Task list when setting up a new web server. [LAMP]

This is my to-do list when preparing to deploy a new web server. The majority of the time I use Ubuntu as the operating system, though I have used Fedora and CentOS in the past. I also manage RedHat Enterprise Linux servers at work. These tasks are mainly for a web server. Setting up just a file server is a lot less work; while setting up a proper mail server is significantly more work, since they are a constant pain to configure and maintain. With a mail server you have to think of local vs external user access; logging and connection encryption; how you are going to store files; user interface and its security; MX black lists, SPAM, and open relays.

Base Programs

  • Install Apache
    • Optimize configuration based on server resources.
    • Install modules
      • mod_ssl
      • mod_xml
      • mod_perl
      • mod_php
      • mod_soap
    • If you are going to us HTTPS, update ssl.conf, in conf.d, with the location and file names of the cert and its SSL key.
  • Install MySQL
    • Optimize configuration based on server resources.
  • Install SQLite
  • Install PHP
  • Update Perl and its modules.
  • Install vsFTPd or ProFTPd. Standard FTP is optional. You can always use SFTP, which will only require configuring SSH.

Security

  • Configure SSH.
    • Disable root login.
    • Limit login only to specific users, e.g. hosted websites.
  • Configure FTP server.
    • Disable root, apache, and mysql login.
    • Limit login only to specific users, e.g. hosted websites.
  • Configure MySQL
    • Set password for root user.
    • Add a new user for each hosted website. Limit login to localhost. Administrators can connect to the database after they first authenticate via SSH.
  • Update iptables.

Maintenance Tasks

  • Schedule database back-ups.
  • Schedule site back-ups.
  • Setup and schedule remote back-up of the database and site backups.
  • If using FTP server, disable start on boot. Schedule CRON job to start and stop the FTP server during work hours. There is no need to keep the door open and allow bots to keep knowing on the server 24/7.
  • Configure NTP updates to ensure server time is accurate.

Migrating a Website

  • Create a new user and home directory. Choose alphanumeric case sensitive password.
  • Add user to FTP list of allowed users.
  • Upload website files.
  • Update SSH config to accept connections for this user.
  • Create MySQL user. Choose alphanumeric case sensitive password. Limit only to localhost.
  • Import database.
  • Update web sites configuration files, e.g. database name, username, and password.
  • Create Apache non-SSL and SSL website profiles, when applicable.
  • Add new user group to Apache’s group list. In case apache needs to modify files.
  • Test website.
  • Update DNS settings.

Popular posts from this blog

Messing with WordPress SPAM Bots

Validate Email Address [JavaScript]

How to setup Coda 2 to push to GitHub?