Difference between revisions of "User:Saul/linode"

From Organic Design wiki
(Added Wordpress Section)
(Added SSL And Git sections.)
Line 151: Line 151:
 
exit # exit php
 
exit # exit php
 
sudo apt-get install sendmail
 
sudo apt-get install sendmail
 +
</source>
 +
== Setting Up SSL ==
 +
=== Installing Certbot For Let's Encrypt On Apache ===
 +
<source lang="bash">
 +
sudo nano /etc/apt/sources.list
 +
# append to file to enable backports
 +
deb http://ftp.debian.org/debian stretch-backports main
 +
sudo apt-get install python-certbot-apache -t stretch-backports
 +
sudo certbot --authenticator webroot --installer apache
 +
</source>
 +
=== Auto Renew The Certificate ===
 +
<source lang="bash">
 +
sudo certbot renew --dry-run # test SSL autorenewal
 +
cd /etc/cron.daily
 +
sudo nano certbot #Create file with contents:
 +
#!/bin/sh
 +
certbot renew --renew-hook "service restart apache2"
 +
sudo run-parts -v /etc/cron.daily # test daily crons
 +
</source>
 +
[https://certbot.eff.org/#debianstretch-apache See Also]
 +
== Setting Up Git ==
 +
=== Github ===
 +
<source lang="bash">
 +
# Make a repository on github
 +
</source>
 +
=== Local ===
 +
<source lang="bash">
 +
sudo apt-get install git
 +
git clone github.link.git # download the repository OR use the alternative at the bottom to create a new repository
 +
git add . # add all files for committing
 +
git commit -am "COMMIT MESSAGE" # commit the changes locally
 +
git push origin master # push changes to the server
 +
 +
# Alternative to git clone:
 +
mkdir repositoryFolder
 +
git init # creates a repository
 +
</source>
 +
=== Server ===
 +
<source lang="bash">
 +
sudo apt-get install git
 +
cd /to/the/folder/you/would/like/to/have/your/repository # maybe change to wordpress's theme directory?
 +
git clone github.link.git
 +
sudo nano /somelocation/under/your/domain/fileName.php # Create the file with the contents below:
 +
<?php
 +
if( array_key_exists( 'HTTP_X_HUB_SIGNATURE', $_SERVER ) ) {
 +
$sig = $_SERVER['HTTP_X_HUB_SIGNATURE'];
 +
$body = file_get_contents( 'php://input' );
 +
$hmac = hash_hmac( 'sha1', $body, 'SECRET' );
 +
if( $sig === "sha1=$hmac" ) {
 +
$repo = json_decode( $body )->repository->name;
 +
exec( "cd /PATH/TO/LOCAL/CLONES/$repo && sudo git pull --no-edit" );
 +
}
 +
}
 +
        ?>
 +
sudo visudo # might not be needed?
 +
# Add this to the end of the file
 +
# Give www-data permissions to run git pull
 +
www-data ALL=(ALL) NOPASSWD : /usr/bin/git pull --no-edit
 +
# Check the log under the site folder for php errors
 +
</source>
 +
=== Github ===
 +
<source lang="bash">
 +
# On github add a webhook under settings, type: json, make sure secret (use a good password) aligns with the script (from on the server), and paste a link to the script url (from on the server)
 
</source>
 
</source>

Revision as of 02:11, 15 March 2018

Linode Setup Reference:

Initial Setup

Update And Configure Timezone

apt-get update
apt-get upgrade
dpkg-reconfigure tzdata

Creating A New User

adduser saul # create the user saul
adduser saul sudo # adds saul to the sudo group
sudo usermod -a -G www-data saul # add saul to the www-data group

Setting up Authentication Keys

ssh-keygen -b 4096 # create the keyfile - do this on the client (watch you don't overwrite your existing one if you have done this before!)
ssh-copy-id saul@LINODE_IP # uploads the public key to linode

Configure SSH

sudo nano /etc/ssh/sshd_config
	# Modify these lines to look like this:
	PermitRootLogin no # this stops root from logging in
	PasswordAuthentication no # this stops anyone from logging in without authentication keys
sudo service ssh restart # reboots ssh and applies changes

Setting Up The LAMP Stack

Install And Configure Apache

sudo apt-get install apache2
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.backup.conf # backup the configuration file before editing
sudo nano /etc/apache2/apache2.conf
	# Modify this line like so:
	KeepAlive Off # keepalive allows fast connections to those who are already connected but may hold up other clients
	# Append these lines to the end of the file:
	<IfModule mpm_prefork_module>
		StartServers 4
		MinSpareServers 20
		MaxSpareServers 40
		MaxClients 200
		MaxRequestsPerChild 4500
	</IfModule>
sudo service apache2 restart # restart apache to apply changes

Configure Virtual Hosts For Apache

sudo a2dissite *default # Disable the default Apache virtual host
cd /var/www/
sudo mkdir example.com
sudo mkdir example.com/public_html
sudo mkdir example.com/log
sudo mkdir example.com/backups
sudo nano /etc/apache2/sites-available/example.com.conf
	# domain: example.com 
	# public: /var/www/example.com/public_html/ 
	
	<VirtualHost *:80>
		# Admin email, Server Name (domain name), and any aliases
		ServerAdmin webmaster@example.com
		ServerName example.com
		ServerAlias www.example.com
		
		# Index file and Document Root (where the public files are located) 
		DirectoryIndex index.html index.php
		DocumentRoot /var/www/example.com/public_html

		# Log file locations 
		LogLevel warn
		ErrorLog /var/www/example.com/log/error.log
		CustomLog /var/www/example.com/log/access.log combined
	</VirtualHost>
sudo a2ensite example.com.conf # adds a link in the correct location to the configuration file
sudo service apache2 restart
# Rince and repeat for any other websites to host.

# Optional:
#sudo nano /etc/hosts # This is to test the virtual hosts and is done on the local computer
	# Append a line like this
	IP.ADRRESS.OF.THE.LINODE example.com

Install And Configure MySQL

sudo apt-get install mysql-server
sudo mysql_secure_installation # set a unique password, remove anonymous user accounts, disable remote root login, and remove the test database
sudo nano /etc/mysql/my.cnf # for optimising mysql
	max_allowed_packet = 1M
sudo service mysql restart

Install And Configure PHP

sudo apt-get install php7.0 php-pear # PHP may update - change php7.0 to the current version number
sudo apt-get install php7.0-mysql
mkdir -p /var/log/php # create the folder for error logging
chown www-data /var/log/php # changes the group of the file we created with the group www-data
service apache2 restart

# Optional install php gd - this is an add-on allows php to manipulate image files - often used by gallery plugins in Wordpress.
sudo apt-get install php7.0-gd

Setting Up Wordpress

Creating The Database

mysql -u root -p # OR:
sudo mysql --user=root --password="ROOTPASSWORD" # Enter the MYSQL database
	create database example.com; # create the database example.com (can be anything) for wordpress
	create user 'USER' identified by 'PASSWORD'; # create a user by the name of USER with the password PASSWORD
	grant all on example.com.* to 'USER' identified by 'PASSWORD'; # grant a user by the name of USER the permissions to modify the database with the password PASSWORD
	quit; # exit mysql

Install

cd /var/www/example.com/public_html/
sudo rm index.* # move or remove any index.* files
sudo chown -R www-data:www-data /var/www/ # ensure that the files are owned by the webserver
sudo wget http://wordpress.org/latest.tar.gz # download the latest wordpress
sudo -u www-data tar -xvf latest.tar.gz # extract it
sudo mv latest.tar.gz ../backups/wordpress-`date "+%Y-%m-%d"`.tar.gz # archive the compressed folder OR just delete it
sudo mv wordpress/* ./ # move the files out of the wordpress folder so the site will use them
sudo rm -R wordpress # delete the old wordpress folder

#Go to your domain and follow the instructions for the rest of the installation

See Also

Permalink 404 Error Fix

sudo nano /var/www/.htaccess # Create an empty file here
sudo nano example.com.conf
	# Append these lines:
	<Directory /var/www/>
		Options +ExecCGI
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Order allow,deny
		allow from all
	</Directory>
	<Directory /var/www/example.com/public_html/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Order allow,deny
		allow from all
	</Directory>

Emails Not Working

php -a # boot php
	mail ('YOUR@EMAIL', "Test Postfix", "Test mail from postfix"); # send test Email
	# Possible error: sh: 1: /usr/sbin/sendmail: not found
	exit # exit php
sudo apt-get install sendmail

Setting Up SSL

Installing Certbot For Let's Encrypt On Apache

sudo nano /etc/apt/sources.list
	# append to file to enable backports
	deb http://ftp.debian.org/debian stretch-backports main
sudo apt-get install python-certbot-apache -t stretch-backports
sudo certbot --authenticator webroot --installer apache

Auto Renew The Certificate

sudo certbot renew --dry-run # test SSL autorenewal
cd /etc/cron.daily
sudo nano certbot #Create file with contents:
	#!/bin/sh
	certbot renew --renew-hook "service restart apache2"
sudo run-parts -v /etc/cron.daily # test daily crons

See Also

Setting Up Git

Github

# Make a repository on github

Local

sudo apt-get install git
git clone github.link.git # download the repository OR use the alternative at the bottom to create a new repository
git add . # add all files for committing
git commit -am "COMMIT MESSAGE" # commit the changes locally
git push origin master # push changes to the server

# Alternative to git clone:
mkdir repositoryFolder
git init # creates a repository

Server

sudo apt-get install git
cd /to/the/folder/you/would/like/to/have/your/repository # maybe change to wordpress's theme directory?
git clone github.link.git
sudo nano /somelocation/under/your/domain/fileName.php # Create the file with the contents below:
	<?php
		if( array_key_exists( 'HTTP_X_HUB_SIGNATURE', $_SERVER ) ) {
			$sig = $_SERVER['HTTP_X_HUB_SIGNATURE'];
			$body = file_get_contents( 'php://input' );
			$hmac = hash_hmac( 'sha1', $body, 'SECRET' );
			if( $sig === "sha1=$hmac" ) {
				$repo = json_decode( $body )->repository->name;
				exec( "cd /PATH/TO/LOCAL/CLONES/$repo && sudo git pull --no-edit" );
			}
		}
        ?>
sudo visudo # might not be needed?
	# Add this to the end of the file
	# Give www-data permissions to run git pull
	www-data ALL=(ALL) NOPASSWD : /usr/bin/git pull --no-edit
# Check the log under the site folder for php errors

Github

# On github add a webhook under settings, type: json, make sure secret (use a good password) aligns with the script (from on the server), and paste a link to the script url (from on the server)