Server installation style guide

For comments, corrections, etc, create an issue or edit on Github

• Update & upgrade system

  apt update
  apt upgrade
  

• Install basic packages

  apt install language-pack-es-base
  apt install unzip
  apt install nginx
  apt install mysql-server
  apt install php7.2-common php7.2-cli php7.2-fpm
  apt install php7.2-curl php7.2-gd php-imagick php7.2-mbstring php7.2-xml php7.2-mysql
  apt install composer
  apt install certbot
  apt install python3-certbot-nginx
  

• Configure the server time

  dpkg-reconfigure tzdata
  

• Disable SSH password authentication

  Edit /etc/ssh/sshd_config:

  PasswordAuthentication no
  PubkeyAuthentication yes
  ChallengeResponseAuthentication no
  

  service ssh reload
  

• Add Swap file

  Example with 1GB file saved as /swapfile, but that depends of your needs.

  fallocate -l 1G /swapfile
  chmod 600 /swapfile
  mkswap /swapfile
  swapon /swapfile
  echo "/swapfile none swap sw 0 0" >> /etc/fstab
  sysctl vm.swappiness=10
  sysctl vm.vfs_cache_pressure=50
  

  Edit the file /etc/sysctl.conf with the following values:

  vm.swappiness=10
  vm.vfs_cache_pressure=50
  

For comments, corrections, etc, create an issue or edit on Github

• Nginx snippets

  Download the nginx snippets

  service nginx stop
  cd /etc/nginx
  git clone https://github.com/oscarotero/nginx-snippets.git snippets/nginx-snippets
  vi nginx.conf
  

  Edit nginx config:

  # Replace this:
  include /etc/nginx/mime.types;
  
  # By this
  include snippets/nginx-snippets/http.conf;
  

• Set the default php config

  cd /etc/php/7.2/fpm/pool.d/
  mv www.conf default
  

For comments, corrections, etc, create an issue or edit on Github

• Create the user

  adduser --home /var/www/mydomain.com myuser
  

• Generate the ssh keys

  su - myuser
  ssh-keygen
  

  Insert your public key in .ssh/authorized_keys to login to this server with this username

• Create the directories to web and logs

  mkdir www
  mkdir logs
  

• Assign the correct permissions to the directory

  exit # exit of user
  chmod 710 /var/www/mydomain.com
  chmod 770 /var/www/mydomain.com/logs
  chgrp www-data /var/www/mydomain.com /var/www/mydomain.com/logs
  

For comments, corrections, etc, create an issue or edit on Github

• Create the database

  Create also the user and configure the privileges

  CREATE DATABASE `myuser` DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_general_ci;
  CREATE USER 'myuser'@'localhost' IDENTIFIED BY 'mypassword';
  GRANT ALL PRIVILEGES ON `myuser`.* TO 'myuser'@'localhost';
  FLUSH PRIVILEGES;
  

• Configure the PHP

  Rename the default conf file and create a pool for this domain:

  cd /etc/php/7.2/fpm/pool.d/
  cp default myuser.conf
  vi myuser.conf
  

  Edit the myuser.conf file with the following changes:

  ; pool name ('www' here)
  [myuser]
  
  user = myuser
  group = myuser
  
  listen = /run/php/php7.2-fpm-$pool.sock
  
  php_admin_value[error_log] = /var/www/mydomain.com/logs/php.error
  

  service php7.2-fpm restart
  

• Configure the server

  cd /etc/nginx/sites-available
  vi mydomain.com
  

  # http -> https
  server {
    listen [::]:80;
    listen 80;
  
    server_name mydomain.com www.mydomain.com;
  
    return 301 https://$host$request_uri;
  }
  
  # www -> non-www
  server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
  
    server_name www.mydomain.com;
  
    return 301 https://$host$request_uri;
  }
  
  server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
  
    server_name mydomain.com;
  
    root /var/www/mydomain.com/www;
  
    include snippets/nginx-snippets/server.conf;
  
    location / {
      include snippets/nginx-snippets/html.conf;
  
      try_files $uri $uri/ /index.php?$query_string;
    }
  
    # Media and fonts
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc|ttf|ttc|otf|eot|woff|woff2)$ {
      include snippets/nginx-snippets/media.conf;
    }
  
    # Assets: css, javascript, etc
    location ~* \.(?:css|js|webmanifest)$ {
      include snippets/nginx-snippets/assets.conf;
    }
  
    location ~ \.php$ {
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_pass unix:/var/run/php/php7.2-fpm-myuser.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
      include snippets/nginx-snippets/html.conf;
  
      try_files $uri $uri/ /index.php?$query_string;
    }
  
    access_log /var/www/mydomain.com/logs/nginx.log combined buffer=32k flush=60;
    error_log  /var/www/mydomain.com/logs/nginx.error;
  }
  

• Enable the site

  cd /etc/nginx/sites-enabled/
  ln -s ../sites-available/mydomain.com mydomain.com
  

• Create the certificate

  certbot --nginx
  

  Note: Choose do not redirect from http to https because it’s already configured Execute certbot renew to renew the certificates.