Web Server Setup with LEMP stack (Ubuntu 14.04 LTS)

web-server-setup.sh

# Ubuntu 14.04 LTS

######################################
# INITIAL SETUP
######################################

ssh [email protected]

##
# set hostname
##
echo "my.hostname.com" > /etc/hostname
hostname -F /etc/hostname

# check that the file /etc/default/dhcpcd doesn’t exist, if it does, go in and comment out SET_HOSTNAME=‘yes’:
vi /etc/default/dhcpcd

  #SET_HOSTNAME='yes’

vi /etc/hosts

  IP     my.hostname.com

# add DNS A record for hostname pointing to IP

##
# Set timezone
##
dpkg-reconfigure tzdata
sudo apt-get install ntp

##
# Update all the things
##
apt-get update && apt-get upgrade
apt-get autoremove

##
# Create new user
##
adduser USERNAME
usermod -a -G sudo USERNAME

# passwordless sudo
visudo
  
  # add to very end of file
  USERNAME ALL=NOPASSWD: ALL

# copy over authorized_keys file to new user
mkdir /home/USERNAME/.ssh
cp .ssh/authorized_keys /home/USERNAME/.ssh/authorized_keys
chown -R USERNAME:USERNAME /home/USERNAME/.ssh
chmod 700 /home/USERNAME/.ssh
chmod 600 /home/USERNAME/.ssh/authorized_keys

logout
ssh [email protected]

##
# SSH key auth
##
mkdir ~/.ssh
chmod 700 ~/.ssh

vi ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

##
# SSH configuration
##
sudo vi /etc/ssh/sshd_config

  # disable root login & password login
  PermitRootLogin no
  PasswordAuthentication no

sudo service ssh restart

##
# Firewall
##
sudo apt-get install ufw

# setup defaults
sudo ufw default deny incoming
sudo ufw default allow outgoing

# allow specific services
sudo ufw allow ssh
sudo ufw allow ntp
sudo ufw allow http
sudo ufw allow 443/tcp
sudo ufw allow 25/tcp

sudo apt-get install fail2ban
sudo service fail2ban start

######################################
# LEMP STACK
######################################

##
# nginx
##
sudo apt-get update
sudo apt-get install nginx

# get server hardware info
grep processor /proc/cpuinfo | wc -l
ulimit -n

# modify values in nginx.conf
sudo vi /etc/nginx/nginx.conf

  worker_processes         # set to number of CPU cores
  worker_connections       # set to server ulimit
  multi_accept=on
  keepalive_timeout=15
  server_tokens=off
  client_max_body_size=64  # set to maxmimum upload size
  gzip_proxied=any
  gzip_comp_level=2        # don't make CPU hurt

sudo service nginx restart

##
# MySQL
##
sudo apt-get install mysql-server
sudo mysql_install_db
sudo mysql_secure_installation

##
# PHP
##
sudo apt-get install php5-fpm php5-mysql php5-xmlrpc php5-curl php5-gd php5-imagick php5-mcrypt
sudo vi /etc/php5/fpm/php.ini

  cgi.fix_pathinfo=0
  upload_max_filesize = 64M
  post_max_size = 8M

# Enable OPcache
sudo vi /etc/php5/fpm/php.ini

  opcache.enable=1;
  opcache.memory_consumption=64;
  
sudo php5enmod opcache
sudo service php5-fpm restart

# setup nginx server blocks to use PHP
sudo vi /etc/nginx/sites-available/default
  
  index index.php index.html index.htm;
  
  location / {
        try_files $uri $uri/ /index.php?$args;
    }  
  
  location ~ \.php$ {
      try_files $uri =404;
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_pass unix:/var/run/php5-fpm.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
  }

sudo service nginx restart