Debian Server Setup for Beginners

I felt this was needed for all the many people here who may wish to develop their site without the need for a control panel such as cPanel (just dos prompt / command prompt). Typically those of you seeking to use a VPS, Semi-Dedicated, or Dedicated Server for the first time or who are generally new to Linux.

While it is true there are a lot of other guides online, many of them are outdated or insecure. You have no idea how many "Perfect Debian" or "The Perfect Server" setup guides have been copied and pasted again and again. And all of them with the same security flaws.

This guide will cover the most easiest and basic setup for any beginning using Debian Linux. Which has the standard advantages of easy to use, easy to configure, and very little system resources needed.

STEP 1

I'm again going to assume your starting out with Debian Minimum Install. I'm also going to assume you're using either a dedicated or vps server, with root access.

1st let's install aptitude. This will make installing programs easier and help you resolve any conflicts (and warn you of them before trying anything).

PHP:

apt-get install aptitude

Next before you go about installing anything, let's make sure to install any update the core

PHP:

aptitude update

PHP:

aptitude full-upgrade

Depending on how your web host allows for things and depending on how many or what was upgraded, you may want to reboot (caution check with your host if this is supported. Most allow this and it is free, but double-check). This can take a few minutes so do not panic if you're not be online right away (you'll need to sign back in once you're online).

To reboot (remember my caution)

PHP:

reboot

Next we're going to install a very simple editor to help you edit things (alternatively, you could always download files and edit them on your PC and then upload them if it is easier). The editor I would suggest if you will edit things manually online is Nano.

PHP:

aptitude install nano

Now we're going to add a few things into your update source list

PHP:

nano /etc/apt/sources.list

Or of course you could download that file and edit on your PC (follow that path)

PHP:

# Debain Main Update
deb http://ftp.de.debian.org/debian stable main contrib non-free
deb-src http://ftp.de.debian.org/debian stable main contrib non-free
 
deb http://ftp.debian.org/debian/ squeeze-updates main contrib non-free
deb-src http://ftp.debian.org/debian/ squeeze-updates main contrib non-free
 
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

The above will add all the repositories from Debian on their main Germany server, which is where updates are posted 1st before they are branched out else where. So you'll get things ASAP when you do update or upgrade.

TIP = It is safe to replace any official Debian Sources that may have already been there, but if you find anything none official... Odds are good your host may have their own things in there. Do not replace theirs, just the official sources only.

You may also want to add this to your repository (I would suggest you do so)

PHP:

#Debian Backport
deb http://backports.debian.org/debian-backports squeeze-backports main

This is a repository that developers submit things to Debian. It often will help you obtain the news security patches before it is added onto the Debian main servers. There is a small catch... Sometimes I've been told things here are not always stable... Its never happen to me, but I figure you should know.

Finally we're going to need to add 1 last thing onto the list. No matter if you elect to use Apache2 or nGinx, this is where you'll get the newest stable version.

PHP:

#Dotdeb.org
deb http://packages.dotdeb.org squeeze all
deb-src http://packages.dotdeb.org squeeze all

If you plan on using php5.4, also add the following (not needed & do not add if you'll only use php 5.3.x)

PHP:

#Dotdeb.org php 5.4
deb http://packages.dotdeb.org squeeze-php54 all
deb-src http://packages.dotdeb.org squeeze-php54 all

Save and exit Nano (remember to save)

Now the next step is as follows (this will add the security key for Dotdeb.org)

PHP:

wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | sudo apt-key add -

Next lets once again make sure everything is up to date before we install anything else.

PHP:

aptitude update

PHP:

aptitude full-upgrade

You may get a few updates. If you again you happen to get a lot of update, reboot. (remember my cation and remember this may take sometime)

PHP:

reboot

Now the fun part

I'm going to suggest Apache2 with php-fpm and standard MySQL.

Mostly because you're new and setting up nGinx isn't for the faint of heart. But also for the life of you... I don't think you'll want to re-configure and re-write rules for every 3rd party change or add-on you'll add for either XenForo, Word Press, or anything else for that matter.

STEP 2

If you did or needed to reboot a 2nd time, follow the same update and full-upgrade until everything reports there are no update.

Now after you're completed this.... The fun begins

PHP:

aptitude install mysql-server mysql-client

Normally during the install, you will be asked to provide a MySQL Root Password. This is important to NEVER use the MySQL root (if you can help it), but also important to NEVER forget this password either. Make this password long and not easy to guess.

If for some odd reason the install didn't ask you to add a password..... Immediately after you have installed the mysql server, you should change its root password

PHP:

/usr/bin/mysqladmin -u root password 'enter-your-good-new-password-here'

You must never use your root account and password when running databases.
The root account is a privileged account which should only be used for admin procedures. You will need to create a separate user account to connect to your MySQL databases from a PHP script. You can add users to a MySQL database by using a control panel like phpMyAdmin to easily create or assign database permissions for users.

I can not stress enough how many people are stupid and end up using the root name and password. Don't do it.

Now let's install and setup Apache2

PHP:

aptitude install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils

Type in your server's IP address (inside your web browser) .... You should see a nice Apache page (typically says, IT WORKS!)

Now let's install PHP

PHP:

aptitude install php5 php5-fpm libapache2-mod-php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

The above should allow you to run every possible modification you will find on most any php required software. Although you can add php5-geoip if you plan on using it or if you feel it is required, but it does use up some resources.

Let's see if php is working

PHP:

a2enmod rewrite
a2enmod include

PHP:

/etc/init.d/apache2 restart

We're going to make a simple php test file

PHP:


<?php
 
// Show all information, defaults to INFO_ALL
phpinfo();
 
?>


Name that file as anything you want, as long as it ends with .php

Upload it to:

/var/www/

Type in your servers IP address and add the path to that file

Example = 192.168.1.1/FileName.php

If you see your PHP details all is working

Now DELETE that file. It's not really a good idea to keep it on your server.

Now let's install a few random things you may find you'll need.

PHP:

aptitude install curl perl libapache2-mod-perl2 python libapache2-mod-python ntp ntpdate

Now lets restart apache2 again (to load all this). The above adds curl, perl, python, and keeps your site time up to date.

PHP:

/etc/init.d/apache2 restart

At this point, depending on your web host... You maybe simply able to type in your domain name and see that nice Apache2 page without typing in your IP address.

Thankfully most host (even unmanaged host) have an internal dns / bind system. So configuring or installing such isn't required. And saves you resources and helps limit security threats. Be so thankful for our ever-changing world of technology.

If this is not the case for you.... I'd think about finding another host. Seriously.

Now you need to make a choice

1) Is this the only domain you will be having on this server

OR

2) Will have other domain names and / or sub domain names

If option 1 .... Congratulations, you're done. Pat yourself on the back. Wasn't that easy?

The following will allow you to work with phpMyAdmin

PHP:

aptitude install phpmyadmin

You'll be asked if you want phpMyAdmin to make its own database, say NO

PHP:

/etc/init.d/apache2 restart

The user name and password will be your root and password. For this reason, do not leave phpMyAdmin installed. Use it only for how long you need it and then remove it. That is my advise to you.

If you follow my advise, you will need to do the follow below (if you do not follow my advice, at least password protect it using .htaccess as an extra level of security. But remember, I warned you)

A whole guide to htaccess can be found on Apache's own web site: http://httpd.apache.org/docs/2.0/howto/htaccess.html

PHP:

aptitude remove phpmyadmin

PHP:

aptitude purge phpmyadmin

PHP:

/etc/init.d/apache2 restart

If option 2 .... A little more work for you....

OPTION 2

So you've decided you want more and thus continued to option 2 :coffee:

PHP:

a2enmod userdir

Configure Apache module userdir in /etc/apache2/mods-enabled/userdir.conf

PHP:

nano /etc/apache2/mods-enabled/userdir.conf

PHP:

<IfModule mod_userdir.c>
        UserDir public_html
        UserDir disabled root
 
        <Directory /home/*/public_html>
                AllowOverride All
                Options MultiViews Indexes SymLinksIfOwnerMatch
                <Limit GET POST OPTIONS>
                        Order allow,deny
                        Allow from all
                </Limit>
                <LimitExcept GET POST OPTIONS>
                        Order deny,allow
                        Deny from all
                </LimitExcept>
        </Directory>
</IfModule>

Create directory as user (not as root)

PHP:

mkdir /home/$USER/public_html

Change group as root (substitute your username) and restart web server

PHP:

chgrp www-data /home/<username>/public_html

PHP:

service apache2 restart

If you get a Forbidden error when accessing home folder through apache check /home/username has permissions drwxr-xr-x. If the permissions are wrong correct them as such:

PHP:

chmod 755 /home/<username>

Next we need to change something for PHP to work this way

PHP:

nano /etc/apache2/mods-available/php5.conf

PHP:

<IfModule mod_php5.c>
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>
    # To re-enable php in user directories comment the following lines
    # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
    # prevents .htaccess files from disabling it.
    #<IfModule mod_userdir.c>
    #    <Directory /home/*/public_html>
    #        php_admin_value engine Off
    #    </Directory>
    #</IfModule>
</IfModule>

See little instruction note in that? Follow it

Save and exit

PHP:

/etc/init.d/apache2 restart

Done

You're welcome


Are you thinking about using nGinx? .... nGinx seems to change per version... ie... Version 1.x.1 is different from 1.x.2 and the same with 1.x.3. The best guide for nGinx is to read, learn, read, learn some more, and do it yourself. Because what I tell you today about nGinx may no longer be true tomorrow or may not fit your needs today. I wish there was an easier way, but nGinx changes always (not to add you may have to configure it for every add-ons you my add, for each add-on).

IF you decide however that you much prefer a control panel, I would suggest Direct Admin (http://www.directadmin.com) . It uses much fewer resources than cPanel, has all the core features of cPanel, can run on more OS's (Operating Systems) than cPanel making for backward compatibility should you relocate, is kept more current than cPanel, and finally is more economical in value (you don't end up paying a monthly lease price like cPanel, you own a copy for about the same price as XenForo).

Great tutorial there. Luckily so far I've had a friend set up my VPS's but not because I don't know what I'm doing, more I'm too lazy to do it, either that or too busy to do it.

Nice job on the tutorial!

In the php install section the test failed. I installed libapache2-mod-php5 to get it to work. Should it work with out libapache2-mod-php5?

Thanks for the excellent tutorial.