Last active
August 29, 2015 13:57
-
-
Save geoffspink/9506485 to your computer and use it in GitHub Desktop.
Set up Ubuntu 12.04 LTS with utilities and LAMP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Basic setup and LAMP install for Ubuntu 12.04 LTS VM + Server | |
| sudo apt-get update | |
| sudo apt-get install -y vim | |
| sudo apt-get install -y curl | |
| sudo apt-get install -y build-essential | |
| # The steps below are for php 5.5 instead of 5.3 | |
| sudo apt-get install -y python-software-properties | |
| sudo add-apt-repository ppa:ondrej/php5 | |
| sudo apt-get update | |
| # Install LAMP | |
| sudo apt-get install -y php5 | |
| sudo apt-get install -y apache2 | |
| sudo apt-get install -y libapache2-mod-php5 | |
| sudo apt-get install -y mysql-server | |
| sudo apt-get install -y php5-mysql | |
| sudo apt-get install -y php5-curl | |
| sudo apt-get install -y php5-gd | |
| sudo apt-get install -y php5-mcrypt | |
| # Set your server name (Avoid error message on reload/restart of Apache) | |
| echo 'ServerName localhost' | sudo tee /etc/apache2/httpd.conf | |
| # Enable mod-rewrite | |
| sudo a2enmod rewrite | |
| # Install git | |
| sudo apt-get install -y git-core | |
| # Install composer globally | |
| curl -sS https://getcomposer.org/installer | php | |
| sudo mv composer.phar /usr/local/bin/composer | |
| # Create a new sudo user | |
| adduser newuser # Create user | |
| usermod -G sudo newuser # Make user a sudo user (sudoer) | |
| # Log in to make sure this new user has sudo permission | |
| # OPTIONAL - Don't let root login in via ssh | |
| sudo vim /etc/ssh/sshd_config | |
| > PermitRootLogin no # Change from yes | |
| sudo reload ssh | |
| # Create a deploy user to share the same primary group as apache (www-data) | |
| # The user will be able to read/write the web-server files. This is not a sudo user | |
| adduser deploy | |
| usermod -g www-data deploy | |
| # Apache tweaks | |
| sudo vim /etc/apache2/apache2.conf | |
| > Timeout 45 # Change from 300 (decrease) | |
| > MaxKeepAliveRequests 200 # Change from 100 (more requests) | |
| # PHP tweaks. Up the file size for file uploads, but decrease how many can be uploaded at once. | |
| # As a security tweak, turn off the display of which PHP version is being used | |
| sudo nano /etc/php5/apache2/php.ini | |
| > post_max_size = 8M # Change to 8M | |
| > upload_max_filesize = 8M # Change from 2M | |
| > max_file_uploads = 5 # Change from 20 | |
| > expose_php = off # Change fron 'On' | |
| # Restart server | |
| sudo service apache2 restart | |
| # Web-root permissions. Give everything in the web root (/var/www) the Apache user and group. | |
| # This way Apache and the 'deploy' user are the only ones who can read/write web files. | |
| sudo chown -R www-data:www-data /var/www # make sure same owner:group | |
| sudo chmod -R go-rwx /var/www # Remove all group/other permissions | |
| sudo chmod -R g+rw /var/www # Add group read/write | |
| sudo chmod -R o+r /var/www # Allow other to read only | |
| # vhosts. A command-line tool created by http://fideloper.com/ for generating a virtual host within Apache (Ubuntu specific). | |
| # This will enable the use of .htaccess files and turn off index listings by default. It also sets up log files per virtual host. | |
| curl https://gist.github.com/fideloper/2710970/raw/6b5fd9de45f75e613178d296e87f586ca5b61220/vhost.sh > /usr/local/bin/vhost | |
| chmod guo+x /usr/local/bin/vhost | |
| sudo vhost -h # See the available options | |
| # Firewalls. More info here https://www.digitalocean.com/community/articles/how-to-set-up-a-firewall-using-ip-tables-on-ubuntu-12-04. | |
| # Run as root or use sudo | |
| sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT | |
| sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT | |
| sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT | |
| sudo iptables -A INPUT -j DROP | |
| sudo iptables -I INPUT 1 -i lo -j ACCEPT | |
| # Install so firewalls are saved through restarts | |
| sudo apt-get install -y iptables-persistent | |
| sudo service iptables-persistent start | |
| # New MySQL user setup | |
| mysql -u root -ppassword | |
| > CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password'; | |
| > GRANT ALL PRIVILEGES ON database.* TO 'newuser'@'localhost'; | |
| # OPTIONAL installing SSL | |
| # Assumes 1 year ssl with 2048 encryption | |
| sudo a2enmod ssl # Enable loading of SSL module | |
| sudo service apache2 restart | |
| sudo mkdir /etc/apache2/ssl | |
| cd /etc/apache2/ssl | |
| # Change the domain from "yourdomain.com" to what you need | |
| sudo openssl req -new -days 365 -nodes -newkey rsa:2048 -keyout yourdomain.com.key -out yourdomain.com.csr | |
| sudo chmod 400 yourdomain.com.key | |
| add csr, get key back | |
| sudo vim /etc/apache2/sites-available/your_vhost.conf | |
| > SSLEngine on | |
| > SSLCertificateFile /etc/apache2/ssl/yourdomain.com.crt | |
| > SSLCertificateKeyFile /etc/apache2/ssl/yourdomain.com.key | |
| > SSLCertificateChainFile /etc/apache2/ssl/sf_bundle.crt | |
| process from http://fideloper.com/ubuntu-12-04-lamp-server-setup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment