How to configure a dedicated Debian server for LAMP
5. Installation of Apache2
apt-get install apache2 php5 libapache2-mod-php5 php5-gd apache2-dev
vi /etc/apache2/conf.d/security -> ServerTokens Prod ; ServerSignature Off
a2enmod rewrite
a2enmod expires
a2enmod headers
/etc/init.d/apache2 restart
6. Installation of Mysql and mtop
apt-get install mysql-server-5.0 php5-mysql
(do not specify a Mysql root password at this time, otherwise the automatic installation of mtop will fail. We will do this right afterwards!)
apt-get install mtop
mysql -u root -> exit
mysqladmin -u root password <your password>
mysql -u root
-> should not work anymore without a password
vi /etc/mysql/my.cnf
-> log_slow_queries = /var/log/mysql/mysql-slow.log
/etc/init.d/mysql restart
7. Installation of Munin and phpsysinfo
apt-get install munin
http://ksXXX.ovh.net/munin/
apt-get install phpsysinfo
-> You have to create the <VirtualDirectory> and the alias for phpsysinfo and secure access to both directories by setting up an .htaccess password in the apache2 config of the default virtualhost.
8. Installation of PHP and eAccelerator
apt-get install libapache2-mod-php5 php5 \ php5-common php5-dev php5-curl php5-gd \ php-pear php5-imagick php5-mcrypt php5-memcache \ php5-mhash php5-mysql php5-cli
apt-get install re2c
wget http://bart.eaccelerator.net/source/0.9.6/eaccelerator-0.9.6-rc1.tar.bz2
(or more recent…)
tar -jxvf eaccelerator-0.9.6-rc1.tar.bz2
cd eaccelerator-0.9.6-rc1
phpize
./configure -enable-eaccelerator=shared
make
make install
vi /etc/php5/apache2/conf.d/eaccelerator.ini
-> create the file with this content:
extension="eaccelerator.so" eaccelerator.shm_size="16" eaccelerator.cache_dir="/var/cache/eaccelerator" eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_max="0" eaccelerator.shm_ttl="0" eaccelerator.shm_prune_period="0" eaccelerator.shm_only="0" eaccelerator.compress="1" eaccelerator.compress_level="9"
mkdir /var/cache/eaccelerator chmod 0777 /var/cache/eaccelerator /etc/init.d/apache2 restart
Upgrade and maintenance of eAccelerator version according to system evolution is explained in this other article (in French right now).
9. Installation of PhpMyadmin, Logwatch and AWStats
apt-get install phpmyadmin
vi /etc/phpmyadmin/apache.conf
-> change the alias with ‘/my_mysql_admin_in_php’ for exemple (otherwise, you’ll get a lot of automated attacks against this directory)
/etc/init.d/apache2 restart
http://XXX.yourhost.net/my_mysql_admin_in_php/index.php?lang=fr-utf-8 -> bookmarks
apt-get install logwatch
apt-get install awstats
Configure /etc/awstats/.
/etc/init.d/apache2 restart
-> add: 15,45 * * * * /usr/share/doc/awstats/examples/awstats_updateall.pl now -awstatsprog=/usr/lib/cgi-bin/awstats.pl >> /var/log/awstats.log
/usr/share/doc/awstats/examples/awstats_updateall.pl now -awstatsprog=/usr/lib/cgi-bin/awstats.pl >> /var/log/awstats.log
vi /etc/logrotate.d/apache2
-> add:
prerotate /usr/share/doc/awstats/examples/awstats_updateall.pl now -awstatsprog=/usr/lib/cgi-bin/awstats.pl >> /var/log/awstats.log endscript
10. Configure your sites and your backups
This is too specific for me to provide a generic tutorial here.
I recommend setting up an automated backup of all mysql database by using a special ‘mysqldump’ db user,
making a daily tar -xvf of all web publication directories (usually found in /var/www),
and also making a tar -xvf of the following important directories tht you should backup and archive on a regular basis:
/etc
(contains configuration files for Apache, Phpmyadmin, Awstats, …)
/root
/home/<your login>
/var/lib/awstats
11. Receive administration alerts with exim4
By default, exim4 is not configured to send e-mails to the outside world. You should therefore create yourself an alias pointing towards your e-mail address in order to receive messages that are sent to root, and then activate the smtp routing of Exim :
sudo vi /etc/aliases
-> add this line: root: <your e-mail address>
(get rid of any pre-existing root: alias pointing to your hosting provider!)
dpkg-reconfigure exim4-config
-> direct distribution through SMTP / listen on address 127.0.0.1 solely
/etc/init.d/exim4 restart
mail -s 'test' <your e-mail>
mail -s 'test2' root
(with the mail command, use a single dot on a new line to end the e-mail message and get out)
sudo exim -q -v
12 End of the installation process
just to be sure:
aptitude update
aptitude safe-upgrade
aptitude full-upgrade
reboot
13. Very useful links
Those were my primary sources for this article (let them be thanked), you will find on those sites more detailed instructions, and additional suggestions to study. Fire up your bookmarks!
- Using SSH keys to connect automatically without providing a password (in French)
- security: securing the Debian [RPS OVH Server] (in French)
- My Debian installation at OVH | Jonathan’s Blog (in French)
- Niadomo part II: first configuration of an e-mail server – David’s blog (in French)
- Apache2 (SSL), Logrotate, and AWStats [Archive] – Ubuntu Forums
- Managing Apache2 modules the Debian way | MDLog:/sysadmin
- Exim Cheatsheet
- [ILUG] Exim…..
- Installing and Configuring Exim4
La version française de cet article est disponible ici.
Pages : 1 2