Cloud providers like Digital Ocean and Liode are getting popular day by day. If you come to a point where you have to setup Cloud server it’s not as straight forward as hosting on cPanel server. Cloud servers are actually built for developers and sharp system administrators. Although I have mention here this setup guide for Linode, it can also work on digital ocean or godaddy cloud servers. This guide can be applied on Ubuntu or Debian Servers
After choosing the package, setting DNS and booting up maching, Login via SSH and start shooting the commands as mentioned below.
1. Set a Hostname
hostnamectl set-hostname meronetwork01
now edit host file
nano /etc/hosts
add line to /etc/hosts
127.0.0.1 meronetwork01
2. Set the Timezone
dpkg-reconfigure tzdata
check this configuration by typing ‘date’ in command line
3. Update your server with the following commands
apt-get update
apt-get upgrade
4. Create User
adduser admin
usermod -a -G sudo admin
Now logout of root account. Run putty again and login as admin
5. Secure Linode with SSH Key Pair
Generate keypair in your windows with puttygen or in ubuntu type ssh-keygen -t rsa
Now run the following commands with admin user in your linode terminal.
mkdir .ssh
sudo nano .ssh/authorized_keys
Paste the copied public key into this file.
Save and Exit.
sudo chown -R admin:admin .ssh
sudo chmod 700 .ssh
sudo chmod 600 .ssh/authorized_keys
sudo nano /etc/ssh/sshd_config
Now disable root login by changing the following value.
PasswordAuthentication no
PermitRootLogin no
Restart you SSH service
sudo service ssh restart
6 Create a firewall
Run the following command
sudo vim /etc/iptables.firewall.rules
paste the following
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -j REJECT
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -j ACCEPT
-A INPUT -p tcp –dport 80 -j ACCEPT
-A INPUT -p tcp –dport 443 -j ACCEPT
-A INPUT -p tcp -m state –state NEW –dport 22 -j ACCEPT
-A INPUT -p icmp –icmp-type echo-request -j ACCEPT
-A INPUT -m limit –limit 5/min -j LOG –log-prefix “iptables denied: ” –log-level 7
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
Activate the rules:
sudo iptables-restore < /etc/iptables.firewall.rules
Make sure the rules always activate while you restrat linode
sudo vim /etc/network/if-pre-up.d/firewall
Paste the following script.
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.firewall.rules
Make sure you have no errors and see the rule by typing this
sudo iptables -L
7. DDOS Security
Run the commands
sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vi /etc/fail2ban/jail.local
Set “enabled” to “true” in the [ssh-ddos] section. Then restart Fail2ban.
sudo service fail2ban restart
Okay security part and getting server ready part is done, now lets start setting up server to host multiple website in our cloud server
8. Install Nginx Server
Run the following commands
sudo apt-get update
sudo apt-get install nginx
To configure Nginx run
sudo nano /etc/nginx/nginx.conf
Configure nginx to run php script, edit
sudo vi /etc/nginx/sites-available/default
And uncomment by removing # from the following segment
location ~ \.php$ {
include snippets/fastcgi-php.conf
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
restart nginx
sudo service nginx restart
9. Install MySql
Run these commands
sudo apt install mysql-server
sudo mysql_install_db
sudo mysql_secure_installation
Now create the database and import from command line
mysql> CREATE DATABASE exampleDB;
mysql> GRANT ALL ON exampleDB.* TO 'example_user'@'localhost' IDENTIFIED BY 'password';
mysql> FLUSH PRIVILEGES;
mysql> quit
roo@debian# mysql -u username -p database_name < FILE.sql
10. Install PHP
sudo apt-get install php5-fpm php5-mysql
php ini file is here
sudo nano /etc/php5/fpm/php.ini
Find cgi.fix_pathinfo inside the configuration file and change it, uncomment it
cgi.fix_pathinfo=0
then hit
sudo service php5.6-fpm restart
check the php installation is successful. Usually people check this with phpinfo(); function
11. Now start hosting multiple websites.
Make sure that there websites are updated on Linode DNS manager and you have pointed the website to Linode server from your domain registrar.
Point your domain name server to
ns1.linode.com
ns2.linode.com
ns3.linode.com
ns4.linode.com
ns5.linode.com
Lets say we want to host example1.com and example2.com
Create Document roots for these site
sudo mkdir /var/www/html/example1
sudo mkdir /var/www/html/example2
create public_html for public files to be hosted for that site and make these changes
chown -R www-data:www-data public_html
chmod -R 777 public_html
Now create virtual host for example1.com
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example1
Disable the default host
sudo rm /etc/nginx/sites-enabled/default
sudo vi /etc/nginx/sites-available/example1
This file looks like the following after removing unnecessary comments.
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
change the root file location and enable the website 1 and restart nginx
sudo ln -s /etc/nginx/sites-available/example1.com /etc/nginx/sites-enabled
sudo service nginx restart
repeat the same process for your next website