Video on setting up a VPS on Linode
habré full instructions how to link Nginx with php5-fpm, even I have this wrote. But today I offer something new, namely video-manual buy and customize your own VPS on Linode.
The post is located in the hub of MODX not coincidentally, the lesson uses special scripts to make your work with MODX Revolution sites.
Watch the video strongly recommended super-cool admins and pregnant women!
Under the cut is details of the a + plan, works with the pieces of code for easy copypasted content.
the
The server is based on Ubuntu + Nginx + Php5-fpm + mySql + Sendmail.
Each site has
— 1 selected user
— 1 database
— 1 access via SFTP.
All website files belong to that user, it can come in remotely and change them. Php site runs on behalf of this user and has his rights.
In addition to limiting the rights of the php user rights, it also starts by disabling dangerous functions and enabling the open_basedir directory of the user.
This configuration is, in my opinion, as safe as possible. If you break one site — all the others even touch can not.
Above its directory just physically impossible to climb without hacking the kernel of the operating system — but that's another level of attack.
To access the console server uses the user user. I advise you to create this user under a different name. The root root allowed at all to an attacker except password had to choose another name.
After logging to the server user can do sudo to obtain root privileges.
This user should only be used for server management. It had no sites, he does not have files sites. Of course, it can also use SFTP for their needs.
The ssh port is protected from too much iptables, by blocking failed login attempts for 30 seconds.
The mail server is configured only for sending emails. Receiving mail, I recommend to give Yandex or Google.
All work sites ensure my console scripts, which remove all the pain in the ass to create sites, databases and other routine.
Suggest to customize a backup and upload to Dropbox this video is not.
the
1. Check on your Linode
For registration offer two links: referral (click Sign up at top right), and common. Click depending on mood.
For payment I used Qiwi Visa Virtual, which put $ 20.
If you pay in the second half of the month is up the money for a month and a half. If the first — then only for the remainder of the current, so there came only about $ 16.
2. Configuring ssh
It is necessary to prohibit the entrance root create user sudo and defend the 22nd port.
Protection script
the
In /etc/ssh/sshd_config
— Change PermitRootLogin no
— The comment
— Add to the end
the
3. Installing required packages
the
During installation you need to specify the password for root mySql.
4. Mail setup
In /etc/hosts you need to specify the external ip of the server for your domain (or localhost) to the sendmail to determine your ip.
The domain name must be specified in /etc/hostname.
the
You can then use to make my own email when sending to your domain in /etc/mail/sendmail.mc
the
Then in the console
the
And check
the
5. Installation and testing of scripts MODX
Addplace — gist.github.com/bezumkin/3833852 — Creates a place for the site
Install — gist.github.com/bezumkin/2179479 — Creates a place and puts MODX
Update — gist.github.com/bezumkin/2179440 — Upgrade MODX
Remove — gist.github.com/bezumkin/2179492 — Delete sites with website and database
6. Install PhpMyAdmin
Download the distribution here.
Create the directory config, writable, configurable login / password for database and save the configuration.
Then move it to the root of the site, a little change dump pma tables and import them in the database.
Don't forget to delete the directory config and setup, after successful configuration.
Now it should work.
the
Now at the post of -2. 12 pros and 14 cons.
Indeed, it is such a bad and unnecessary post that it should be scuttled, so that no one saw?
Who are the 34 people who brought it to your bookmarks?
I suppose I'll get upset and will remove unwanted post in drafts — to whom this will be better? There is an opinion, 34 people will not be happy when you are going to reread it. And 14 people won't know about it ever. Minusanul silently and walked away.
Where criticism of the video, where the indication of the flaws, or maybe links to such videos? Am I the Apache2 from under Ruta run, or what?
Looks like this is the last time I have something to publish on habré. I guess I just do not understand what the local audience.
Article based on information from habrahabr.ru
The post is located in the hub of MODX not coincidentally, the lesson uses special scripts to make your work with MODX Revolution sites.
Watch the video strongly recommended super-cool admins and pregnant women!
Under the cut is details of the a + plan, works with the pieces of code for easy copypasted content.
the
How it works
The server is based on Ubuntu + Nginx + Php5-fpm + mySql + Sendmail.
Each site has
— 1 selected user
— 1 database
— 1 access via SFTP.
All website files belong to that user, it can come in remotely and change them. Php site runs on behalf of this user and has his rights.
In addition to limiting the rights of the php user rights, it also starts by disabling dangerous functions and enabling the open_basedir directory of the user.
This configuration is, in my opinion, as safe as possible. If you break one site — all the others even touch can not.
Above its directory just physically impossible to climb without hacking the kernel of the operating system — but that's another level of attack.
To access the console server uses the user user. I advise you to create this user under a different name. The root root allowed at all to an attacker except password had to choose another name.
After logging to the server user can do sudo to obtain root privileges.
This user should only be used for server management. It had no sites, he does not have files sites. Of course, it can also use SFTP for their needs.
The ssh port is protected from too much iptables, by blocking failed login attempts for 30 seconds.
The mail server is configured only for sending emails. Receiving mail, I recommend to give Yandex or Google.
All work sites ensure my console scripts, which remove all the pain in the ass to create sites, databases and other routine.
Suggest to customize a backup and upload to Dropbox this video is not.
the
installation Steps
1. Check on your Linode
For registration offer two links: referral (click Sign up at top right), and common. Click depending on mood.
For payment I used Qiwi Visa Virtual, which put $ 20.
If you pay in the second half of the month is up the money for a month and a half. If the first — then only for the remainder of the current, so there came only about $ 16.
2. Configuring ssh
It is necessary to prohibit the entrance root create user sudo and defend the 22nd port.
Protection script
the
#!/bin/bash
# Clean up chains of rules
iptables-F INPUT
iptables-Z INPUT
iptables-P INPUT ACCEPT
iptables-F OUTPUT
iptables-Z OUTPUT
iptables-P OUTPUT ACCEPT
iptables-F FORWARD
iptables-Z FORWARD
iptables-P FORWARD ACCEPT
# Protect ssh port, lock time is 30 seconds
iptables -A INPUT -p tcp -m state --state NEW --dport 22-m recent --update --seconds 30 -j DROP
iptables -A INPUT -p tcp -m state --state NEW --dport 22-m recent --set-j ACCEPT
In /etc/ssh/sshd_config
— Change PermitRootLogin no
— The comment
#Subsystem sftp /usr/lib/openssh/sftp-server
— Add to the end
the
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory %h
AllowTCPForwarding no
ForceCommand internal-sftp
3. Installing required packages
the
apt-get install python-software-properties
add-apt-repository ppa:nginx/stable
apt-get update
apt-get dist-upgrade-y
apt-get install nginx php5-fpm mysql-server php5-mcrypt php5-mysql php5-curl php-db php5-gd htop zip unzip sendmail
During installation you need to specify the password for root mySql.
4. Mail setup
In /etc/hosts you need to specify the external ip of the server for your domain (or localhost) to the sendmail to determine your ip.
The domain name must be specified in /etc/hostname.
the
127.0.0.1 localhost
195.167.123.115 mydomain.com mydomain
You can then use to make my own email when sending to your domain in /etc/mail/sendmail.mc
the
define(`MAIL_HUB', `mydomain.com.')dnl
define(`LOCAL_RELAY', `mydomain.com.')dnl
Then in the console
the
sendmailconfig
service sendmail restart
And check
the
echo -e "To: user@mydomain.com\nSubject: Test\nTest\n" | sendmail -bm-t-v
5. Installation and testing of scripts MODX
Addplace — gist.github.com/bezumkin/3833852 — Creates a place for the site
Install — gist.github.com/bezumkin/2179479 — Creates a place and puts MODX
Update — gist.github.com/bezumkin/2179440 — Upgrade MODX
Remove — gist.github.com/bezumkin/2179492 — Delete sites with website and database
6. Install PhpMyAdmin
Download the distribution here.
Create the directory config, writable, configurable login / password for database and save the configuration.
Then move it to the root of the site, a little change dump pma tables and import them in the database.
Don't forget to delete the directory config and setup, after successful configuration.
Now it should work.
the
Updated.
Now at the post of -2. 12 pros and 14 cons.
Indeed, it is such a bad and unnecessary post that it should be scuttled, so that no one saw?
Who are the 34 people who brought it to your bookmarks?
I suppose I'll get upset and will remove unwanted post in drafts — to whom this will be better? There is an opinion, 34 people will not be happy when you are going to reread it. And 14 people won't know about it ever. Minusanul silently and walked away.
Where criticism of the video, where the indication of the flaws, or maybe links to such videos? Am I the Apache2 from under Ruta run, or what?
Looks like this is the last time I have something to publish on habré. I guess I just do not understand what the local audience.
Комментарии
Отправить комментарий