Recently, I change my web hosting from Godaddy to DigitalOcean, I chose New York Region(nyc2), ping latency in Harbin, China, about 300ms, web pages open faster also. This article simply recorded the basic configuration process after the new VPS.
Environment
Service Providers : DigitalOcean Operating System : Ubuntu 14.04 LTS Trusty Tahr 64-bit Processor : 1 Core Memory : 512MB Hard Disk : 20GB SSD Transfer : 1TB
Basic Configuration
Determine virtualization technology
$ sudo virt-what
Update and Upgrade
$ sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y && sudo apt-get autoremove -y && sudo apt-get autoclean
For security, new installed VPS need to do some simple settings, disable the root account login, and new user.
$ sudo adduser username
Add new user in sudo rules
$ sudo adduser username sudo
Edit sshd_config file, disable root account login
$ vim /etc/ssh/sshd_config
Modify ...
PermitRootLogin yes
... to ...
PermitRootLogin no
Restart SSH Service
$ sudo service ssh restart
Firewall
Install UFW and enable:
$ sudo apt-get install ufw
Allow custom ports and HTTP(s) services:
$ sudo ufw allow 22 $ sudo ufw allow http $ sudo ufw allow https
Enable the firewall:
$ sudo ufw enable
Check the status of the firewall:
$ sudo ufw status verbose
Build Web Server
LAMP reference Installation LAMP ( Apache+MySQL+PHP ) on Ubuntu or run command in terminal
$ sudo tasksel
LNMP reference Installation LNMP ( Nginx+MySQL+PHP ) on Ubuntu
Install and Config Website
Apache
$ sudo vim /etc/apache2/apache.config
... add ...
ServerName localhost
... and comment out ...
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Add new Website
$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/newsite.conf $ sudo vim /etc/apache2/sites-available/newsite.conf
Example
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin email[at]example.com
DocumentRoot /home/newsite
ServerName example.com
ServerAlias www.example.com
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /home/newsite>
# Anti crawlers
SetEnvIfNoCase User-Agent ".*(^$|FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|Ezooms)" BADBOT
deny from env=BADBOT
# Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride All
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Enable Website
$ sudo a2ensite newsite $ sudo service apache2 reload
FTP Server
$ sudo apt-get install vsftpd $ sudo service vsftpd start
System Testing
Install Apache Stress Testing Tool
$ sudo apt-get install apache2-utils
Performance Testing, Optimization and Monitoring
Reference
Setting Up Email Alerts for Network Monitoring with Nagios
Nagios – Server Monitoring Scheme
Install the Cacti Server Monitor on Ubuntu Server
- Routine Maintenance and Backup
- Security
SSH login without password
Install SSH service on remote server by command:
$ sudo apt-get install openssl-server openssh-client
Log in on local as user a and generate a pair of authentication keys. Do not enter a passphrase:
$ ssh-keygen -t rsa
Upload local public key
$ scp ~/.ssh/id_rsa.pub user@ip:~/.ssh/localuser_id_rsa.pub
Finally append local new public key to remote:.ssh/authorized_keys on remote server:
$ cat ~/.ssh/localuser_id_rsa.pub >> ~/.ssh/authorized_keys
From now on you can log into remote server without password.
Note that depending on your version of SSH you might also have to do the following changes:
- Put the public key in
.ssh/authorized_keys2 - Change the permissions of
.sshto700 - Change the permissions of
.ssh/authorized_keys2to640
Disable SSH login with password
Edit /etc/ssh/sshd_config file, modify PasswordAuthentication yes to PasswordAuthentication no and restart ssh service:
$ sudo service ssh restart
Change all files and folders permissions of a directory to 644/755
For directories
$ find * -type d -print0 | sudo xargs -0 chmod 0755
For files
$ find . -type f -print0 | sudo xargs -0 chmod 0644