Skip to content

Instantly share code, notes, and snippets.

@luizfelipeleite

luizfelipeleite/setup.md

Last active July 6, 2020 22:25
Show Gist options
  • Save luizfelipeleite/81dfaf82ec172658afe4dfd08b97d508 to your computer and use it in GitHub Desktop.
Save luizfelipeleite/81dfaf82ec172658afe4dfd08b97d508 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
setup.md
  1. Connect to server

Only first connection to create username and SSH configure:

$ ssh root@domain

Recomended (most secure):

$ ssh username@domain

TIP: Login with root privileges:

$ sudo -i
  1. Basic security settings

Create user.

# adduser username

Turn user a sudoer adding:

# adduser username sudo

Or turn user a sudoer adding in visudo:

# visudo

add: username ALL=(ALL) NOPASSWD:ALL

Or turn user a sudoer adding:

# usermod -aG sudo username

NOTE: Replace username to your choice value.

TIP: Change default editor from Nano to Vim:

# update-alternatives --set editor /usr/bin/vim.basic --quiet

Or interactive:

# update-alternatives --config editor

Block SSH root login.

# sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
# sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
# systemctl restart ssh

Switch to username:

# su - username

Create SSH directory.

$ mkdir ~/.ssh && chmod 700 ~/.ssh

Paste your local key cat ~/.ssh/id_rsa.pub in:

$ editor ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys

TIP: If your key not generate yet:

$ ssh-keygen -t rsa

TIP: In MacOS you can paste to clipoard:

$ cat ~/.ssh/id_rsa.pub | pbcopy

TIP: In Linux you can paste to clipoard:

$ sudo apt install xclip
$ cat ~/.ssh/id_rsa.pub | xclip -sel clip

TIP: Remove host from know:

$ ssh-keygen -R domain
  1. Set timezone and upgrade
# timedatectl set-timezone America/Sao_Paulo

Or interactive:

# dpkg-reconfigure tzdata
# apt update && export DEBIAN_FRONTEND=noninteractive && apt -y dist-upgrade
  1. Install all need packages
# apt update && apt install -y nginx php php-fpm php-mysql php-curl php-dom php-gd php-imagick php-mbstring php-ssh2 mysql-server zip unzip certbot python3-certbot-nginx && apt -y upgrade

Verify if you need these extensions:

# apt install php-cli php-json php-pdo php-zip php-mbstring php-xml php-pear php-bcmath
  1. Define hostname

Insert server domain.

# editor /etc/hostname
  1. Configure Nginx

TIP: See webserver header output:

# curl -I http://localhost

Uncomment server_tokens off; and change user www-data to username:

# sed -i 's/# server_tokens off;/server_tokens off;/' /etc/nginx/nginx.conf
# sed -i 's/www-data/username/' /etc/nginx/nginx.conf
# systemctl stop apache2 && systemctl start nginx

NOTE: Replace username to correct value.

  1. Setup site

Create a server root directory:

$ mkdir ~/www && chmod 755 ~/www

Create a index test phpinfo file:

$ echo -e "<?php\nphpinfo();" > ~/www/index.php

Create domain configuration:

# editor /etc/nginx/sites-available/domain

NOTE: Replace domain to correct value.

server {
        listen 80;
        listen [::]:80;
        server_name domain;
        return 301 https://domain$request_uri;
}
server {
        listen 443 ssl;
        listen [::]:443 ssl;

        ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;

        server_name domain;

        root /home/username/www;
        index index.php index.html;

        location / {
               try_files $uri $uri/ /index.php?$args;
        }
        location ~ \.php$ {
               include snippets/fastcgi-php.conf;
               include fastcgi_params;
               fastcgi_pass unix:/run/php/php7.4-fpm.sock;
               fastcgi_param SCRIPT_FILENAME /home/username/www$fastcgi_script_name;
        }
}

OR copy from default and edit:

# tail /etc/nginx/sites-available/default -n 13 | cut -c 2- | sudo tee /etc/nginx/sites-available/domain 1> /dev/null

Change all www-data user and group to username:

# sed -i 's/www-data/username/' /etc/php/7.4/fpm/pool.d/www.conf

Enable site.

# ln -s /etc/nginx/sites-available/domain /etc/nginx/sites-enabled/
# rm /etc/nginx/sites-enabled/default
# systemctl restart nginx php7.4-fpm

Create a MySQL user:

# mysql_secure_installation
# mysql -u root -p
mysql> CREATE USER 'username'@'localhost' IDENTIFIED BY 'SECUREPASSWORD';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost';
mysql> FLUSH PRIVILEGES;

NOTE: Replace SECUREPASSWORD to your choice value.

  1. Change to HTTPS

Remove TLSSNI01 attribute.

# sed -i 's/, challenges.TLSSNI01//' /usr/lib/python3/dist-packages/certbot_nginx/configurator.py

Create certificate.

# certbot certonly --nginx

NOTE: Replace domain to correct value.

  1. Install WP-CLI and WordPress
# curl -O -# https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && sudo mv wp-cli.phar /usr/local/bin/wp

Check requirements:

# wp package install git@github.com:johnbillion/ext.git --allow-root
# wp ext check --allow-root

Create wp-cli.local.yml:

$ editor ~/wp-cli.local.yml
path: www
url: domain

core download:
  locale: en_US
  skip-content: true

config create:
  dbname: username
  dbuser: username
  dbpass: SECUREPASSWORD
  extra-php: |
    define( 'WP_DEBUG', true );

:~$ wp core download && wp config create && wp db create && wp core install --prompt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment