Perfect Server Setup for 2013

I remember how much fun it was a few years back to check out all the perfect server guides for Ubuntu Server and try to create the absolute most optimized web server setup for my old HP. Those guides are getting aged and I’ve ended up making my own configuration profile over the years. VPS hosting is a great way to improve most issues caused by shared hosting and I recommend it for making things easier, making things fun, making things faster, and keeping your hosting affordable!

This guide assumes you know your way around the command line a bit and have deployed Linux in the past. This guide is merely scaffolding and I encourage you to pursue more optimizations based on your own research. I use Rackspace Cloud for my web host, but you can use any modern VPS provider. There are plenty of options out there now! I also suggest using an Aptitude based distribution (meaning Ubuntu Server for most folks).

This specific setup offers great ease to developers, since the only things that need to be done to host a new domain are to create a new folder and to CNAME to the server. There is a nice directory structure and things remain isolated from your home folder.

Step 1 - VPS Setup

First you’re going to need to create an account on your VPS provider. I choose Rackspace Cloud and they require that you answer a call from their customer support team to open your account. They’re super nice so just do it. Once you’re in to your control panel, click the “Create Server” button. That will guide you though the initial creation of your server. If you’re not certain what to choose here, the newest Ubuntu Server LTS edition and the smallest amount of RAM should work very nicely. If you ever need more in the future, you can add it easily. Creating a server takes about 10 - 15 minutes.

Rackspace has some pretty neat tools for servers in this interface too, like monitoring and backup applications. They’re a bit pricy for me and my needs, but if they look like a good deal to you, I recommend you install them!

Step 2 - Accessing your VPS

When Rackspace tells you that your server is ready, you can log in with SSH. You will need to get the IP address and root password from your VPS control panel. Then login with the following command:

$: ssh root@%YOUR_IP_ADDRESS%

Viola! Your server is now online and you’re in. Chances are that it doesn’t do anything yet and that’s fine - let’s work on getting the operating system secured and then you can make the server come to life.

Step 3 - User Management

Since VPS instances tend to start on the Root account, you’re going to need to create your own user account and just sudo in commands. It makes it harder for you to accidentally destroy things and if your server is compromised, you don’t want others in your root account.

$: adduser %YOUR_USERNAME%

This will ask you for your desired password. Next up, we want to create an admin group so that you can use Sudo. Ubuntu has the group admin setup in the sudoers file, but the group didn’t exist in my Ubuntu setup for some reason. Create it like so:

$: addgroup admin

Now we need to have you enter both the admin and the www-data groups, the latter so that you can work on your websites in a foreign directory without permissions escalations.

$: useradd %YOUR_USERNAME% admin
$: useradd %YOUR_USERNAME% www-data

Once this all checks out, exit your current SSH session and log back in with your new username.

$: exit
$: ssh %YOUR_USERNAME%@%YOUR_IP_ADDRESS%

Now you need to verify that you are able to use sudo, try a command like so:

$: sudo nano /etc/hosts

Don’t make any changes, but just save (control-s) and see if Nano gives you an error message. If not, you are successfully a part of the sudo group and can now safely disable the root user for security purposes.

$: sudo passwd -l root

Step 4 - System Updates

Now you need to verify that your system is up-to-date by running the following two commands:

$: sudo aptitude update
$: sudo aptitude upgrade

If the second command asks, just put a ‘Y’ to install the updates. After this is finished, you may need to reboot your server. When you are set, it’s a good idea to activate automatic updates like so:

$: sudo aptitude install unattended-upgrades

Now your system should install important updates when needed, and you can still run those two updates above every once in a while to make sure that non-essential or non-security related updates are installed.

Step 5 - LAMP Stack Installation

Now that your system has some security enhancements, you can install your LAMP stack. My favorite way to do it is with a command called tasksel:

$: sudo tasksel

Once this opens, you have a dialog box in your terminal. Do not press the enter key here! Scroll down with the down key, and select the LAMP server option with your spacebar. Press tab and verify the Okay button is selected, then you may hit the enter key. You will be asked to choose a MySQL root password here - just put one in or it will never leave you alone about not having a password.

Once you have the LAMP stack installed, you need to drop an apache configuration in. I have one created specifically for this task. The following command should work:

$: sudo curl https://raw.github.com/kylehotchkiss/heartfiles/master/webservers/apache.conf \
| sudo tee /etc/apache2/sites-available/hotchkissmade

This command is one line, make sure you enter it as one in your terminal. Once this is complete, enable it as the primary Apache config by running the following commands:

$: sudo a2ensite hotchkissmade && sudo a2dissite default

Step 6 - Other Apache Setup

Now we need to do a couple more things to Apache to verify that it’s ready to host things for you. Enable both the virtual hosting and rewrite modules like so:

$: sudo a2enmod rewrite vhost_alias

You also should install XCache to accelerate PHP.

$: sudo aptitude install php5-xcache

Step 7 - Directory Establishment

Now that Apache is ready to host some sites, you can create the directory structure needed to host your sites:

$: sudo mkdir /srv/_apache
$: sudo touch /srv/_apache/error.log && sudo touch /srv/_apache/access.log
$: sudo chmod -R 775 /srv && sudo chown -R www-data:www-data /srv

What this does is takes over the /srv folder for your websites, creates a log folder called _apache (which isn’t accessible by mod_vhost since the underscore character isn’t valid in hostnames), and places your error and access logs there. Note: I currently don’t have a rotate script setup to keep these files small. You should consider one if your sites are getting busy!

Step 8 - Setup First Site

We’re finally ready to setup your first site. Just because Wordpress is popular, let’s install that as the first:

$: cd /srv/
$: wget http://wordpress.org/latest.tar.gz
$: tar xvfz latest.tar.gz
$: sudo chmod -R 775 && sudo chown -R www-data:www-data
$: mv wordpress %YOUR_FIRST_DOMAIN_NAME%

Now you can point your DNS at your server, and Apache should make the Wordpress installer come up for your new URL. If you got this far, you should continue your studies by figuring out the best way to get MySQL running for your setup.

I’ve been using this exact setup for a number of years due to its ease of maintenance, ease of access, and ease of site creation. I hope you give it a shot and see if it works for you! A nice VPS setup makes being a web developer much more fun.

Missing - Don’t Forget!

I missed a couple details here. I wrote this post since we were required to blog for one of my classes. I wanted to dive deeper into universal error pages, firewall setup, and some other tips and tricks for your new server. You also should consider a log rotator. Read up on these on your own time! The best thing about VPS hosting is that you can restart quickly if you mess things up really bad.

Sources