Difference between revisions of "User:Saul/linode"

From Organic Design wiki
m (Installing Certbot For Let's Encrypt On Node.js)
m (Auto Renew The Certificate)
Line 167: Line 167:
 
sudo certbot renew --dry-run # test SSL autorenewal
 
sudo certbot renew --dry-run # test SSL autorenewal
 
cd /etc/cron.daily
 
cd /etc/cron.daily
sudo nano certbot #Create file with contents:
+
sudo cp dpkg certbot
 +
sudo nano certbot # remove the contents and replace with
 
#!/bin/sh
 
#!/bin/sh
 
certbot renew --renew-hook "service restart apache2"
 
certbot renew --renew-hook "service restart apache2"

Revision as of 00:19, 27 March 2018

Linode Setup Reference:

Initial Setup

Update And Configure Timezone

apt-get update
apt-get upgrade
dpkg-reconfigure tzdata

Creating A New User

adduser saul # create the user saul
adduser saul sudo # adds saul to the sudo group
sudo usermod -a -G www-data saul # add saul to the www-data group

Setting up Authentication Keys

ssh-keygen -b 4096 # create the keyfile - do this on the client (watch you don't overwrite your existing one if you have done this before!)
ssh-copy-id saul@LINODE_IP # uploads the public key to linode

Configure SSH

sudo nano /etc/ssh/sshd_config
	# Modify these lines to look like this:
	PermitRootLogin no # this stops root from logging in
	PasswordAuthentication no # this stops anyone from logging in without authentication keys
sudo service ssh restart # reboots ssh and applies changes

Setting Up The LAMP Stack

Install And Configure Apache

sudo apt-get install apache2
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.backup.conf # backup the configuration file before editing
sudo nano /etc/apache2/apache2.conf
	# Modify this line like so:
	KeepAlive Off # keepalive allows fast connections to those who are already connected but may hold up other clients
	# Append these lines to the end of the file:
	<IfModule mpm_prefork_module>
		StartServers 4
		MinSpareServers 20
		MaxSpareServers 40
		MaxClients 200
		MaxRequestsPerChild 4500
	</IfModule>
sudo service apache2 restart # restart apache to apply changes

Configure Virtual Hosts For Apache

sudo a2dissite *default # Disable the default Apache virtual host
cd /var/www/
sudo mkdir example.com
sudo mkdir example.com/public_html
sudo mkdir example.com/log
sudo mkdir example.com/backups
sudo nano /etc/apache2/sites-available/example.com.conf
	# domain: example.com 
	# public: /var/www/example.com/public_html/ 
	
	<VirtualHost *:80>
		# Admin email, Server Name (domain name), and any aliases
		ServerAdmin webmaster@example.com
		ServerName example.com
		ServerAlias www.example.com
		
		# Index file and Document Root (where the public files are located) 
		DirectoryIndex index.html index.php
		DocumentRoot /var/www/example.com/public_html

		# Log file locations 
		LogLevel warn
		ErrorLog /var/www/example.com/log/error.log
		CustomLog /var/www/example.com/log/access.log combined
	</VirtualHost>
sudo a2ensite example.com.conf # adds a link in the correct location to the configuration file
sudo service apache2 restart
# Rince and repeat for any other websites to host.

# Optional:
#sudo nano /etc/hosts # This is to test the virtual hosts and is done on the local computer
	# Append a line like this
	IP.ADRRESS.OF.THE.LINODE example.com

Install And Configure MySQL

sudo apt-get install mysql-server
sudo mysql_secure_installation # set a unique password, remove anonymous user accounts, disable remote root login, and remove the test database
sudo nano /etc/mysql/my.cnf # for optimising mysql
	max_allowed_packet = 1M
sudo service mysql restart

Install And Configure PHP

sudo apt-get install php7.0 php-pear # PHP may update - change php7.0 to the current version number
sudo apt-get install php7.0-mysql
mkdir -p /var/log/php # create the folder for error logging
chown www-data /var/log/php # changes the group of the file we created with the group www-data
service apache2 restart

# Optional install php gd - this is an add-on allows php to manipulate image files - often used by gallery plugins in Wordpress.
sudo apt-get install php7.0-gd

Setting Up Wordpress

Creating The Database

mysql -u root -p # OR:
sudo mysql --user=root --password="ROOTPASSWORD" # Enter the MYSQL database
	create database example.com; # create the database example.com (can be anything) for wordpress
	create user 'USER' identified by 'PASSWORD'; # create a user by the name of USER with the password PASSWORD
	grant all on example.com.* to 'USER' identified by 'PASSWORD'; # grant a user by the name of USER the permissions to modify the database with the password PASSWORD
	quit; # exit mysql

Install

cd /var/www/example.com/public_html/
sudo rm index.* # move or remove any index.* files
sudo chown -R www-data:www-data /var/www/ # ensure that the files are owned by the webserver
sudo wget http://wordpress.org/latest.tar.gz # download the latest wordpress
sudo -u www-data tar -xvf latest.tar.gz # extract it
sudo mv latest.tar.gz ../backups/wordpress-`date "+%Y-%m-%d"`.tar.gz # archive the compressed folder OR just delete it
sudo mv wordpress/* ./ # move the files out of the wordpress folder so the site will use them
sudo rm -R wordpress # delete the old wordpress folder

#Go to your domain and follow the instructions for the rest of the installation

See Also

Permalink 404 Error Fix

sudo nano /var/www/.htaccess # Create an empty file here
sudo nano example.com.conf
	# Append these lines:
	<Directory /var/www/>
		Options +ExecCGI
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Order allow,deny
		allow from all
	</Directory>
	<Directory /var/www/example.com/public_html/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Order allow,deny
		allow from all
	</Directory>

Emails Not Working

php -a # boot php
	mail ('YOUR@EMAIL', "Test Postfix", "Test mail from postfix"); # send test Email
	# Possible error: sh: 1: /usr/sbin/sendmail: not found
	exit # exit php
sudo apt-get install sendmail

Setting Up SSL

Installing Certbot For Let's Encrypt On Apache

sudo nano /etc/apt/sources.list
	# append to file to enable backports
	deb http://ftp.debian.org/debian stretch-backports main
sudo apt-get update # to update the backports
sudo apt-get install python-certbot-apache -t stretch-backports
sudo certbot --authenticator webroot --installer apache

Auto Renew The Certificate

sudo certbot renew --dry-run # test SSL autorenewal
cd /etc/cron.daily
sudo cp dpkg certbot
sudo nano certbot # remove the contents and replace with
	#!/bin/sh
	certbot renew --renew-hook "service restart apache2"
sudo run-parts -v /etc/cron.daily # test daily crons

See Also

Installing Certbot For Let's Encrypt On Node.js

Certbot creates files and folders in the root directory for testing, this means node has to be able to get domain.com/SOMEFILENAME so the root dir has to be set up as a directory. A repository for a good file to achieve this can be found Here. 

sudo nano /etc/apt/sources.list
	# append to file to enable backports
	deb http://ftp.debian.org/debian stretch-backports main
sudo apt-get update # to update the backports
sudo apt-get install certbot -t stretch-backports
sudo certonly --webroot -w /var/www/avikar.io -d www.avikar.io -d avikar.io

Auto-renew is pretty much the same but without the hook.

See Also

Setting Up Git

Github

# Make a repository on github

Local

sudo apt-get install git
git clone github.link.git # download the repository OR use the alternative at the bottom to create a new repository
git add . # add all files for committing
git commit -am "COMMIT MESSAGE" # commit the changes locally
git push origin master # push changes to the server

# Alternative to git clone:
mkdir repositoryFolder
git init # creates a repository

Server

sudo apt-get install git
cd /to/the/folder/you/would/like/to/have/your/repository # maybe change to wordpress's theme directory?
git clone github.link.git
sudo nano /somelocation/under/your/domain/fileName.php # Create the file with the contents below:
<?php
	if( array_key_exists( 'HTTP_X_HUB_SIGNATURE', $_SERVER ) ) {
		$sig = $_SERVER['HTTP_X_HUB_SIGNATURE'];
		$body = file_get_contents( 'php://input' );
		$hmac = hash_hmac( 'sha1', $body, 'SECRET' );
		if( $sig === "sha1=$hmac" ) {
			$repo = json_decode( $body )->repository->name;
			exec( "cd /PATH/TO/LOCAL/CLONES/$repo && sudo git pull --no-edit" );
		}
	}
?>
sudo visudo # might not be needed?
	# Add this to the end of the file
	# Give www-data permissions to run git pull
	www-data ALL=(ALL) NOPASSWD : /usr/bin/git pull --no-edit
# Check the log under the site folder for php errors

Github

# On github add a webhook under settings, type: json, make sure secret (use a good password) aligns with the script (from on the server), and paste a link to the script url (from on the server)

Setting Up Node.js

Node.js

curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash -
sudo apt-get install -y nodejs
sudo apt-get install -y build-essential # install the optional add-ons

Express

sudo npm install -g express-generator # install express
express PROJECT_NAME # create an express project called PROJECT_NAME 
cd PROJECT_NAME
npm i # install dependancies

Vue Router

npm install --global vue # install vue globally THIS MIGHT ACTUALLY BE vue-cli
sudo vue init webpack-simple APPNAME # create a new project using the "webpack-simple" template
# Make sure to say yes to vue-router or enter the project directory and install it via "npm i vue-router"
cd APPNAME
npm i # install dependencies

Feathers.js

npm install @feathersjs/cli -g # install feathers globally
mkdir server && cd server
feathers generate app # generate the feathers app

Mail

Retrieved from "https://organicdesign.nz/wiki/index.php?title=User:Saul/linode&oldid=123674"