Archive › May, 2009

Unmanaged Hosting Server Installation & Initial Configuration for Dummies

Unmanaged hosting often comes with very competitive price compared to managed hosting environment, however, the drawback of which, is the steep learning curve for server noobs that unfortunately includes me. It’s meant for technically proficient ones after all.

This simple tutorial will walk you through the steps needed to set up a working web server that’s ready to serve websites from a bare bone Linux distro (Ubuntu, in this case). It serves to be a survival guide of unmanaged hosting for novice Linux server administrators while at the same time documents my findings and learned tips for myself.

We will take Ubuntu 9.04 (Jaunty) for example. Though all things are done at a Mosso 256 MB Cloud Server, 99% of them should work without a problem at other unmanaged hosting providers as long as the Linux distribution is identical. After this tutorial, you will have a working VPS or dedicated hosting server with update to date softwares and beginner security, in addition to necessary software packages to run and manage a LAMP web server: FTP, Apache 2, PHP 5.2.6 and MySQL.

Here we go. Suppose you have made the decision to go with one of the Linux distros of which I’d suggest Ubuntu and installed a plain version of it from the hosting control panel, now:

  1. You will be given a bare IP address, of course, when you have finished installing the Linux distro from the contrl panel provided by your hosting company. Download PuTTY and set it up to connect to your hosting server of that IP as the root via SSH. The root password should also have been revealed or emailed to you.
  2. Change the root password to a new one.
  3. Customize the default SSH listening port of 22 to a custom one.
  4. Build up necessary iptables firewall rules.
  5. Customize shell environment and make the prompt ls command listings a little more colorful so it’s more readable.
  6. Enable vi code highlighting (enabled by default in Ubuntu) and change the dark blue color for comments to a lighter blue.
  7. Update the software source lists in Ubuntu by:
    aptitude updateAnd set the proper locales:
    locale-gen en_US.UTF-8
  8. Upgrade the current distro to its latest:
    aptitude safe-upgradeFollowed by:
    aptitude full-upgrade
  9. Install the essential tools and packages for development, the build tools:
    aptitude install build-essential
  10. Install MySQL:
    aptitude install mysql-server mysql-clientThe installation will prompt you twice for the root password.
  11. Install Apache:
    aptitude install apache2 apache2.2-common apache2-mpm-prefork apache2-utils libexpat1 ssl-certChange server name in the Apache configuration:
    vi /etc/apache2/apache2.confAnd add the following directive at the end of the file:
    ServerName kingChange ‘king’ to whatever you’ll name your own server. For beginner SSH users, nano would be a better choice for its intuitive editing capabilities. After restarting Apache web server gracefully by not interrupting connected clients:
    apache2ctl gracefulYou should be able to view the demo web page at http://(your server IP address).
  12. Install PHP5:
    aptitude install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl
  13. Turn off server signature:
    nano /etc/apache2/conf.d/securityAnd change:
    ServerTokens FullTo:
    ServerTokens Prod
  14. Change the hostname of your server. Open and edit /etc/hostname:
    vi /etc/hostnameTo a top level domain you have registered for your website. And add it in /etc/hosts:
    vi /etc/hostsIn this way:
    127.0.0.1 example.com
  15. Reboot by:
    shutdown -r now
  16. Install the mail module for your hosting server, Postfix, so the php function mail() works:
    aptitude install postfix telnet mailxJust choose ‘Internet Site’.
  17. Install FTP daemon service so you can FTP stuff to your server as any user.
  18. Install rsync so that you can easily synchronize and backup files between 2 remote hosting servers:
    aptitude install rsync
Comments ( 5 )

Backup and synchronize files between 2 or more hosting servers

This kind of redundancy is encouraged to protect potential loss of important data, such as essential website programs and databases.

After installing rsync on all peer hosting servers you own, you can easily backup stuff and synchronize them among the servers for a safe data redundancy.

rsync -e 'ssh -p 25000' -avl --delete --stats --progress user1@123.45.67.890:/home/user1 /backup

This simple command will take care of everything for you, the rsync command connects to the remote server 123.45.67.890 as user1 and backups or synchronizes everything in /home/user1 from the remote server to the local directory /backup. The –delete switch indicates that files that previously existed at /home/user1 on the remote server but not now will be also deleted in /backup at the local server.

‘ssh -p 25000’ prescribes rsync to connect via SSH on port 25000.

Comments ( 1 )

Installing FTP (vsFTPd) Service on Ubuntu Server

FTP is an indispensable feature of servers that host and serve websites as it enables us to easily upload stuff to the remote server. On a Ubuntu server, with a little help of aptitude command (the package management program descended from Debian), you can install the most simple yet most common FTP daemon program for your server: vsFTPd.

apt-get install vsftpd

It is started automatically after successful installation. Stop it:

/etc/init.d/vsftpd stop

So that you can customize the configuration file:

vi /etc/vsftpd.conf

And make it look like:

pasv_enable=YES
pasv_max_port=8010
pasv_min_port=8001

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022

idle_session_timeout=3600

chroot_local_user=YES

pam_service_name=ftp

Restart the FTP service:

/etc/init.d/vsftpd start

Now you can try connecting to the FTP and transferring some stuff.

Comments ( 1 )

vi code highlighting: change the default comments color from dark blue to light blue

The default colors for comments (texts in /* */ or following // or #, …) in vi code highlighting are a little too dark. Ever wanted to make it more recognizable in SSH console?

Find and edit /etc/vim/vimrc with vi:

vi /etc/vim/vimrc

And add in this line:

colorscheme desert

Wherein desert is one of the available color schemes vim comes with. Now we will need to edit the actual color scheme file and change the highlighting colors:

/usr/share/vim/vimcurrent/colors/desert.vim

Change:

hi Comment ctermfg=darkcyan

To:

hi Comment ctermfg=blue

Save the change and exit. Run:

source /etc/vim/vimrc

And the changes will now take effect.

The default directory color of ls –color is also too dark, you can learn how to change the default directory color of ls –color.

Comments ( 3 )

Use Shell Environment Variable LS_COLORS to Change Directory Listing Colors of ls –color

After you have enabled the color switch of ls command in shell console, it’s nice but some may complain that the deep blue color of the directories are too dark to recognize sometimes. Let’s change that.

Just open up the .profile or .bash_profile file under your home directory and put this line in it:

export LS_COLORS='di=01;34'

Done! Now the color of the ls directory listings is much lighter and easier to recognize. There’s also a tip of how to change the default dark color for comments in vi text editor.

Comments ( 4 )

Colorful ls, SSH Console and Command Prompt

Add the following snippet in the .profile or .bash_profile under your home directory:

export PS1='[\[\e[1;31m\]\u\[\e[0m\] - \[\e[32m\]\w\[\e[0m\]]$ '
export LS_COLORS='di=01;34'
alias ls='ls --color -l'

If you are ‘supergirl’, your Linux home directory would be located at: /home/supergirl, and the file you should add the above lines to is: /home/supergirl/.profile or /home/supergirl/.bash_profile.

What is LS_COLORS doing here?

Comments ( 2 )

Linux SSH commands to show and monitor server resources and real-time performance: memory, swap, disk usage, CPU usage and I/O …

Below are a few general commands found in most popular Linux distros which you can use via SSH to check the status of your hosting server.

To show used and available RAM memory and swap space usage:

free -m

To show current disk storage usage by mounted device:

df

To show disk usage statistics of the current directory by directories and files:

du

To show the hard disk space a directory or a file takes up:

du filename

To show the length of time this server has been up and the server loads in the past 1 minute, 5 minutes and 15 minutes:

uptime

To display a real-time updated server resource usage including: server uptime, user logged on, load average, current tasks, CPU usage, memory usage and swap usage:

top

To display a list of real-time active or sleeping processes your server is up to:

ps

To show some information about the current status of virtual memory, CPU usage, I/O usage:

vmstat

This is also a good tool to find out system performance bottlenecks.

To display currently logged on users on the system:

w

Or

who

To print a full screen text graph of the server load refreshed every few seconds:

tload

If you are on shared hosting, chances are your server usage has been imposed some hard limits such as the largest amount of files / directories possible and the hard storage limit. View them by:

quota

Comments ( 1 )

Typical iptables Firewall Rules for a Server that Hosts Websites

iptables is a rather handy tool to protect your server from unwanted and potentially malicious connection attempts. To list the current rules, run in SSH:

iptables -L

A typical set of firewall rules set by iptables on a simple server, be it VPS or dedicated, for hosting and serving websites should be like this:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 8001,8002,8003,8004,8005,8006,8007,8008,8009,8010 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

Which enables

  1. ports 80 and 443 for web pages serving via HTTP and HTTPS
  2. port 21 and a series of tcp ports for FTP (passive mode) so that you can upload stuff to the server with your favorite FTP client
  3. port 22 for SSH access which can be modified for more security. If you have altered the default SSH connection port 22 to a random one, make sure you also change the port in the iptables rules set accordingly or the server will reject you.
  4. port 3306 for MySQL database server. Note that you may or may not need to open port 3306 for MySQL. For example, if you use ‘localhost’ as database server, there’d be no need most of the time.

And disables everything else.

These commands will only be in effect for the current session, once the server is restarted, all rules will be lost. In order to save these rules and make the server automatically load and apply them every time you reboot, write them into a file to be loaded upon every system start. Run:

iptables-save > /etc/iptables.up.rules

Command iptables-save saves the rule set to the file /etc/iptables.up.rules from the memory. Now configure the server to read and apply the rule set file /etc/iptables.up.rules every time it starts:

nano /etc/network/interfaces

And add a line immediately below ‘iface lo inet loopback’:

pre-up iptables-restore < /etc/iptables.up.rules

Now you are set. Reboot the server and see if all takes effect.

Comments ( 1 )

Customize or change the default SSH port 22 to a random custom one of your choice

By default, all newly set up servers listen and accept SSH login on port 22 which is known universally. To make it a little harder for hackers to break into your user account, one of the first steps you want to take is to change the default SSH port to a different on that’s randomly chosen by you.

To do this, simply modify the sshd configuration file by:

nano /etc/sshd/sshd_config

For novice SSH users, nano is more intuitive than vi. After loading the file in the editor, find and change this line:

Port 22

To

Port 8433

Ctrl + o and ctrl + x should save the change and get you out of the editor.

The port number can be anything between 1024 and 65535, inclusive. You can make it instantly in effect by reloading the new configurations:

/etc/init.d/ssh reload

Now the server will only accept SSH accesses on the port 8433. After modifying this, make sure you also change the remote port setting in your local SSH client or it will be rejected by the hosting server.

Comments ( 2 )

How to Change Login Password of Linux SSH User Account?

If you are root, you can change anyone’s password by:

passwd someuser

Wherein someuser is the user name of the account. It will prompt you to enter the new password twice.

If you are yourself and logged in with your own SSH account, you can also change your own password by simply:

passwd

It will also ask you to type your new password twice. Now you can log into your SSH with the new password.

Comments ( 1 )

Quick tip: 256 MB VPS helps you no more than shared hosting

256MB being the startup plan from most VPS providers will be no better than a shared hosting plan from affordable hosting providers. 384MB may seem to be a 128MB extra but actually just slightly more.

As a result of the nature of VPS, an entire operating system (such as Linux distributions: Ubuntu, Debian or Centos, and so forth) resides in it with a complete web server package: Apache, PHP, MySQL and potentially a lot of necessary modules and extensions, making the mere hosting slice of 256MB a frugal choice to cover all the overheads, much like the sunk cost in Economics. It is after the threshold of 256MB that every additional MB of RAM you purchase will be consumed by your own websites rather than by the system. Well, not precisely all of 256MB will be used for the system, but you are left with like 50MB – 100MB from the whole 256MB pie after installing everything WWW and getting your slice ready for websites.

So if you are going to switch to a VPS, make sure you board on at least 512MB memeory for a start or it won’t be worth the while and it may just be good enough to spread your sites across various shared hosting plans (preferrably from various distant hosting comapnies) for some SEO advantage.

Comments ( 2 )