Lightweight and speed VPS - Nginx/PHP/MySQL setup (with tweaks) for Ubuntu 16.04

ubuntu-16.04-vps-nginx-setup.md

Simple and quick VPS setup for Ubuntu 16.04 (64-bit)

Before install

This VPS configuration is great for Nette framework.

The setup installs the following software:

• Nginx (latest stable version)
• PHP 7.1.x
• MySQL 5.7.x
• Certbot (latest stable version) for Let's encrypt (SSL)
• htop (latest stable version) for system monitoring.

All steps require login as root user.

Let's begin

Start with clean and upgraded system:

$ apt-get update && apt-get upgrade -y && apt-get autoremove -y

---

Setup your current timezone:

$ dpkg-reconfigure tzdata

---

Install Nginx web server:

$ apt-get install nginx -y

---

Improve some Nginx settings for better security and performance.

Command will change conf in /etc/nginx/nginx.conf file.

• Change server_names_hash_bucket_size to value 64
• Change worker_processes to auto
• Change multi_accept to on
• Change server_tokens to off for better server security (hide system info for others)

$ for f in 's/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/' 's/worker_processes.*/worker_processes auto;/' 's/# multi_accept.*/multi_accept on;/' 's/# server_tokens.*/server_tokens off;/'; do sed -i "$f" /etc/nginx/nginx.conf; done

---

Add some repositories to system:

Add (and update) PHP and Certbot repositories into system for init packages and future updates:

$ for f in ppa:ondrej/php ppa:certbot/certbot; do apt-add-repository $f -y; done && apt-get update

---

Install MySQL server:

Install MySQL and run post install secure utility:

$ apt-get install mysql-server-5.7 -y && mysql_secure_installation

---

Now you can try create test database with SQL command:

CREATE DATABASE mydatabase CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

---

Install PHP:

Install PHP 7.1 with some basic modules:

• fpm
• mysql
• sqlite3
• intl
• mbstring
• gd
• json

$ apt-get install php7.1-fpm php7.1-mysql php7.1-sqlite3 php7.1-intl php7.1-mbstring php7.1-gd php7.1-json -y

Improve (and reload) some PHP settings for better performance and security.

Command will change configuration in /etc/php/7.1/fpm/php.ini file.

• Change cgi.fix_pathinfo to value 0
• Increase memory_limit to 512 MB
• Increase upload_max_filesize to 32 MB
• Increase post_max_size to 32 MB

$ for f in 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' 's/memory_limit = .*/memory_limit = 512M/' 's|upload_max_filesize = 2M|upload_max_filesize = 32M|g' 's|post_max_size = 8M|post_max_size = 32M|g'; do sed -i "$f" /etc/php/7.1/fpm/php.ini; done && systemctl restart php7.1-fpm

---

Install Certbot and other utilities:

Install Certbot for Let's encrypt support and htop to system:

$ apt-get install python-certbot-nginx htop -y

Run this command for open your crontab:

$ crontab -e

and add following line for auto-renew your certificates:

15 3 * * * /usr/bin/certbot renew --quiet

---

You can run your htop monitor utility via this command:

$ htop

---

Secure your server with firewall:

Setup system firewall for better security.

Reset default UFW settings and set secure default rules:

$ ufw --force reset && ufw --force enable && ufw default deny incoming && ufw default allow outgoing

Add some needed rules:

$ for f in ssh 'Nginx Full' 3306; do ufw allow "$f"; done

---

Configure Nginx server blocks (Virtual Hosts)

Create your first virtual host:

Now you must create virtual host for your domain example.com.

Create new file in /etc/nginx/sites-available with name example.com.

$ touch /etc/nginx/sites-available/example.com

Copy this configuration into your created file:

server {
	listen 80;
	
	root /var/www/example.com;
	index index.php index.html;

	server_name www.example.com example.com;

	location / {
		try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/run/php/php7.1-fpm.sock;
	}

	location ~ /\.ht {
		deny all;
	}
}

Enable new Nginx domain with following symlink:

$ ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

Now reload Nginx configuration:

$ service nginx reload

---

Create test PHP file:

Now you must create directory and test PHP file in domain document root:

$ DR_PATH="/var/www/example.com" && mkdir -p "$DR_PATH" && touch "$DR_PATH/index.php" && echo -e "<?php phpinfo();" > "$DR_PATH/index.php"

---

Open your domain in browser:

Now you can visit your domain in web browser:

http://www.example.com

Secure your domain with SSL

Create domain certificate:

For create domain certificate type this command:

$ certbot --nginx -d example.com -d www.example.com

Now you can visit secured domain:

https://www.example.com

Improve some configuration in your domain Nginx virtual host

Open your domain config file:

$ nano /etc/nginx/sites-available/example.com

If you like add rule for redirect https non-www request to https www, add following to begin of file:

server {
	listen 443 ssl;
	server_name example.com;
	
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

	return 301 $scheme://www.example.com$request_uri;
}

Using new HTTP/2 protocol

If you like enable http/2 support for your domain, in your domain config file find line with:

listen 443 ssl; # managed by Certbot

and change to:

listen 443 ssl http2; # managed by Certbot

Last steps

In last step we need clear some things (as Apache) and reboot system:

$ apt-get purge apache2* -y && rm -rf /etc/apache2 && HTML_PATH="/var/www/html" &&  mv "$HTML_PATH/index.nginx-debian.html" "$HTML_PATH/index.html" && apt-get clean && reboot

---

Cheers guys!