Last revision: 26 of April of 2020
Table of contents
- Forming the Operating system
- Installation of MariaDB
- Installation of nginx
- Installation of PHP
- Installation of Redis
- Configuration of the HTTPS
- Configuration of firewall
Here we left a small manual you of installation from an installation of basic operating system of Debian 9.
Forming the Operating system
Once the operating system is installed, first that we will form will be the hour of the servant. In this case we will form the hour zone of Madrid.
timedatectl set-timezone Europe/Madrid timedatectl set-NTP on
The following thing that we will do is to verify the version of the operating system and, later, to make a complete update of the same.
update lsb_release - to apt - and && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove
Once this all updated, we installed some tools and software base that can be useful to have in the system.
apt - and install software-properties-common curl vim unzip ufw dirmngr
Installation of MariaDB
The following step will be the installation of the data base. In this case we are going to use MariaDB 10.3. First that we will do will be to form the unloading, and later its installation.
apt-key adv --recv-keys --to keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 add-apt-repository deb [arch=amd64, arm64, ppc64el] http://tedeco.fi.upm.es/mirror/mariadb/repo/10.3/debian stretch main apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install mariadb-server mariadb-client
Now that is installed, we will come to the initial configuration. For it we will use the system safe installation, that it will do some questions to us.
To the question of if we want to change the password, following if we have put or not in the installation, we will change it. In case of not to have put no, is very recommendable to put a safe password to him.
Set root password? [Y/n]: And
The rest of questions, we will answer the following thing:
Remove anonymous users? [Y/n]: And Disallow root login remotely? [Y/n]: And Remove test database and Access to it? [Y/n]: And Reload privilege tables now? [Y/n]: And
At this moment already we will have the data base formed. Now we will cause that one executes in re homes of the system and we will initiate it.
systemctl stop mysql.service systemctl start mysql.service
Installation of nginx
At this moment we have the data base formed and are going to come to the installation from the Web server. In this case we are going to use nginx. In order to be, we will not use the version that comes with the operating system, but more updated and maintained.
apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install nginx nginx-extras
Now that we have nginx installed, we are going it to form so that one automatically begins in re homes of the system.
systemctl stop nginx.service systemctl inable nginx.service systemctl start nginx.service
Installation of PHP
At this moment already we have the Web server, reason why we are going to install and to form PHP so that he correctly works with the Web server and data base. In this case we are going to install version PHP 7.3. First we will make the installation of the up-to-date packages more (than they are not those that come with the operating system) and that in case of needing it, in addition, would allow us to have several versions of PHP in parallel.
apt - and install apt-transport-https lsb-release CA-certificates wget - Or /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg sh - c I throw deb https://packages.sury.org/php/ $ (it lsb_release - sc) main > /etc/apt/sources.list.d/php.list apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install php7.3 php7.3-fpm php7.3-common php7.3-dev php7.3-cli php7.3-bcmath php7.3-curl php7.3-gd php7.3-imap php7.3-json php7.3-mbstring php7.3-mysql php7.3-opcache php7.3-soap php7.3-XML php7.3-xmlrpc php7.3-zip php-imagick php-libsodium php-ssh2 php-xdebug libgeoip-dev
In some cases, the Integra system Apache httpd of series, reason why we will make a cleaning, in case it is something of installed him.
apt - and purge apache2*
Now that already we have installed PHP correctly, we are going to activate it so that when it is reinitiated the system is executed automatically.
systemctl stop php7.3-fpm.service systemctl inable php7.3-fpm.service systemctl start php7.3-fpm.service
Installation of Redis
In order to work with some improvements in the yield of the cache of objects, we are going to let ready Redis as storage system.
apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install redis-server php-redis
Later, and of the same form that the rest of elements, we are going it to form so that one begins automatically if the servant is reinitiated.
systemctl stop redis-server.service systemctl inable redis-server.service systemctl start redis-server.service
Configuration of the HTTPS
As we are going to mount our Web on a safe Web server (HTTPS), we will need to install the certificate generator of Let's Encrypt, previously so that we will prepare the systems for the creation of safe keys.
openssl dhparam - out /etc/ssl/certs/dhparam.pem 2048
And at this moment we will install the system of certificate creation certbot.
apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install certbot python-certbot-nginx
So that the certificates are updated automatically, we will once activate a task programmed (cron) to the day that automatically renews certificates.
crontab - e
Once inside, we will form, for example, that executes to the 06:45 every morning.
45 6 * * * certbot renew --dry-run
Configuration of firewall
In order to finish, we are going to activate the Firewall and to later let only open to the ports of SSH (by which we are working at the moment) and the ports Web, leaving the inactive rest.
ufw app list ufw allow smtp ufw allow OpenSSH ufw allow Nginx Full ufw inable
As of this moment we can reinitiate the machine if we want, and we will already have it list to begin its use and to mount the websites.