Last revision: 25 of April of 2020
Table of contents
- Forming the Operating system
- Installation of MariaDB
- Installation of LiteSpeed
- Installation of PHP
- Installation of Redis
- Configuration of the HTTPS
- Configuration of firewall
Here we left a small manual you of installation from an installation of basic operating system of Ubuntu 18.
Forming the Operating system
Once the operating system is installed, first that we will form will be the hour of the servant. In this case we will form the hour zone of Madrid.
timedatectl set-timezone Europe/Madrid timedatectl set-NTP on
The following thing that we will do is to verify the version of the operating system and, later, to make a complete update of the same.
update lsb_release - to apt - and && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove
Once this all updated, we installed some tools and software base that can be useful to have in the system.
apt - and install software-properties-common curl vim unzip ufw
Installation of MariaDB
The following step will be the installation of the data base. In this case we are going to use MariaDB 10.3. First that we will do will be to form the unloading, and later its installation.
apt-key adv --recv-keys --to keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 add-apt-repository deb [arch=amd64, arm64, ppc64el] http://tedeco.fi.upm.es/mirror/mariadb/repo/10.3/ubuntu bionic main apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install mariadb-server mariadb-client
Now that is installed, we will come to the initial configuration. For it we will use the system safe installation, that it will do some questions to us.
To the question of if we want to change the password, following if we have put or not in the installation, we will change it. In case of not to have put no, is very recommendable to put a safe password to him.
Set root password? [Y/n]: And
The rest of questions, we will answer the following thing:
Remove anonymous users? [Y/n]: And Disallow root login remotely? [Y/n]: And Remove test database and Access to it? [Y/n]: And Reload privilege tables now? [Y/n]: And
At this moment already we will have the data base formed. Now we will cause that one executes in re homes of the system and we will initiate it.
systemctl stop mysql.service systemctl start mysql.service
Installation of LiteSpeed
At this moment we have the data base formed and are going to come to the installation from the Web server. In this case we are going to use LiteSpeed. It is necessary to remember that for the use of this Web server it is necessary to have a license. In order to see the last version of the system he is very recommendable to visit the card of unloadings (in this case stable is going away to use version 5.3.8).
CD /root/ bash < (curl https://get.litespeed.sh) 1234-abcd-5678-EFGH
NOTE: Please, 1234-abcd-5678-EFGH by your license replaces the code.
And the round of questions begins
Does Do you agree with stupefy license? YES Destination [/usr/local/lsws]: User yam [admin]: Password: Email addresses [root@localhost]: firstname.lastname@example.org Please select (0-7) ? 0 User [nobody]: Group [nogroup]: HTTP port : 80 Admin HTTP port : Setup up PHP [Y/n]: And for Suffix PHP script (comma separated list) [php]: Inable chroot [y/N]: and Chroot directory without trailing /: Does /usr/local/lsws Would you like to install AWStats Add-on modulate [y/N]? n Would does you like to have LiteSpeed Web server started automatically when the server restarts [Y/n]? and Would you like to start it right now [Y/n]? and
Now that we have nginx installed, we are going it to form so that one automatically begins in re homes of the system.
/usr/local/lsws/bin/lswsctrl stop /usr/local/lsws/bin/lswsctrl start
At this moment already we have the Web server, reason why we are going to install and to form PHP so that he correctly works with the Web server and data base. In this case we are going to install version PHP 7.3. It is necessary to consider that LiteSpeed works with its own versions of PHP; so we will have to install his own system.
wget - Or - http://rpms.litespeedtech.com/debian/enable_lst_debain_repo.sh | bash apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove
Installation of PHP
Now we will define the list of libraries to install.
apt - and install lsphp73 lsphp73-common lsphp73-dev lsphp73-curl lsphp73-imap lsphp73-intl lsphp73-json lsphp73-memcached lsphp73-mysql lsphp73-opcache lsphp73-redis php-imagick php-libsodium libgeoip-dev
Installation of Redis
In order to work with some improvements in the yield of the cache of objects, we are going to let ready Redis as storage system.
apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install redis-server
Later, and of the same form that the rest of elements, we are going it to form so that one begins automatically if the servant is reinitiated.
systemctl stop redis-server.service systemctl inable redis-server.service systemctl start redis-server.service
In order to avoid problems with other Web servers we will review and eliminate possible incompatibilities.
apt - and remove nginx apache2
Configuration of the HTTPS
As we are going to mount our Web on a safe Web server (HTTPS), we will need to install the certificate generator of Let's Encrypt, previously so that we will prepare the systems for the creation of safe keys.
openssl dhparam - out /etc/ssl/certs/dhparam.pem 2048
And at this moment we will install the system of certificate creation certbot.
add-apt-repository ppa: certbot/certbot apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install python-certbot-nginx
So that the certificates are updated automatically, we will once activate a task programmed (cron) to the day that automatically renews certificates.
crontab - e
Once inside, we will form, for example, that executes to the 06:45 every morning.
45 6 * * * certbot renew --dry-run
Configuration of firewall
In order to finish, we are going to activate the Firewall and to later let only open to the ports of SSH (by which we are working at the moment) and the ports Web, leaving the inactive rest.
ufw app list ufw allow ssh ufw allow HTTP ufw allow https ufw allow 8088/tcp ufw allow 7080/tcp ufw inable
As of this moment we can reinitiate the machine if we want, and we will already have it list to begin its use and to mount the websites.