Full VPS Setup on Ubuntu

[pinguy]

Most people like the idea of a VPS but are scared of the idea of setting one up, but with this guide I will make it very simple.

To start with install Ubuntu 12.04/14.04. Once it's installed use this to login. Replacing "IP" with the server IP.

Code:

ssh -l root "IP"

then enter your password. To change the password run:

Code:

passwd

Next run this:

Code:

apt-get update
apt-get dist-upgrade
apt-get install sudo zram-config

Next thing to do is install Sentora.

The script is pretty straightforward. Just make sure you pick Phoenix/Arizona/Mountain Standard Time so you don't have issues with daylight saving.

When it asks for "Enter the sub-domain you want to access Sentora panel"

Enter: Sub.YourDomain.com

Ideally the sub should be setup before you run the script, but can be done afterwards. The sub will be the address used to enter Sentora panel.

Code:

bash <(curl -L -Ss http://sentora.org/install)

Once the script finishes do not reboot (but make note of the passwords and save them).

Next we are going to install XCache. This will greatly improve the speed of your websites and can be used with Wordpress with the W3 Total Cache plugin and forum software like MyBB.

Code:

sudo apt-get install php5-xcache

The default settings are fine but if you want to change them edit xcache.ini (not needed for 14.04):

Code:

nano /etc/php5/conf.d/xcache.ini

A good setup for a server with 1GB of ram you can use this:

Code:

; configuration for php Xcache module

[xcache-common]
;; install as zend extension (recommended), normally "$extension_dir/xcache.so"
zend_extension = /usr/lib/php5/20090626/xcache.so
extension=xcache.so
[xcache.admin]
xcache.admin.enable_auth = On
; Configure this to use admin pages
; xcache.admin.user = "mOo"
; xcache.admin.pass = md5($your_password)
; xcache.admin.pass = ""

[xcache]
; ini only settings, all the values here is default unless explained

; select low level shm/allocator scheme implemenation
xcache.shm_scheme = "mmap"
; to disable: xcache.size=0
; to enable : xcache.size=64M etc (any size > 0) and your system mmap allows
xcache.size = 64M
; set to cpu count (cat /proc/cpuinfo |grep -c processor)
xcache.count = 2
; just a hash hints, you can always store count(items) > slots
xcache.slots = 8K
; ttl of the cache item, 0=forever
xcache.ttl = 0
; interval of gc scanning expired items, 0=no scan, other values is in seconds
xcache.gc_interval = 0

; same as aboves but for variable cache
xcache.var_size = 8M
xcache.var_count = 1
xcache.var_slots = 8K
; default ttl
xcache.var_ttl = 0
xcache.var_maxttl = 0
xcache.var_gc_interval = 300

xcache.test = Off
; N/A for /dev/zero
xcache.readonly_protection = On
; for *nix, xcache.mmap_path is a file path, not directory.
; Use something like "/tmp/xcache" if you want to turn on ReadonlyProtection
; 2 group of php won't share the same /tmp/xcache
; for win32, xcache.mmap_path=anonymous map name, not file path
xcache.mmap_path = "/dev/zero"


; leave it blank(disabled) or "/tmp/phpcore/"
; make sure it's writable by php (without checking open_basedir)
xcache.coredump_directory = ""

; per request settings
xcache.cacher = On
xcache.stat = On
xcache.optimizer = Off

[xcache.coverager]
; per request settings
; enable coverage data collecting for xcache.coveragedump_directory and xcache_coverager_start/stop/get/clean() functions (will hurt executing performance)
xcache.coverager = Off

; ini only settings
; make sure it's readable (care open_basedir) by coverage viewer script
; requires xcache.coverager=On
xcache.coveragedump_directory = ""

Once modified reboot apache.

Code:

service apache2 restart

Next edit php.ini

Code:

nano /etc/php5/apache2/php.ini

Change these values to what you want them. If you are going to use phpMyAdmin to upload a database make sure upload_max_filesize is larger than your database:

Code:

post_max_size = 8M
upload_max_filesize = 2M
memory_limit = 64M

F3 will save the file and Ctrl+X will exit nano.

Next update the kernel to the latest version (not needed for 14.04):

Code:

sudo apt-get install linux-headers-generic-lts-trusty linux-image-generic-lts-trusty linux-generic-lts-trusty

Once installed just type reboot to reboot.

Code:

reboot

Once rebooted run this to remove unused kernels.

Code:

dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purge

Then this to clean out the downloaded packages:

Code:

sudo apt-get clean

Next enable the needed Apache modules for a basic PHP website:

Code:

a2enmod authz_host log_config expires deflate headers setenvif mime autoindex dir alias rewrite php5

Next to save ram edit MaxClients

Code:

nano /etc/apache2/apache2.conf

Depending on how active your site is it's pretty safe to lower this to 100.

While the file is still open edit MaxKeepAliveRequests.

From 100 to 60

And KeepAliveTimeout

From 15 to 3

Now save the file and reboot Apache.

(F3 will save the file and Ctrl+X will exit nano.)

Code:

service apache2 restart

Next install ModSecurity

Code:

apt-get install libapache2-modsecurity

Once installed run:

Code:

mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

For added security add this to the bottom of:

Code:

nano /etc/apache2/apache2.conf

Code:

<IfModule mod_headers.c>
Header unset ETag
Header set X-Frame-Options: deny
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block"
Header set X-Permitted-Cross-Domain-Policies: "master-only"
Header set Access-Control-Allow-Origin "*"
</IfModule>

Save changes and reboot Apache.

(F3 will save the file and Ctrl+X will exit nano.)

Code:

service apache2 restart

Next uncomment AddDefaultCharset UTF-8 (remove the #) (not needed for 14.04):

Code:

nano /etc/apache2/conf.d/charset

Then save the changes and reboot Apache.

(F3 will save the file and Ctrl+X will exit nano.)

Code:

service apache2 restart

---

Next thing to do is set up Varnish Cache (Optional. Skip if you have 1GB or less of RAM) .

For Ubuntu 12.04

Code:

echo "deb https://repo.varnish-cache.org/ubuntu/ precise varnish-4.1" >> /etc/apt/sources.list

For Ubuntu 14.04

Code:

echo "deb https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.1" >> /etc/apt/sources.list

Then run:

Code:

curl http://repo.varnish-cache.org/debian/GPG-key.txt | sudo apt-key add -
apt-get update
apt-get install varnish

Once installed run:

Code:

nano /etc/default/varnish

And change:

Code:

DAEMON_OPTS="-a :6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"

To:

Code:

DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"

F3 will save the file and Ctrl+X will exit nano.

Code:

nano /etc/varnish/default.vcl

And change the backend default to 8080.

Code:

backend default {
.host = "127.0.0.1";
.port = "8080";
}

Make sure that Apache is also set to Listen 8080

Code:

nano /etc/apache2/ports.conf

Now make sure all the vhosts ports are set to 8080

Code:

nano /etc/sentora/configs/apache/httpd-vhosts.conf

Note: Every time you create a new subdomain you will need to change the ports in that file.

Also change the ports here to 8080:

Code:

nano /etc/apache2/sites-available/default

Once everything is correct restart Varnish and Apache.

Code:

service varnish restart
service apache2 restart

If you have any issues double check that you didn't miss a port in your vhosts.

To check to see if it is running correctly run this from a terminal:

Code:

curl -I YourDomain.com

You should see something like Via: *.* varnish.

---

Next modify MySQL so it doesn't use to much memory.

Code:

nano /etc/my.cnf

And add this

Code:

[mysqld]
#MyISAM
key_buffer_size = 16M

#May

need to be higher. Higher number more Memory usage
sort_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 2M
myisam_sort_buffer_size = 2M
join_buffer_size = 2M
max_connections = 60

#If

you have issues with simultaneous connections increase this value
query_cache_type = 1
query_cache_size = 16M

#May

need to be higher.
query_cache_limit = 8M
thread_stack = 128K
thread_cache_size = 16M
table_definition_cache = 400
table_open_cache = 2000
table_cache = 2000
max_heap_table_size = 16M

#May

need to be higher
tmp_table_size = 16M

#Keep

equal to max_heap_table_size
connect-timeout = 20
low_priority_updates = 1
concurrent_insert = ALWAYS

Then save the file and reboot MySQL.

Code:

service mysql restart

Once your website/server has been up and running for 24 hours run this to help fine tune MySQL to your needs.

Code:

wget https://launchpadlibrarian.net/78745738/tuning-primer.sh
sh tuning-primer.sh

Code:

wget https://raw.github.com/rackerhacker/MySQLTuner-perl/master/mysqltuner.pl
perl mysqltuner.pl

That should be it. You should have a server setup so you can run any website and easily manage it with Sentora.

To log into Sentora you enter the server IP/Sentora sub-domain into a web browser. You should of copied the login details earlier when the Sentora script finished running.

If for any reason your forgot your Sentora password you can reset it by running:

Code:

setzadmin --set *NEW-PASSWORD*

Replace *NEW-PASSWORD* with the NEW password you want to use.

TIPS#

To see if you are getting the speeds your VPS providers advertise run:

Code:

apt-get install ethtool
ethtool eth0 | grep -i speed

This will tell you what connection you have.

You can run these command to install Speedtest.net. Doing this isn't an accurate test. There's too many variables in play for it to be accurate. But it will give you a rough idea of what speeds you are getting.

Code:

wget -O speedtest-cli.py https://github.com/sivel/speedtest-cli/raw/master/speedtest_cli.py
chmod a+rx speedtest-cli.py
sudo mv speedtest-cli.py /usr/local/bin/speedtest
sudo chown root:root /usr/local/bin/speedtest
speedtest

To see system stats (running processes, CPU & Memory usage etc.) you can use htop.

To install run:

Code:

apt-get install htop

then run htop

Code:

htop

To do weekly updates, clean logs and reboot server if needed run:

Code:

nano /etc/cron.weekly/updater

Code:

#!/bin/bash
/usr/bin/dpkg --configure -a
/usr/bin/apt-get update
/usr/bin/apt-get -qy dist-upgrade
/usr/bin/apt-get install -f
/usr/bin/apt-get clean
/usr/bin/apt-get -qy autoremove

#Backup

Logs
rm -rf /var/sentora/hostdata/zadmin/logs.zip
cd /var/
zip -r /var/sentora/hostdata/zadmin/logs.zip log
dropbox_uploader delete /logs.zip
dropbox_uploader upload /var/sentora/hostdata/zadmin/logs.zip /logs.zip

#Clean

Logs
find /var/log -type f -delete
touch /var/log/dovecot.log
touch /var/log/dovecot-info.log
touch /var/log/dovecot-debug.log
chown vmail.mail /var/log/dovecot*
chown mysql:mysql /var/log/mysql*
service dovecot restart

if [ -f /var/run/reboot-required ]; then
sudo touch /forcefsck
sudo reboot
else
dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purge
exit 0
fi

Code:

sudo chmod +x '/etc/cron.weekly/updater'
sudo chmod 755 '/etc/cron.weekly/updater'

Also make sure you edit fsck so it forces the fix.

Code:

nano /etc/default/rcS

Change the line at the end of that file to:

Code:

FSCKFIX=yes

from:

Code:

#FSCKFIX=no

F3 will save the file and Ctrl+X will exit nano.

TIPS-2#

If FTP breaks and you need to grab files from the server you can run:

Code:

scp -rp "USERNAME"@"IP":/var/sentora/hostdata/zadmin/public_html /Where/You/Want/It/Saved/

This command will show you what folder is the most full.

Code:

du -h --max-depth=1 /

If it shows that /var is the folder that is using the most data run:

Code:

du -h --max-depth=1 /var

And keep going until you find the folder that is the one that is filling up your disk.

If it is a temp folder you can run this command to clean it.

Code:

rm -rf /folder/that/is/filling/the/drive/*

Daily backups in Sentora is kinda broke. Running it can make multiple backups filling up the disc very quickly.

To be on the safe side, remove the backup hooks:

Code:

rm -rf /etc/sentora/panel/modules/backup_admin/hooks/*

To manually backup your sites to a zip for easy transfer run:

Code:

cd /var/sentora/hostdata/zadmin/
zip -r backup.zip public_html

If you have a large site this is a system hog, so only run this when the site isn't busy or turn off Apache before running.

To setup a Cron job for a daily database backup run:

Code:

nano /etc/cron.daily/database

And add this to the file:

Code:

#!/bin/bash
mkdir -p /var/sentora/hostdata/zadmin/database
mysql -u root -p*PASSWORD* -e "FLUSH TABLES WITH READ LOCK;"
mysqlcheck --auto-repair -Aos -u root -p*PASSWORD*
mysqldump -u *USER* -p*PASSWORD* *DATABASE_NAME* > /var/sentora/hostdata/zadmin/database/*DATABASE_SAVE*.sql
*Repeat the above line for each database*
mysql -u root -p*PASSWORD* -e "UNLOCK TABLES;"
rm -rf /var/sentora/hostdata/zadmin/database.zip
cd /var/sentora/hostdata/zadmin/
zip -r database.zip database
rm -rf /var/sentora/hostdata/zadmin/database
exit 0

Key:

*PASSWORD* = DB/MySQL Root Password.
*USER* = DB user.
*DATABASE_NAME* = Name of the DB.
*DATABASE_SAVE* = What you want to call the saved DB.

F3 will save the file and Ctrl+X will exit nano.

Next set permissions and make it executable.

Code:

sudo chmod +x /etc/cron.daily/database
sudo chmod 755 /etc/cron.daily/database

To Backup files to Dropbox run:

Code:

wget -O dropbox_uploader.sh https://raw.githubusercontent.com/andreafabrizi/Dropbox-Uploader/master/dropbox_uploader.sh
chmod a+rx dropbox_uploader.sh
sudo mv dropbox_uploader.sh /usr/local/bin/dropbox_uploader
sudo chown root:root /usr/local/bin/dropbox_uploader
dropbox_uploader

Follow the on prompt commands because you will need to create a Dropbox API.

Then make a cron job to back up the files you want backed up.

Example:

Code:

#!/bin/bash
rm -rf /var/sentora/hostdata/zadmin/backup.zip
cd /var/sentora/hostdata/zadmin/
zip -r backup.zip public_html
dropbox_uploader delete /backup.zip
dropbox_uploader upload /var/sentora/hostdata/zadmin/backup.zip /backup.zip
exit 0

For tips on how to use the script see: https://github.com/andreafabrizi/Dropbox-Uploader

To automatically reboot the server under heavy load you can use this script.

Code:

nano /usr/bin/autorestart

Code:

#!/bin/bash
trigger=15.00

#Change

this to what you want the max load to be.
load=`cat /proc/loadavg | awk '{print $1}'`
response=`echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'`
if [[ $response = "greater" ]]
then
reboot
fi

Save and chmod script to 755 and make it executable:

Code:

chmod 755 /usr/bin/autorestart
chmod +x /usr/bin/autorestart

Create cron file:

Code:

nano /etc/cron.d/auto_restart

Code:

*/5 * * * * root /usr/bin/autorestart >/dev/null 2>&1

Code:

chmod 755 /etc/cron.d/auto_restart
chmod +x /etc/cron.d/auto_restart

To monitor running services and restart them if they stop working you can use Monit.

Here is the guide to install it:
https://www.digitalocean.com/community/t...gure-monit

But for a basic install run:

Code:

apt-get install monit

My setup:

Code:

nano /etc/monit/monitrc

And edit:

Code:

set httpd port 2812
use address 12.34.56.789 # only accept connection from localhost
allow 0.0.0.0/0.0.0.0 # allow localhost to connect to the server and
allow admin:monit # require user 'admin' with password 'monit'

And add this to the bottom of the file.

Code:

#Apache

Monitor
check process apache with pidfile /var/run/apache2/apache2.pid
start program = "/etc/init.d/apache2 start" with timeout 60 seconds
stop program = "/etc/init.d/apache2 stop"
if failed host YourDomain.com port 80 protocol http then restart

#MySQL

Monitor
check process mysql with pidfile /var/run/mysqld/mysqld.pid
start program = "/etc/init.d/mysql start"
stop program = "/etc/init.d/mysql stop"
if failed unixsocket /var/run/mysqld/mysqld.sock then restart

Code:

service monit restart

If Monit won't restart MySQL, run:

Code:

mkdir /var/run/mysqld
touch /var/run/mysqld/mysqld.sock
chown -R mysql /var/run/mysqld

A service I use to monitor the site is https://my.pingdom.com
Pingdom sends me an email every time the site goes down.

To setup SSL the easiest and simplest way to do this is through CloudFlare SSL Flexible.
Warning: Enabling SSL can have a drastic impact on your Google AdSense earnings.

[apinto]

Great Information.
Very good guide.

Safe to use