/ubuntu-16.04-server-checklist

my checklist for creating new ubuntu 16.04 server

MIT LicenseMIT

ubuntu-16.04-server-checklist

my checklist for creating new ubuntu 16.04 server

Initial config

  1. Login as root
  2. Add new user: adduser imper
  3. Add root privileges: usermod -aG sudo imper and logout
  4. Copy your public key from your machine: ssh-copy-id imper@serverhost
  5. Login as imper
  6. Add autocompletion for bash with: sudo apt update sudo apt install bash-completion and logout/login again
  7. Add software-properties-common: sudo apt install software-properties-common
  8. Install nano sudo apt-get install nano
  9. Edit sshd config: sudo nano /etc/ssh/sshd_config and set PasswordAuthentication no
  10. Reload sshd: sudo systemctl reload sshd
  11. Setup firewall:
    1. Install ufw: sudo apt-get install ufw
    2. sudo ufw allow OpenSSH
    3. sudo ufw enable
    4. Check status with sudo ufw status

Additional steps for initial

  1. Configure timezones with sudo dpkg-reconfigure tzdata
  2. Install NTP for time synchronization sudo apt-get install ntp

Nginx

  1. sudo add-apt-repository ppa:ondrej/nginx
  2. sudo apt update
  3. sudo apt install nginx
  4. sudo ufw allow 'Nginx Full'

MariaDB

  1. Visit https://downloads.mariadb.org/mariadb/repositories/#mirror=kisiek for actual repository instructions
  2. mysql_secure_installation
  3. Login to mysql with sudo mysql -p
  4. Add new user CREATE USER 'imper'@'localhost' IDENTIFIED BY 'password';
  5. GRANT ALL PRIVILEGES ON * . * TO 'imper'@'localhost';
  6. FLUSH PRIVILEGES; and exit

PHP

  1. Add ondrej repos: sudo add-apt-repository ppa:ondrej/php
  2. sudo apt-get update
  3. sudo apt-get install php7.2-fpm php7.2-mysql
  4. Additionals: sudo apt-get install php7.2-bcmath php7.2-bz2 php7.2-cgi php7.2-curl php7.2-gd php7.2-imap php7.2-intl php7.2-mbstring php7.2-soap php7.2-xml php7.2-xmlrpc php7.2-zip
  5. Imagick: sudo apt-get install php-imagick

Let's encrypt

  1. Installation:
    1. sudo add-apt-repository ppa:certbot/certbot
    2. sudo apt-get update
    3. sudo apt-get install python-certbot-nginx
  2. Obtain cert with: sudo certbot --nginx -d example.com -d www.example.com
  3. Add auto renewal to crontab:
    1. sudo crontab -e
    2. Add 30 2 * * 1 certbot renew >> /var/log/certbot-renew.log
    3. Add 35 2 * * 1 systemctl reload nginx

Node.js

  1. sudo apt-get install curl
  2. curl -sL https://deb.nodesource.com/setup_8.x -o nodesource_setup.sh
  3. sudo bash nodesource_setup.sh
  4. sudo apt-get install nodejs
  5. sudo apt-get install build-essential

Yarn

  1. curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
  2. echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
  3. sudo apt-get update && sudo apt-get install yarn

Composer

  1. wget https://getcomposer.org/installer
  2. php installer
  3. sudo mv composer.phar /usr/local/bin/composer

CacheTool

  1. curl -sO http://gordalina.github.io/cachetool/downloads/cachetool.phar
  2. chmod +x cachetool.phar
  3. sudo mv cachetool.phar /usr/local/bin/phpcachetool
  4. Create config file under /etc/cachetool.yml
    1. adapter: fastcgi
    2. fastcgi: /run/php/php7.2-fpm.sock

RabbitMQ

  1. cd ~
  2. wget http://packages.erlang-solutions.com/site/esl/esl-erlang/FLAVOUR_1_general/esl-erlang_20.1-1~ubuntu~xenial_amd64.deb
  3. sudo dpkg -i esl-erlang_20.1-1\~ubuntu\~xenial_amd64.deb
  4. Verify erlang version with erl double ctrl+c to exit
  5. echo "deb https://dl.bintray.com/rabbitmq/debian xenial main" | sudo tee /etc/apt/sources.list.d/bintray.rabbitmq.list
  6. wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
  7. sudo apt-get update
  8. sudo apt-get install rabbitmq-server
  9. sudo systemctl start rabbitmq-server.service
  10. sudo systemctl enable rabbitmq-server.service
  11. sudo rabbitmqctl status
  12. sudo rabbitmqctl add_user admin password
  13. sudo rabbitmqctl set_user_tags admin administrator
  14. sudo rabbitmqctl set_permissions -p / admin ".*" ".*" ".*"

Others

  1. git
  2. redis
  3. supervisord
  4. wkhtmltopdf
  5. elasticsearch

Configs

PHP config

  1. sudo nano /etc/php/7.2/fpm/php.ini
    1. cgi.fix_pathinfo=0
    2. opcache.memory_consumption=256
    3. opcache.max_accelerated_files=20000
    4. opcache.validate_timestamps=0
    5. realpath_cache_size=4096K
    6. realpath_cache_ttl=600
    7. max_execution_time = 180
    8. max_input_time = 180
    9. memory_limit = 512M
    10. post_max_size = 100M
    11. upload_max_filesize = 100M
    12. default_socket_timeout = 120
    13. pdo_mysql.cache_size = 4000
    14. mysqli.cache_size = 4000
    15. session.sid_length = 40
    16. session.sid_bits_per_character = 4
    17. mbstring.language = Polish
    18. soap.wsdl_cache_enabled=0
    19. opcache.enable=1
    20. opcache.enable_cli=1
  2. sudo nano /etc/php/7.2/fpm/pool.d/www.conf
    1. user = imper
    2. group = imper
    3. pm.max_children = 20
    4. pm.start_servers = 5
    5. pm.min_spare_servers = 5
    6. pm.max_spare_servers = 20
    7. slowlog = /var/log/php.$pool.log.slow
    8. request_slowlog_timeout = 10s

Nginx config

  1. sudo nano /etc/nginx/nginx.conf
    1. user imper
    2. listen.owner = imper
    3. listen.group = imper

MariaDB config

  1. sudo nano /etc/mysql/my.cnf
    1. query_cache_limit = 4M
    2. query_cache_size = 128M
    3. innodb_buffer_pool_size = 512M
    4. Under [mysqld] insert:
      • character-set-server = utf8mb4
      • collation-server = utf8mb4_polish_ci
      • innodb_ft_min_token_size = 1
      • ft_min_word_len = 1