Skip to content

Instantly share code, notes, and snippets.

@bartwind

bartwind/Debian 10 - web development.md

Last active February 20, 2020 19:59
Show Gist options
  • Save bartwind/db9edaebadcaaaba5fa660e2181b9c98 to your computer and use it in GitHub Desktop.
Save bartwind/db9edaebadcaaaba5fa660e2181b9c98 to your computer and use it in GitHub Desktop.
Download ZIP
Debian 10 - base system usage, config, tools and tips for web development (fullstack)
Raw
Debian 10 - web development.md

Debian 10 (Buster) - base system usage, config, tools and tips for web development

Once you have done system installation you can do base system config and install some useful tools to use it as server for example on VM as local environment for web development.

1. Initial server setup and basic usage

The root user is the administrative user in a Linux environment that has very broad privileges. Because of the heightened privileges of the root account, you are discouraged from using it on a regular basis. This is because part of the power inherent with the root account is the ability to make very destructive changes, even by accident. Base step is to set up an alternative user account with a reduced scope of influence for day-to-day work. After installing Debian by default you should have one alternative user and you can skip this part but if you want to add new one use following command in terminal once you are logged in as root:

  • adduser bart - where bart is a name of new user which you want to create
  • to grant administrative privileges use usermod -aG sudo bart - this command will add your new user to the sudo group

Some basic and useful commands which can be used in terminal:

  • grep -ril "texthere" . - the first parameter represents the regular expression to search for case-insensitive, while the second one represents the directory that should be searched - dot means current directory
  • du -h /var/ - shows all recursive directories of location disk usage
  • du -hs /var/ - shows disk usage of whole directory
  • rm -rf - force to remove whole directory
  • more base and useful Debian termial commands..

2. Enable sudo on an user account on Debian

The command sudo allows you running programs with the security privileges of another user (commonly root).

At first, login to an user account and open a terminal to execute the following commands:

  • Start becoming superuser with su and enter your root user's password.
  • Install sudo with apt install sudo (alternatively apt-get or aptitude command)
  • Add the user account to the group sudo with /sbin/adduser username sudo - where username is your user account.
  • Debian 9 and older: add the user account to the group sudo with adduser username sudo - where username is your user account.

Logout and then login with the same user and you should be able to use sudo for example sudo apt update && apt upgrade.

3. Install and setup a firewall with UFW and net-tools (optional)

UFW (Uncomplicated Firewall) is a interface to linux iptables.

Debian does not install UFW by default so we have to install it first:

  • sudo apt install ufw
  • and you can now reboot system using following command sudo reboot
  • by default after installation UFW is inactive, to check this use sudo ufw status command
  • make sure that you have IPV6=yes set in sudo nano /etc/default/ufw and save it
  • to enable UFW just use sudo ufw enable or sudo ufw disable to disable UFW if you do not want to use UFW on your system
  • now you can check again status sudo ufw status verbose.

UFW defaults and base configuration for web development:

  • sudo ufw default deny incoming
  • sudo ufw default allow outgoing

and allow required connections:

  • sudo ufw allow www or sudo ufw allow 80/tcp
  • sudo ufw allow ftp or sudo ufw allow 21/tcp
  • sudo ufw allow ssh or sudo ufw allow 22/tcp
  • sudo ufw allow OpenSSH

and that is all for base config. There are some more UFW useful commands:

  • sudo ufw reset - resets server’s rules to their default settings
  • sudo ufw allow 1000:2000/udp - to allow range of ports 1000 through 2000 on UDP
  • sudo ufw allow from 192.168.255.255 - to allow connections from a specific IP address
  • sudo ufw deny from 192.168.255.255 - to deny connections from a specific IP address
  • sudo ufw delete allow 1000:2000/udp - to delete existing rule
  • sudo ufw allow in on eth0 to any port 80 - if server has a public network interface called eth0, for example, you could allow HTTP traffic to it
  • sudo ufw status numbered - list out all the current rules in a numbered list
  • sudo ufw delete [number] - to delete rule by it's number
  • sudo ufw app list - list all available application profiles

In Debian 10 (from Debian 9 stretch) ifconfig command has been deprecated. A workaround to this obstacle is the ip addr which will pretty much perform the same task as the ifconfig command. The net-tools package is a toolkit that ships a spectrum of programs which form the base of Linux networking. These include:

  • ifconfig, netstat, dig, hostname, route, arp, iptunnel
  • and to install it sudo apt install net-tools -y

4. Enable SSH connections

Secure shell is an encrypted protocol used to communicate with servers. Update and upgrade the Package Manager:

  • sudo apt update && sudo apt upgrade

and then install OpenSSH server:

  • sudo apt install openssh-server
  • check status if is active: sudo service ssh status
  • if isn't active: sudo service ssh start and check status again
  • to disable: sudo service ssh stop

Install OpenSSH client:

  • sudo apt install openssh-client
  • ip a - IP address shortcut command
  • ssh UserName@IPAddressOrHostname -p Port(default is 22, not required to specify if is setup to default) - command to connect to the server using a secure shell
  • sudo apt install tmux - tmux is a terminal multiplexer. It lets you switch easily between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal and keeps your ssh connection much longer alive
  • tmux - runs a terminal, exit to close

Create RSA key pair:

  • ssh-keygen - by default ssh-keygen will create a 2048-bit RSA key pair without password (use -b 4096 flag to create a larger 4096-bit key)

and press enter to save the key pair into the .ssh/ subdirectory in your home directory, or specify an alternate path.

  • cat /home/username/.ssh/id_rsa - to show in terminal your private OpenSSH key string (required by apps like PhpStorm to connect passwordless to SFTP remote hosts)
  • cat ~/.ssh/id_rsa.pub - to show in terminal your public OpenSSH key string (required to setup GitHub/BitBucket etc. to use paswordless SSH connection)
  • echo public_key_string >> ~/.ssh/authorized_keys - to add the contents of your public key file to the end of the authorized_keys file(here are stored all public keys from other machine for example if you want to connect from Windows to your local server over SSH), creating it if necessary
  • chmod -R go= ~/.ssh - recursively removes all group and other permissions for the ~/.ssh/ directory
  • chown -R username:username ~/.ssh - setup directory right permissions
  • sudo nano /etc/ssh/sshd_config and setup PasswordAuthentication no to disable password auth
  • sudo systemctl restart ssh - restart SSH service.

5. Installing LAMP stack

The LAMP is an acronym for software stack that includes Linux, Apache web server, MariaDB database (MySQL drop in replacement), and PHP web scripting language. Once you update and upgrade Debian Linux Package Manager, install Apache web server:

  • sudo apt install apache2
  • Update firewall rules (if needed) and open TCP port 80(www) and 443(https): sudo ufw allow www && sudo ufw allow https && sudo ufw status

Apache commands:

  • sudo service apache2 status - server status
  • sudo service apache2 start - start the server
  • sudo service apache2 stop - stop the server
  • sudo service apache2 restart - restart the server
  • sudo service apache2 reload - reload the server configuration
  • sudo a2enmod module_name - where module_name is a module what you want to enable
  • sudo a2dismod module_name - where module_name is a module what you want to disable
  • sudo a2ensite site_name - where site_name is a name of site .conf file in /etc/apache2/sites-available/ directory
  • sudo a2dissite site_name - where site_name is a name of site .conf file in /etc/apache2/sites-enabled/ directory

Configure Apache modules:

  • sudo nano /etc/apache2/mods-available/mpm_prefork.conf and update file:
<IfModule mpm_prefork_module>
	StartServers		      4
	MinSpareServers		      20
	MaxSpareServers		      40
	MaxRequestWorkers	      200
	MaxConnectionsPerChild        4500
</IfModule>
  • sudo a2dismod mpm_event && sudo a2enmod mpm_prefork && sudo service apache2 restart - mpm_prefork use if you need modules that break when threads are used, like mod_php. Even then, consider using FastCGI and php-fpm. It's probably not advisable to use prefork unless you need a module that's not thread safe.
  • sudo a2enmod rewrite && sudo service apache2 restart - enable mod_rewrite module that uses a rule-based rewriting engine, based on a PCRE regular-expression parser, to rewrite requested URLs on the fly.

Update /etc/apache2/sites-available/000-default.conf as follows(this file will be a template for other VirtualHosts):

  • nano /etc/apache2/sites-available/000-default.conf or gedit /etc/apache2/sites-available/000-default.conf (run as root user login by su command in terminal)
<VirtualHost *:80>
    ServerName debian.local
    ServerAdmin [email protected]
    DocumentRoot /var/www/html
    <Directory "/var/www/html">
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from All
	Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/default_error.log
    CustomLog ${APACHE_LOG_DIR}/default_access.log combined
</VirtualHost>
  • Enable site and reload Apache server configuration: sudo a2ensite 000-default && sudo service apache2 reload
  • now you should be able to open http://debian.local site in your browser, if you are working on Windows yo have to update hosts file as admin in your system:
  • Add line: local_ip_address debian.local in C:\Windows\System32\drivers\etc\hosts file where local_ip_address is your Debian local IP address (you have to add line like this each site you will create)

Install MariaDB server and client:

  • sudo apt install mariadb-server mariadb-client
  • sudo mysql_secure_installation and answer few questions:
  • Set root password? y
  • Remove anonymous users? y
  • Disallow root login remotely? y
  • Remove test database and access to it? y
  • Reload privilege tables now? y

Fixing ERROR 1698 (28000): Access denied for user 'root'@'localhost':

  • sudo mysql -u root -p{your_mariadb_root_password} - you have to use sudo since is new installation and fix issue with following SQL code:
mysql> USE mysql;
mysql> UPDATE user SET plugin='mysql_native_password' WHERE User='root';
mysql> CREATE USER 'YOUR_SYSTEM_USER'@'localhost' IDENTIFIED BY 'PASSWORD_FOR_NEW_MYSQL_USER';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'YOUR_SYSTEM_USER'@'localhost';
mysql> UPDATE user SET plugin='mysql_native_password' WHERE User='YOUR_SYSTEM_USER';
mysql> FLUSH PRIVILEGES;
mysql> EXIT;
  • sudo service mysql restart
  • and now you should be able to connect by mysql client using: mysql -u YOUR_SYSTEM_USER -p{PASSWORD_FOR_NEW_MYSQL_USER}

Recommended way to use is to create new user each new database, example for WordPress site:

mysql> USE mysql;
mysql> CREATE DATABASE wpdb;
mysql> CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'wpuser_password';
mysql> UPDATE user SET plugin='mysql_native_password' WHERE User='wpuser';
mysql> GRANT ALL ON wpdb.* TO 'wpuser' IDENTIFIED BY 'wpuser_password';
mysql> FLUSH PRIVILEGES;
mysql> EXIT;

Installing PHP - Hypertext Preprocessor:

PHP is a general-purpose programming language originally designed for web development. PHP code may be executed with a command line interface (CLI), embedded into HTML code, or used in combination with various web template systems, web content management systems, and web frameworks. PHP code is usually processed by a PHP interpreter implemented as a module in a web server or as a Common Gateway Interface (CGI) executable. The web server outputs the results of the interpreted and executed PHP code, which may be any type of data, such as generated HTML code or binary image data. More about PHP...

  • sudo apt install php libapache2-mod-php php-mysql
  • apt-cache search php | egrep 'module' | grep default - find more PHP modules
  • sudo apt install php-bcmath php-bz2 php-curl php-dev php-enchant php-gd php-gmp php-imap php-interbase php-intl php-json php-ldap php-mbstring php-mysql php-odbc php-pgsql php-pspell php-readline php-recode php-snmp php-soap php-sqlite3 php-sybase php-tidy php-xml php-xmlrpc php-zip
  • sudo service apache2 restart
  • sudo nano /var/www/html/info.php:
<?php
    phpinfo();
?>
  • sudo chown -R username:username /var/www/html/
  • sudo chmod -R 0444 /var/www/html/
  • and open in web browser: http://debian.local/info.php
  • you can remove now this page info: rm info.php (optional)

6. Installing Samba server

Samba allows you to share your files over a local network to computers running any operating system. Samba also makes it simple to control access to these shares using a single configuration file. Install Samba:

  • sudo apt install samba samba-client cifs-utils
  • sudo usermod -a -G sambashare username - add your system user to sambashare group
  • sudo smbpasswd -a username - create password for Samba's user where username is your system user name
  • sudo smbpasswd -e username - enable Samba's user where username is your system user name
  • sudo chown username:sambashare /var/www/html
  • sudo chmod 0755 /var/www/html
  • sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak - backup Samaba's configuration file
  • nano /etc/samba/smb.conf - update configuration file:
[global]
   unix charset = UTF-8
   client min protocol = SMB3
   
   workgroup = WORKGROUP #here should be workgroup name same as in your network (WORKGROUP by default in Windows if you have not change it before)
   interfaces = 127.0.0.1/8 10.0.0.0/24 192.168.1.0/24
   bind interfaces only = yes
   security = user
   map to guest = never

[www]
   #where username is your system's user name or @groupname
   valid users = @sambashare
   path = /var/www/html/
   read only = no
   writable = yes
   browsable = yes
   guest ok = no
   guest only = no
   force create mode = 0644
   force directory mode = 0755
  • sudo systemctl restart smbd nmbd - restart Samba services
  • sudo ufw allow Samba - update your firewall rules
  • sudo ufw reload - reload UFW rules
  • sudo ufw status verbose - firewall status should have Samba protocols enabled

Now you should be able to mount Samba share: \\debian.local\www on Windows 10 or other operating system. On Linux you can do it that way:

  • mkdir -p ~/mounts/shares
  • sudo mount -t cifs -o username=USERNAME //IP-ADDRESS/www ~/mounts/shares - where USERNAME is your system username and IP-ADDRESS is your Samaba's server IP address
  • sudo umount -f ~/mounts/shares - to unmount Samba share

7. Installing Git and Composer

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. To install:

  • sudo apt install git

Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you. To install:

  • sudo php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
  • sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
  • sudo rm composer-setup.php

8. Installing Node.js (NPM, NVM, Yarn, VueJS, Sass) and Ruby on Rails (RVM)

Node.js is a JavaScript platform for general-purpose programming that allows users to build asynchronous network applications quickly. By leveraging JavaScript on both the front and backend, Node.js can make web application development more consistent and integrated. Ruby is one of those programming languages that may be a little underestimated. However, it is a robust, multipurpose, open-source language that stands out for its efficiency in coding applications. To install latest version we need to do this using PPA repository:

  • curl -sL https://deb.nodesource.com/setup_12.x -o nodesource_setup.sh
  • sudo bash nodesource_setup.sh
  • sudo apt install nodejs build-essential

An alternative to installing Node.js through apt is to use a tool called nvm, which stands for Node Version Manager. Rather than working at the operating system level, nvm works at the level of an independent directory within your user's home directory. This means that you can install multiple self-contained versions of Node.js without affecting the entire system. To install it:

  • curl -sL https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh -o install_nvm.sh
  • bash install_nvm.sh
  • source ~/.profile
  • nvm ls-remote
  • nvm install latest-version-lts
  • nvm use latest-version-lts
  • nvm ls
  • nvm use default

Yarn is a JavaScript package manager that enables you to use and share your code with other developers quickly, securely, and reliably through a package which contains all the code being shared as well as a package.json file which describes the package. To install it:

  • curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
  • echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
  • sudo apt update
  • sudo apt install yarn

VueJS is an advanced JavaScript framework with an open source code for the development of a user interface. It is one of the most popular frameworks for simplifying web development. VueJS works mostly with the presentation layer. It can easily be integrated into large projects for frontend development. To install it:

  • npm install -g vue-cli

Sass is a CSS preprocessor is a scripting language that extends CSS by allowing developers to write code in one language and then compile it into CSS. Sass is perhaps the most popular preprocessor around right now, but other well-known examples include Less and Stylus. To install it:

  • npm install -g sass

Ruby on Rails, or Rails, is a server-side web application framework written in Ruby under the MIT License. Rails is a model–view–controller (MVC) framework, providing default structures for a database, a web service, and web pages. It encourages and facilitates the use of web standards such as JSON or XML for data transfer, HTML, CSS and JavaScript for user interfacing. In addition to MVC, Rails emphasizes the use of other well-known software engineering patterns and paradigms, including convention over configuration (CoC), don't repeat yourself (DRY), and the active record pattern. To install it:

  • gpg --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
  • curl -sSL https://get.rvm.io | bash -s stable
  • source ~/.rvm/scripts/rvm
  • rvm install 2.6
  • rvm use 2.6 --default
  • gem install rails
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment