Control is carried out using command line. For these purposes, it is most convenient to use a free program PuTTy. It does not require installation: after downloading and running the utility, you can immediately connect to the VDS via SSH protocol by entering the IP address (the default port number is 22) and clicking on the “Open” button. After this, a console window will appear on the screen with an invitation to authorize “login as:”. Enter root, press “Enter”, then enter the password received when ordering the service and confirm the action again with the enter key. Now you can start working.
The VDS setup procedure itself involves entering into the console text commands, with the help of which you can perform almost any operation on the server. Below is a sequence of basic actions that must be performed immediately after starting the virtual machine, as well as step by step installation ligaments software necessary for hosting websites. The examples are adapted for the two most common Linux families: Debian (which includes, for example, the popular Ubuntu) and Centos (which includes Centos itself, Fedora and a number of others).
Attention! For OS version Bitrix 6 installed on VDS, LEMP installation is not required!
Initial VDS setup
Software update
You need to start setting up VDS with a global update. You can run the update on Debian-like operating systems as follows:
Apt-get update && apt-get upgrade
for Centos the command is different:
During the update process you will be asked if you want to install new packages. Answer yes using the Y key and confirm your choice by pressing “Enter”.
Adding a new user
It is strongly not recommended to work with the server under the root account - it is best to create a new user and give him necessary rights. On Debian-like systems this is done with the command:
Adduser username
where username should be replaced with the desired username. After completing it, you will be asked to set a password, and then asked to fill out additional fields(this is not necessary - they can be left empty).
When working with Centos, the command is also used:
Adduser username
However, the password is set separately:
Passwd username
Transferring root privileges
After creating a new user, you need to assign super administrator rights to him, otherwise you will not be able to fully configure VDS. This is done by adding the newly created account to the appropriate group. For Debian-like:
Gpasswd -a username sudo
for Centos-like:
Gpasswd -a username wheel
SSH management
For security purposes, it is necessary to perform a number of manipulations with the sshd_config configuration file, which, as you might guess, is responsible for setting remote connection to the server via SSH. Different Linux distributions use different utilities for editing, and accordingly, the commands for them will be slightly different. Debian-like ones use nano:
Nano /etc/ssh/sshd_config
To save the changes you have made, press the key combination Ctrl+X, then Y and “Enter”. Centos includes a vi editor:
Vi /etc/ssh/sshd_config
Saving information is carried out with the command: x, after which you must press “Enter”.
In sshd_config you should disable root logins by replacing
PermitRootLogin yes
PermitRootLogin no
and also change the default SSH port by replacing
for example, on
It is better to choose a port number from the range 49152-65535 - this will avoid possible conflicts with various services and Linux services. After the described manipulations, you need to restart SSH. In Debian this is done like this:
Service ssh restart
Systemctl reload sshd
Now you need to reconnect to the server via the assigned port under a new account, after which you can continue setting up VDS.
Installing and configuring LEMP
Most modern CMSs are written in PHP programming. This means that to host almost any website, regardless of type and functionality, we will need LEMP. This abbreviation stands for a combination of a modern and very fast Nginx web server, the php-fpm interpreter and the MySQL database management system. The installation procedure is quite simple and will not take much time.
Installing Nginx
Let's start with Nginx installations. In Debian-like distributions this is done in one line:
Sudo apt-get install nginx
after which the server will be automatically started.
On Centos, you first need to add the EPEL repository:
Sudo yum install epel-release
and only after that carry out the installation:
Sudo yum install nginx
The final stage is launching Nginx:
Sudo systemctl start nginx
Installing MySQL
On Debian-like operating systems, the database service is installed with the command:
Sudo apt-get install mysql-server mysql-client
During the process, you will be asked to set a MySQL administrator password.
In Centos-like distributions, instead of MySQL, a fork of MariaDB is used, which has the same functionality. After installing it:
Sudo yum install mariadb-server mariadb
The database server must be started and also added to the startup list:
Sudo systemctl start mariadb sudo systemctl enable mariadb
Setting up MySQL
The initial setup of the database server is carried out using a special script included with the main software:
Sudo mysql_secure_installation
After launch, you will be asked to enter the MySQL administrator password that we set in the previous step, and then will be asked a series of questions, which must be answered with the Y (yes) and N (no) buttons, confirming the choice with the “Enter” key:
- Do you want to change your password? (Change the root password?) - No (N)
- Delete anonymous users? (Remove anonymous users?) - Yes (Y)
- Deny remote authorization with superuser rights? (Disallow root login remotely?) - Yes (Y)
- Delete test database? (Remove test database and access to it?) - Yes (Y)
- Reload the privilege table? (Reload privilege tables now?) - Yes (Y)
Adding a new database
Database management is carried out through the MySQL console. To enter it, you must enter the command:
To host a dynamic site, you need to create a database with which the engine will work. Typically, a separate database and a separate user who can manage it are created for each project. Let's create a sitedb database, a site_user user, and then give sitedb management rights to the latter (you can replace the suggested names with any others).
This is done as follows:
Create a database:
CRE ATE DATABASE sitedb;
Create a user (instead of password, enter a unique password)
CREATE USER site_user@localhost IDENTIFIED BY "password";
We transfer sitedb management rights to the site_user user:
GRANT ALL PRIVILEGES ON sitedb.* TO site_user@localhost IDENTIFIED BY "password";
Updating privilege data:
FLUSH PRIVILEGES;
When all operations are complete, exit the MySQL console:
Installing PHP
An important step in setting up VDS is installing and configuring the PHP interpreter. The commands for different Linux distributions are different. Installation in Debian is carried out like this:
Sudo apt-get install php5-fpm php5-mysql
In Centos it's a little different:
Sudo yum install php php-mysql php-fpm
PHP configuration
The first step is to edit the php.ini file. On Debian and Ubuntu it is located here:
Sudo nano /etc/php5/fpm/php.ini
On Centos-like distributions - directly in the etc directory:
Sudo vi /etc/php.ini
In both systems, you first need to uncomment and change the value in the following line:
;cgi.fix_pathinfo=1
Cgi.fix_pathinfo=0
Thus, we have closed an important vulnerability that could have been used by attackers to gain unauthorized access to the site. This completes the setup of the interpreter on Debian; all that remains is to restart the PHP processor:
Sudo service php5-fpm restart
In Centos, you also need to edit the www.conf file:
Sudo vi /etc/php-fpm.d/www.conf
Here you need to find the line
Listen = 127.0.0.1:9000
and replace with
Listen = /var/run/php-fpm/php-fpm.sock
We also change
Listen.owner = nobody listen.group = nobody
Sudo systemctl start php-fpm sudo systemctl enable php-fpm
Creating a directory
Now you need to create a directory in which your resource files will be located. On any Linux operating system this is done with the following command:
Sudo mkdir /var/www/sitename.ru/public_html
IN in this example sitename.ru must be replaced with Domain name site. As for CMS files, they should be uploaded to the public_html folder. Once the download is complete, you must transfer control rights to the web server. There are differences in the names used to refer to Nginx. For Debian-like distributions the command will look like this:
Sudo chown -R www-data:www-data /var/www/html/*
It's different in Centos:
Sudo chown -R nginx:nginx /var/www/html/*
Adding a new Nginx host
The last step in setting up a VDS to host a website is adding an Nginx virtual host. We just need to edit the default. In the Debian family this is done like this:
Sudo nano /etc/nginx/sites-available/default
Sudo vi /etc/nginx/conf.d/default.conf
After opening the file, remove all information from it, replacing it with the code presented below (instead of sitename.ru, substitute the current site name), and save the result:
Server ( listen 80; server_name sitename.ru; server_name_in_redirect off; access_log /var/log/nginx/sitename.access_log; error_log /var/log/nginx/sitename.error_log; root /var/www/sitename.ru/public_html; index index.php index.html index.htm default.html default.htm; location / ( try_files $uri $uri/ /index.php?$args; ) error_page 404 /404.html; error_page 500 502 503 504 /50x.html ; location = /50x.html ( root /usr/share/nginx/html; ) location ~ \.php$ ( try_files $uri =404; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; ) )
All that remains is to restart Nginx. Command for Debian distributions:
Sudo service nginx restart
Sudo systemctl restart nginx
Now the virtual server is completely ready for operation, and you can start working directly with the web resource. Further steps depend on the selected CMS.
xHellKern November 28, 2012 at 11:29 pm
Setting up your first VDS server as a web server
- Nginx
- Tutorial
Good afternoon.
It just so happens that lately I’ve had to change VDS providers quite often, and each time I have to re-configure the system, so I decided to write a short summary on configuration. Everything described below works correctly on the OS Linux Ubuntu server 12.04 LTS. In this article I will describe how to install and perform the initial setup of nginx+apache2, eaccelerator, memcached, fure-ftpd, php, mysql, phpmyadmin, as well as the game server control panel - open game panel.
I'll start with brief description some terms.
VDS - also known as VPS - Virtual Dedicated (Private) server - a virtual machine, server - it is needed when regular hosting is not enough, and a dedicated server is expensive. In the modern market there are a great variety of providers who provide VDS rental services, and each has its own pros and cons, but we will not discuss them.
Virtualization type - speaking in simple language this is the way the virtual machine is organized. Currently, OpenVZ and XEN are the most common. Plus OpenVZ is low cost, since this type of virtualization is for everyone virtual machines running on a hardware server uses a specially modified host system kernel. The disadvantage of this type of virtualization is that it is impossible to change the parameters of the OS kernel, and overselling is almost always present (more on this later). But for serious projects it is better to use XEN or KVM virtualization- there the guest OS does not even know that it is installed on a virtual machine, and with the OS you can do almost everything your heart desires, especially on XEN-HWM and KVM.
Overselling - providers sell more resources than they actually have. This works due to the fact that clients rarely use 100 percent of the resources at the tariff, but unscrupulous providers with an inflated overselling ratio may experience problems, such as extremely slow machine operation or failure to execute scripts due to lack of memory. Returning to the types of virtualization on XEN and KVM, overselling is almost technically impossible.
Choosing a hosting provider
So, you have decided to buy a VDS service. How should you choose a provider? You should start with geography - where your server will be located geographically.
Germany - pros: cheap tariffs, fast channels, unlimited traffic, cons - quite a long delay to Russia - about 80ms, they take torrent trackers, torrent clients, Varese, etc. very seriously.
Holland, Canada - the same as Germany, but a little more expensive, but the main advantage is legislation that is more loyal to various types stored and transmitted information, for which we are not patted on the head.
The USA - for the most part, consider traffic, large pings to Russia - in general, not the best option.
Russia, Ukraine - minimal delays to the Russian audience, in most cases pseudo-unlimited traffic (speed reduction after a certain threshold or the need to maintain the proportions of incoming/outgoing Russian/foreign traffic), not the most reliable data centers - in almost every one periodically there are massive service outages for several hours, despite three independent electrical inputs, redundant Internet channels and diesel generators.
Selecting a virtualization type
If resources allow, then this is definitely KVM or XEN. But not all providers have these types of virtual machines available, and it costs a little more money than OpenVZ. Therefore, if your project is a certain site\two\ten with low traffic (up to about 10,000 unique hosts per day) and\or some kind of ICQ chat, then OpenVZ will be quite enough for you.
Well, if you need to perform any more resource-intensive tasks, such as hosting game servers or video chats, it is better to choose XEN | KVM, these types of virtualization are also worth choosing if there is a need to create VPN tunnels. It’s easier to install a VPN here than on OpenVZ.
Server Tuning
Next I will talk about various features that I configured on my server, some may be useful to you. Operating systems The one I'm using is Ubuntu 12.04.1 LTS. Since the vast majority of commands executed below require root privileges, and I am a lazy person, I perform all actions under root. It is usually impossible to log in directly as root, so log in as a user with sudo rights and run the command sudo -sRebuilding the kernel
If you chose OpenVZ, then you can safely skip this part of the article.
This procedure will not give a noticeable increase in productivity, and this procedure is needed only for self-development and “practice for the future.”
download the sources of the latest stable version of the kernel from the website kernel.org. On this moment this is version 3.6.7
wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.6.7.tar.bz2
Unpacking the archive
tar -xjf linux-3.6.7.tar.bz2
Install the packages necessary for compilation
aptitude update aptitude install build-dep linux kernel-package
go to the source folder and generate the kernel configuration. In our case, everything will happen automatically - only those modules that are needed by the current hardware will be included in the kernel. If you want to manually configure the kernel, then please google make config or make menugonfig.
cd linux-3.6.7 make localesconfig
We start compiling the kernel - the process is not fast, it takes from 15 minutes to several hours.
fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers
go up to the directory and install packages
cd .. dpkg -i linux-*.deb
We reboot and check that the kernel is up.
reboot uname -r
That's it, your system has a new kernel.
Changing the time zone and PC name
If you install Ubuntu on a dedicated server yourself, then you set the language and geographic parameters of the system during installation, but in the case of VDS, the provider has a ready-made system image, which it rolls out to your server. And it’s more pleasant for all of us to see the correct time for our time zone on the server.
So, let's set the time zone; to do this, run the command in the console
dpkg-reconfigure tzdata
A pseudo-graphical interface will appear in which we will select our location.
If suddenly (I’ve never seen this before) there are discrepancies in date/time, then run the following command, into which we substitute the current date and time
hwclock --set --date=”11/24/2012 16:19:55"
To change the server name, open the /etc/hostname file and replace the contents with the desired server name.
Install nginx with backend apache2, PHP, MySQL, phpmyadmin
In this part of the article, we will install and configure a web server designed for a large number of connections.
First, let's install a standard "children's" set of packages for the web server.
aptitude update aptitude install mysql-server mysql-client libmysqlclient15-dev apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-certlibapache2-mod-php5 libapache2-mod-ruby php5 php5-common php5-curl php5-dev php5- gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl phpmyadmin g++
We will be asked to set a password for MySQL, then they will ask us how to process phpmyadmin - we need to answer in Apache, and they will ask us for a password for MySQL for the needs of phpmyadmin
At the time of writing, phpmyadmin was not automatically registered in the apache2 configuration, as a result of which we see a 404 error at site_address.zone/phpmyadmin, so we open the file /etc/apache2/apache2.conf and add a line to the end
Include /etc/phpmyadmin/apache.conf
Enable apache2 modules
a2enmod include a2enmod rewrite a2enmod suexec a2enmod ssl
Let's draw the default Apache config. To do this, open /etc/apache2/sites-available/default, erase everything in this file and write the following:
The fact that port eight hundred is specified is not an error; nginx will hang on the standard HTTP port eightieth. For reasons unknown to me, most people recommend specifying /var/www/… for the DocumentRoot parameter, in my opinion it is more logical to keep important data in /home - it will be easier to set up backups.
Edit the /etc/apache2/ports.conf file
NameVirtualHost *:800 Listen 800
Copy the file /etc/apache2/sites-available/default to /etc/apache2/sites-enabled/site_address
It is better to name directories and files with configs by site addresses because in the future this will simplify the search for the necessary configs\directories, for example /home/www/tweedle.ru /etc/apache2/sites-enabled/tweedle.ru
We edit the /etc/apache2/apache2.conf file - change the value of the MaxClients parameter to 20, this must be done in two places.
We register the nginx repository; to do this, open the file /etc/apt/sources.list and add it to the end
deb http://nginx.org/packages/ubuntu/ precise nginx deb-src http://nginx.org/packages/ubuntu/ precise nginx
Install nginx and apache2-mod-rpaf
wget http://nginx.org/keys/nginx_signing.key apt-key add nginx_signing.key aptitude update aptitude install libapache2-mod-rpaf libpcre3 libpcre3-dev nginx
Next, let's configure nginx, to do this, open the file /usr/local/etc/nginx/nginx.conf and replace the contents with the following
user www-data; worker_processes 1; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events ( worker_connections 1024; ) http ( include /etc/nginx/mime.types; default_type application/octet-stream; server_names_hash_bucket_size 64; access_log /var/log/nginx/access.log; sendfile on; #tcp_nopush on; #keepalive_timeout 0 ; keepalive_timeout 65; tcp_nodelay on; gzip on; gzip_proxied any; gzip_min_length 300; gzip_http_version 1.0; gzip_buffers 4 8k; gzip_comp_level 9; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text /javascript; ) include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*;
in the event that the web server role is the main role of your server and/or sites have high traffic, the value of worker_processes is set equal to the number of available CPU cores, otherwise one process will be enough
create a config for our site /etc/nginx/sites-enabled/site_address.zone
server ( listen 80; server_name site_address.zone; access_log /var/log/nginx.access_log; location ~* \.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls| exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx|mp3|bsp)$ ( root /home/www/site_address.zone/; index index.php index .html index.htm; access_log off; expires 30d; ) location ~ /\.ht ( deny all; ) location / ( proxy_pass http://127.0.0.1:800/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X -Forwarded-for $remote_addr; proxy_set_header Host $host; proxy_connect_timeout 60; proxy_send_timeout 90; proxy_read_timeout 90; proxy_redirect off; proxy_set_header Connection close; proxy_pass_header Content-Type; proxy_pass_header Content-Disposition; proxy_pass_header Content-Length; ) )
install memcached, no additional settings not required for it
aptitude install memcached
install eAccelerator
aptitude install php5-dev aptitude install make cd /tmp/ wget https://github.com/downloads/eaccelerator/eaccelerator/eaccelerator-0.9.6.1.tar.bz2 tar xvjf eaccelerator-0.9.6.1.tar.bz2 cd eaccelerator- 0.9.6.1
Now, before we compile eAccelerator, we will fix one bug in the code, which is causing all sorts of problems, for example, authorization in phpmyadmin stops working. Open the eaccelerator.c file, line 867. Replace if (php_check_open_basedir(realname TSRMLS_CC)) ( with if (php_check_open_basedir(p->realfilename TSRMLS_CC)) ( Save and continue...
phpize ./configure --enable-eaccelerator=shared make make install
Create a folder for the cache and give rights to it
mkdir -p /var/cache/eaccelerator chmod 0777 /var/cache/eaccelerator
We configure php to work with eaccelerator; to do this, open the file /etc/php5/apache2/php.ini and add it at the top
extension = "eaccelerator.so" eaccelerator.shm_size = "16" eaccelerator.cache_dir = "/var/cache/eaccelerator" eaccelerator.enable = "1" eaccelerator.optimizer = "1" eaccelerator.check_mtime = "1" eaccelerator.debug = "0" eaccelerator.filter = "" eaccelerator.shm_max = "0" eaccelerator.shm_ttl = "0" eaccelerator.shm_prune_period = "0" eaccelerator.shm_only = "0" eaccelerator.compress = "1" eaccelerator.compress_level = " 9" eaccelerator.allowed_admin_path = "/var/www/eaccelerator"
We restart the services, making sure that the site is in /home/www/site_name
service apache2 restart service nginx restart service memcached restart
Now we have a fairly fast web server that consumes less than 100MB of RAM. Todo: There is one drawback - phpmyadmin, which is available at site_address.zone/phpmyadmin, is displayed ugly (without pictures), a temporary solution that I can suggest is to open phpmyadmin at site_address.zone:800/phpmyadmin
Installing pure-ftpd FTP server with MySQL support
The FTP server is useful to us for simple, fast and convenient transfer of information from the server to the server.
Install pure-ftpd with mysql support
aptitude install pure-ftpd-mysql
We create a group for ftp users and the user in it - this is done so that later it will be more convenient to monitor what is happening on your server.
groupadd -g 4001 ftpusers && useradd -u 4001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpusers ftp
Let's create a database in MySQL for pure-ftpd. This can be done through phpmyadmin, but with the great and mighty copy-paste it’s faster to do it in the console
mysql -u root –p
CREATE DATABASE pureftpd; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO "pureftpd"@"localhost" IDENTIFIED BY "pureftpd_password"; FLUSH PRIVILEGES;
Let's create a table that will store Accounts ftp.
USE pureftpd; CREATE TABLE ftpd (User varchar(16) NOT NULL default "", status enum("0","1") NOT NULL default "0", Password varchar(64) NOT NULL default "", Uid varchar(11) NOT NULL default "-1", Gid varchar(11) NOT NULL default "-1", Dir varchar(128) NOT NULL default "", ULBandwidth smallint(5) NOT NULL default "0", DLBandwidth smallint(5) NOT NULL default "0", comment tinytext NOT NULL, ipaccess varchar(15) NOT NULL default "*", QuotaSize smallint(5) NOT NULL default "0", QuotaFiles int(11) NOT NULL default 0, PRIMARY KEY (User), UNIQUE KEY User (User)) ENGINE=MyISAM; quit;
Now let's configure pure-ftpd; to do this, open the file /etc/pure-ftpd/db/mysql.conf and make its contents look like this:
MYSQLSocket /var/run/mysqld/mysqld.sock MYSQLUser pureftpd MYSQLPassword password_for_pureftpd MYSQLDatabase pureftpd MYSQLCrypt md5 MYSQLGetPW SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R ") MYSQLGetUID SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetGID SELECT Gid FROM ftpd WHERE User="\L"AND status= "1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetDir SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R" ) MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status=" 1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetQTASZ SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetQTAFS SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
Now let's make sure that the user's home directory is automatically created if it does not exist
echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
The following command will prevent users from accessing directories that are higher than their home directory.
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
And finally, we’ll disable checking user hostnames - this will significantly speed up the authorization process and slightly reduce the amount of traffic.
echo "yes" > /etc/pure-ftpd/conf/DontResolve
Restart the service to apply the settings
service pure-ftpd-mysql restart
Now let's create a www-ftp user with GID and UID 4002, home directory /home/www, download/upload speed limits of one megabyte per second and no restrictions on occupied disk space. I’ll give an example using the command line, you can also use “execute an SQL query” in phpmyadmin, or even use “add lines” in phpmyadmin - but in this case you need to not miss the fact that the password is stored in the database as its md5 hash , and in the password field select “Function” md5
mysql -u root -p
USE pureftpd; INSERT INTO `ftpd` (`User`, `status`, `Password`, `Uid`, `Gid`, `Dir`, `ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`, `QuotaFiles`) VALUES ("www-ftp", "1", MD5("password_for_user_www-ftp"), "4002", "4002", "/home/www", "1024", "1024", "Comment ", "*", "0", "0"); quit;
That's all, you can try to connect to your FTP server at the address site_address.zone with the login www-ftp and the specified password.
If you are going to transfer data via the FTP protocol that should not fall into the wrong hands, then it would be a good idea to set up TLS encryption. To do this, do the following:
echo 1 > /etc/pure-ftpd/conf/TLS mkdir -p /etc/ssl/private/
Install the openssl package if it is not installed and generate a certificate.
aptitude update aptitude install openssl openssl req -x509 -nodes -days 3652 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
We answer the questions - this data will be displayed in the created certificate.
Set access rights to the certificate and restart pure-ftpd
chmod 600 /etc/ssl/private/pure-ftpd.pem service pure-ftpd-mysql restart
That's all. Remember that in order for the data to be encrypted, you must enable TLS encryption on the client side, and not all FTP clients support it.
Installation of the game server management complex – Open Game Panel
Open game panel - aka OGP - the only one I found free solution, which allows you to monitor and manage a variety of game servers. At the time of writing, more than 50 different games are supported with servers on Windows platforms and Linux. Including such popular ones as Counter-Strike (2D, 1.5, 1.6, Source, GO) and Minecraft (Vanilla, Bukkit)
The complex consists of two parts - a web interface through which monitoring and management is carried out (frontend) and an agent - a service that hangs on machines with game servers and transmits logs to the frontend, and commands from the frontend to the game servers.
First of all, register on http://www.opengamepanel.org - this is not necessary for installation, but on the site you can download additional modules (for example, a billing system), themes and other goodies.
Install the necessary packages
aptitude update aptitude install libxml-parser-perl libpath-class-perl libarchive-any-perl screen
If the system is x64, then additionally install ia32-libs
aptitude install ia32-libs
Download the agent itself
wget "http://www.opengamepanel.org/downloads/ogp_agent_nightly.tar.gz" -O agent.tar.gz tar xf agent.tar.gz cd agent
We install. Attention - I previously created a user on the system, included him in the root and sudo groups and created his home directory - all this is necessary for the agent to work correctly.
bash ./install.sh
We will be asked for the user name under which the service will run - we need to indicate the one I spoke about in the previous paragraph, his password, the directory in which the executable files will be located (/home/username/OGP) and will be asked to enter the agent key - this not the user password, but the agent control key, we will need it later, and we will also be asked to agree to the Steam policy rules.
After installation, log in under the created user and run
cd /home/username/OGP perl ./ogp_agent.pl --log-stdout
They should write to us that everything is in order, the process is running and listening on port 12679.
Press ctrl+c, log in as root and register - this is necessary for the service to start when the system starts
update-rc.d ogp_agent defaults
If there are several servers (dedicated or virtual), then the agent must be installed on each
Now let's install the web interface from OGP, download the archive and unpack it
wget "http://www.opengamepanel.org/downloads/ogp_web_nightly.tar.gz" -O upload.tar.gz tar xf upload.tar.gz
Move the contents of the upload folder to the folder in which we have the site
In the browser, open the site_address.zone/folder_with_ogp and select the language, if suddenly we are told that we do not have enough rights to create any files or folders, then we issue the rights with 777 chmod, to do this, go to the folder with ogp and execute the command.
chmod 777 –v –R *
Updates! This set Spurs for deploying hosting was updated on March 28, 2015, now you can use them to deploy relatively fresh hosting under Ubuntu 14.04LTS.
Yesterday I noticed that Hetzner recently “updated the tariffs” and rolled out the VX18 configuration for only 18 € with VAT (for non-residents 15.8 €). In terms of characteristics - only 2 times more than on my old VQ19 tariff, in terms of quality nothing is clear, I assume that it is the same desktop hardware. The support doesn’t admit it, they say “just new tariffs, we need to offer us something.” I decided to give it a try. I ran unixbench on the old server and the new one, I was satisfied so far and started migrating the sites. For one thing, I decided to correct these cheat sheets for setting up hosting. (by the way, over time, the server’s performance will deteriorate when the server is “populated” or the node is changed to a more sluggish one, as I had with VQ19; for comparison, it is surprisingly more vigorous than VQ19).
Task
Expand under Ubuntu 14.04 LTS easy virtual web hosting for working in nginx, PHP-5.5, MySQL, as well as raise the mail server Dovecot2/Postfix and set up mail. I won’t deploy Apache, because I don’t see the point in it - nginx suits my needs no worse, but RAM consumes significantly less. The name server will be used by Hetzner, as it is more stable.
Presentation format
Below you can see a list of actions that will be announced in subsequent posts. When this moment happens - this page will be updated and the item will become a link :)
- Installing Munin server monitoring tools.
- Data backup.
- Scripts that simplify adding a new site.
Attention! I am not a seasoned admin and everything stated can be challenged by professionals in any form. I welcome all sorts of corrections, comments and advice.
Buying hosting from hetzner.de
I’m not much of a help to you in this matter, because... Anyone can cope with this task. Go here, select the tariff you like, click “Order now”. You will be directed to https://robot.your-server.de/order. Next, select your product again - for me it was “vServer VX18” and click “Order product”. On the next page you select Ubuntu 14.04 LTS 64bit minimal, architecture 64bit, number of servers 1. All my presentations below are for Ubuntu 14.04 LTS 64bit. Next, click “Add to shopping cart”. On the next page we check whether we have ordered and click “Checkout”. Next, if we have an account in the robot, we log in; if we don’t, we fill out all the fields and register. Must be filled out at English language(Full name transliterated). It is necessary that your full name. coincided with the transliteration on yours credit card, which you will pay. Then click “Create new account”. Somewhere further you will be asked about a credit card... In general, everything is the same as in a regular online store.
Which tariff plan should I choose?
Now I am using the VX18 tariff for 18€ (vServer VX18), because... the needs are gradually growing, but do not yet reach a real server. This tariff allows you to quite cheerfully pull up a dozen or two not very loaded sites. If you want to try something simpler for now, you can first take the VX6 tariff, but it has very little memory, the architecture will need to be 32bit. Also, do not forget that you cannot change the tariff on the fly with Hetzner - you need to buy another server and transfer everything to it.
What about nameserver?
And it's very simple. It’s expensive to raise your own, you need 2 IPs, we don’t need to load the server with all sorts of bots either, so we’ll use the name servers of Hetzner itself. True, this service is paid, it costs 0.5 € per year for 1 domain. It is better to activate this service as soon as the server is installed for you (you will be notified about this by EMail), because it connects no faster than the server (i.e. manually through operators). As I already described.
Preparing the server environment.
Well, the server has already been turned on for us, they gave us SSH - we can use it. First of all, let's update the installed software:
Sudo apt-get update sudo apt-get upgrade
If there are style errors blah blah blah …Hash Sum mismatch, do the following:
Sudo rm /var/lib/apt/lists/* sudo apt-get update sudo apt-get upgrade
Let's install Midnight Comander (something like FAR) to launch mc.
Sudo apt-get install mc
Now let’s write down the host name (I will carry out all the actions described below for the site koteika.ru, you can replace it with your domain, or come up with a host name to suit your taste.)
Sudo echo "koteika" > /etc/hostname sudo hostname -F /etc/hostname
Let's write fqdn (needed for mail), edit /etc/hosts so that it looks something like this:
### Hetzner Online AG installimage # nameserver config # IPv4 127.0.0.1 localhost.localdomain localhost 78.47.88.87 koteika.koteika.ru koteika # # IPv6::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00:: 0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts 2a01:4f8:d16:4346::2 koteika.koteika.ru koteika
All the beauty is in the lines 78.47.88.87 koteika.ru koteika And 2a01:4f8:d16:4346::2 koteika.koteika.ru koteika, where the first value is your server's IP, the second is the server's domain name in (FQDN) format, and the third is the hostname.
If you did everything correctly, you can see the results like this:
Hostname hostname -f
P.S. It is better to edit the files in something simple type, But simple changes can be done in mc. In the future we will have to edit a lot of configs, incl. vi is better to master.
If you liked my article, please do not be lazy to click any button below, or post a link to the article in your blog or forum. I'm always happy to answer your questions in the comments. Thank you :)
Hello! In this tutorial, I will show you how to install the Joomla CMS on a VDS/VPS server managed from the ISPmanager panel.
Note: The ISPmanager panel is very successful software, created to manage web servers, combining in a single interface, management of domains, databases, postal services. And also manage the user and organize a multi-level system of user rights.
In this article, the installation is demonstrated using ISPmanager Lite version 5.8.
Stages of installing Joomla 3 on VDS/VPS from ISPmanager
- 1: Adding a domain;
- 2: Create a database;
- 3: Uploading the Joomla distribution to the server;
- 4: Installation of Joomla with translation.
- 5: Checking the installation result, authorization in the administration panel.
Step 1: Adding a domain
The menu of working tabs is visible on the left. At the top of this menu, there are menu control buttons: you can open or close it, make a favorite menu from the most used tabs, all tabs are divided into groups, each group has a clear name.
The domain must be added on the “WWW Domains” tab, “Domains” group.
On open tab fill in all fields.
In the photo you see that the server is configured with possible protection against DDoS attacks. It hardly makes sense to enable this protection on a non-working site.
Result:WWW domain has been added. The server automatically created a domain without WWW, which can be checked on the “Domains” tab.
Note: Creating an email domain does not affect the operation of the site, so we will leave this topic for other articles.
At this stage, it is important to decide and select an HTTP web server for the site. It is important that the Apache web server is used. In this case you will be able to use SEO Joomla settings and use htaccess file. to manage site URLs.
There is an opinion that for CMS Joomla the preference in choosing web servers is ranked as follows:
- UNIX\Apache\Fast CGI\eAccelerator (most high speed combined with convenient operation).
- UNIX\Apache\Fast CGI (also, but more accessible).
- UNIX\Apache\mod_php (inconvenient work with CHMOD rights).
- UNIX\Apache\CGI (not maximum speed, but easy to use and compatible with all Joomla extensions).
My server doesn't have Fast CGI, so I use Apache\CGI. This setting server, allows you to enable compression mode and caching mode. They are needed to speed up the site. Let's immediately turn on the compression mode (compression level 5 is recommended) and turn on caching for a period of 7 days.
Point 2: Creating a Joomla site database
The database in the ISPmanager panel is created on the “Databases” tab, “Tools” group. There is a “Create” button on the tab.
Be sure to create a new user for the database in order to increase the security of the site. If you have several sites and you are the root user of the VDS server, you can manage all databases of your sites from the phpmyadmin panel at once, or manage each individual database of the site by logging into phpmyadmin under the login of an individual user of this database.
The created database must have three mandatory parameters that need to be recorded: the database name, the database user name, the access password, and the location of the database on this server. Typically, the location of the database server is local host. To check, you can see it in the “Server” column in the list (table) of created databases.
class="eliadunit">
Point 3: Uploading the Joomla distribution to the server
IN last lesson we uploaded Joomla to FTP using FTP client. Here, for example, we will upload the Joomla distribution kit to the server through file manager server.
Unfortunately, I will not be able to show the work of the file manager on this server, it is not connected, but there will be pictures.
Using the server's file manager, you do not need to unpack the distribution to upload Joomla folders and files to the root folder of the site.
- Open the server file manager;
- Open the root folder of the site;
- Download (button “Download”) zip archive Joomla;
- Unpack the archive (the “Unarchive” button);
- Delete the zip archive (select it by clicking and delete it with the “Delete” button);
- Checking CHMOD rights to Joomla directories and files. Directories CHMOD=755, files CHMOD=644.
Point 3: Installation of Joomla with translation
Installing Joomla is going through three or five system installation windows in the browser. Three windows without translation, five windows with translation into the desired language. Here we will immediately translate (localize) into Russian.
Window 1: Filling in the site data
Window 2: Entering database data
Window 3: Checking the server configuration for compliance with the Joomla system
Window 4: Go through the installation, proceed to installing the language
Window 5: Selecting a language for the site panel
Window 6: We complete the installation by deleting the “Installation” directory.
Go to the “Panel” and “Site” tabs. We check the translation.
Loading...
