sudo mysql_secure_installation

Now create the database and import from command line

mysql> CREATE DATABASE exampleDB;
mysql> GRANT ALL ON exampleDB.* TO 'example_user'@'localhost' IDENTIFIED BY 'password';
mysql> FLUSH PRIVILEGES;
mysql> quit
roo@debian# mysql -u username -p database_name < FILE.sql

10. Install PHP

sudo apt-get install php5-fpm php5-mysql

php ini file is here
sudo nano /etc/php5/fpm/php.ini

Find cgi.fix_pathinfo inside the configuration file and change it, uncomment it

cgi.fix_pathinfo=0

then hit
sudo service php5.6-fpm restart

check the php installation is successful. Usually people check this with phpinfo(); function

11. Now start hosting multiple websites.

Make sure that there websites are updated on Linode DNS manager and you have pointed the website to Linode server from your domain registrar.

Point your domain name server to

ns1.linode.com
ns2.linode.com
ns3.linode.com
ns4.linode.com
ns5.linode.com

Lets say we want to host example1.com and example2.com

Create Document roots for these site
sudo mkdir /var/www/html/example1
sudo mkdir /var/www/html/example2

create public_html for public files to be hosted for that site and make these changes

chown -R www-data:www-data public_html
chmod -R 777 public_html

Now create virtual host for example1.com
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example1

Disable the default host

sudo rm /etc/nginx/sites-enabled/default
sudo vi /etc/nginx/sites-available/example1

This file looks like the following after removing unnecessary comments.

server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}

change the root file location and enable the website 1 and restart nginx

sudo ln -s /etc/nginx/sites-available/example1.com /etc/nginx/sites-enabled
sudo service nginx restart

repeat the same process for your next website