Skip to main content

Task list when setting up a new web server. [LAMP]

This is my to-do list when preparing to deploy a new web server. The majority of the time I use Ubuntu as the operating system, though I have used Fedora and CentOS in the past. I also manage RedHat Enterprise Linux servers at work. These tasks are mainly for a web server. Setting up just a file server is a lot less work; while setting up a proper mail server is significantly more work, since they are a constant pain to configure and maintain. With a mail server you have to think of local vs external user access; logging and connection encryption; how you are going to store files; user interface and its security; MX black lists, SPAM, and open relays.

Base Programs

  • Install Apache
    • Optimize configuration based on server resources.
    • Install modules
      • mod_ssl
      • mod_xml
      • mod_perl
      • mod_php
      • mod_soap
    • If you are going to us HTTPS, update ssl.conf, in conf.d, with the location and file names of the cert and its SSL key.
  • Install MySQL
    • Optimize configuration based on server resources.
  • Install SQLite
  • Install PHP
  • Update Perl and its modules.
  • Install vsFTPd or ProFTPd. Standard FTP is optional. You can always use SFTP, which will only require configuring SSH.

Security

  • Configure SSH.
    • Disable root login.
    • Limit login only to specific users, e.g. hosted websites.
  • Configure FTP server.
    • Disable root, apache, and mysql login.
    • Limit login only to specific users, e.g. hosted websites.
  • Configure MySQL
    • Set password for root user.
    • Add a new user for each hosted website. Limit login to localhost. Administrators can connect to the database after they first authenticate via SSH.
  • Update iptables.

Maintenance Tasks

  • Schedule database back-ups.
  • Schedule site back-ups.
  • Setup and schedule remote back-up of the database and site backups.
  • If using FTP server, disable start on boot. Schedule CRON job to start and stop the FTP server during work hours. There is no need to keep the door open and allow bots to keep knowing on the server 24/7.
  • Configure NTP updates to ensure server time is accurate.

Migrating a Website

  • Create a new user and home directory. Choose alphanumeric case sensitive password.
  • Add user to FTP list of allowed users.
  • Upload website files.
  • Update SSH config to accept connections for this user.
  • Create MySQL user. Choose alphanumeric case sensitive password. Limit only to localhost.
  • Import database.
  • Update web sites configuration files, e.g. database name, username, and password.
  • Create Apache non-SSL and SSL website profiles, when applicable.
  • Add new user group to Apache’s group list. In case apache needs to modify files.
  • Test website.
  • Update DNS settings.

Comments

Popular posts from this blog

Format MAC Address [JavaScript]

I am currently working on a project which will allow users to register their Wi-Fi enabled, non-web browser enabled, devices on the network. These are devices like printers, Apple TV, and Xbox*. One of the data points that have to be collected from the user is the device MAC address. The project customer wants that address to be properly formatted when they see it in the support ticket.

We have several options. We can format the address either on the back-end after the form has been submitted. Or we can format it on the front end via a separate text field for each character pair, but that is too many fields to handle. A better solution is to use a single field and format the user input at the time of input or upon submit. In those cases, the former is better because the data will already be formatted when the overall form input is being validation after the user clicks the “Submit” button.

We are going to format the user input as it is being provided, thus having proper data when vali…

How to setup Coda 2 to push to GitHub?

Setting up a new site in Coda 2 and cloning a GitHub remote repository is not that big of a deal. Where you will most likely run into problems is when you try to push your changes to the GitHub remote repository. Below I will show you how to update the Git config file in your local repository so you do not run into one of the following errors:
git push failed remote: Remote anonymous access to repository deniedgit push origin master Username: fatal: Could not read passwordThe GitHub repository address I am going to use is that of Source Code DNA: https://github.com/thetitan/sourcecodedna.git. I will assume that you have already setup your Coda 2 site profile and cloned your repository, you have made some changes, and now you are ready to push those changes to your projects GitHub repo.

SNOOZ: Sound. Sleep.

I was on the Snooz Kickstarter page today, revisiting the project’s details and timeline progress. The device, which is a white-noise generating machine, recently became available for pre-order. Snooz is meant to be an alternative to having a TV or a stationary fan running at bed time. In my case, I bought it for my wife so we can get the TV out of the bedroom.

Whilst on the comments page I read the following comment, posted recently by Ken Tran:

I'm not a fan of the new fabric design. ...
I must disagree. If you take a look at the original design, which is all plastic and no style, I must say it is fugly. It is all utilitarian - not something I rally want to look at or see when I walk into the room. The final design, seen on the right, is something that beacons to be explored, looked at, utilized.

I am a big fan of Bang & Olufsen. They use fabric from Kvadrat in their line of products. Incorporating soft materials like fabric or leather in something which is meant to be place…