Debian 8 LEMP

Set the hostname of the server
```
hostnamectl set-hostname johnsmith
```

Make the hostname resolvable. Open the file /etc/hosts in your favourite editor and assign the IPv4 & IPv6 records of the server to your chosen hostname & FQDN.

127.0.0.1       localhost.localdomain   localhost
12.34.56.78     johnsmith.example.com johnsmith 
1234:5678::abcd:efgh:1234:5678      johnsmith.example.com johnsmith

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Fix Perl locale complaints.

locale-gen en_US.UTF-8
dpkg-reconfigure locales

Open ~/.bashrc in your favourite editor and add the following

export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8

Set the system timezone
```
dpkg-reconfigure tzdata
```
Install ufw firewall
```
apt-get install ufw
```
Setup default firewall rules, where port 22 is your ssh port and 15.15.15.51 is an internal ip address
```
sudo ufw allow from 15.15.15.51  to any port 22
sudo ufw allow http
sudo ufw allow https
```

Update Debian repository sources. Open the file /etc/apt/sources.list in your favourite editor and update to look like the below

deb http://mirrors.linode.com/debian/ jessie main contrib non-free
deb-src http://mirrors.linode.com/debian/ jessie main contrib non-free

deb http://mirrors.linode.com/debian-security/ jessie/updates main contrib non-free
deb-src http://mirrors.linode.com/debian-security/ jessie/updates main contrib non-free

# jessie-updates, previously known as 'volatile'
deb http://mirrors.linode.com/debian/ jessie-updates main
deb-src http://mirrors.linode.com/debian/ jessie-updates main

Get the latest updates and install

apt-get update && apt-get upgrade --show-upgraded

Add MariaDB repository

apt-get -y install python-software-properties software-properties-common
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
add-apt-repository 'deb http://lon1.mirrors.digitalocean.com/mariadb/repo/10.1/debian jessie main'

Install all necessary componenets for this setup

apt-get update && sudo apt-get upgrade --show-upgraded
apt-get -y install sudo curl git debsums nginx php5 php5-curl php5-gd php5-cli php5-fpm php5-mysqlnd mariadb-server zsh unattended-upgrades mailutils ssmtp

Create a user and set the groups to sudo and www-data for system and apache access
```
adduser exampleuser
usermod -a -G sudo,www-data exampleuser
```

Switch the newly created user and set ZSH as the default shell

su exampleuser
cd ~
curl -L http://install.ohmyz.sh | sh
chsh -s /usr/bin/zsh
mkdir .ssh

Copy your secure key from your desktop

scp ~/.ssh/id_rsa.pub [email protected]:~/.ssh/authorized_keys

Setup the secure key for secure access

chmod 700 .ssh
chmod 600 .ssh/authorized_keys

Create a new SSH key for the user

ssh-keygen -t rsa -C "[email protected]"
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

Make SSH secure. Open /etc/ssh/sshd_config in your favourite editor and apply the following settings
```
PasswordAuthentication no
PermitRootLogin no
```
Restart SSH (Make sure you keep a session open in case soemthing goes wrong)
```
sudo service ssh restart
```

Install Composer server wide

curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composer

Secure MariaDB by running the following command and following the instructions
```
sudo mysql_secure_installation
```
Open /etc/php5/fpm/php.ini in your favourite editor and change the the settings below:
```
upload_max_filesize = 100M
date.timezone = Europe/London
```

Enable unattended upgrades

sudo dpkg-reconfigure -plow unattended-upgrades

Add SMTP settings to allow mail to be sent. Open /etc/ssmtp/ssmtp.conf in your favourite editor and add the settigns below:
```
FromLineOverride=YES

[email protected]
AuthPass=PASSWORD
mailhub=smtp.gmail.com:587
UseSTARTTLS=YES
```

Install MySQLtuner

sudo wget http://mysqltuner.pl/ -O /usr/local/bin/mysqltuner
sudo chmod +x /usr/local/bin/mysqltuner

vivianspencer/setup.md

Debian 8 LEMP