Debian buster on VPS
AJA • May 12, 2020
debianDebian is a free operating system (OS) for your computer. An operating system is the set of basic programs and utilities that make your computer run.
A virtual private server (VPS) is a virtual machine sold as a service by an Internet hosting service.
/etc/apt/sources.list
## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
## or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl
###
# See http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html
# for how to upgrade to newer versions of the distribution.
deb http://deb.debian.org/debian buster main
deb-src http://deb.debian.org/debian buster main
## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main
deb http://deb.debian.org/debian buster-updates main
deb-src http://deb.debian.org/debian buster-updates main
## Uncomment the following two lines to add software from the 'backports'
## repository.
##
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
deb http://deb.debian.org/debian buster-backports main
deb-src http://deb.debian.org/debian buster-backports main
Apache
sudo apt-get install apache2
Change apache /var/www/html owner, group and permissions.
sudo chown -R www-data:www-data /var/www/
sudo chmod -R 775 /var/www/html/
Add current user in www-data group to have access to /var/www/html
sudo usermod -a -G www-data debian
Change files and folders permissions.
cd /var/www
sudo -u www-data find html -type f -exec chmod 664 {} \;
sudo -u www-data find html -type d -exec chmod 775 {} \;
Check apache installation with http://mydomain.com/.
Apache verify.
sudo apache2ctl configtest
sudo apache2ctl -S
PHP
sudo apt-get install php php-mbstring
Check PHP installation
echo "<?php phpinfo ();?>" > /var/www/html/index.php
Mariadb
sudo apt-get install mariadb-server php-mysql
Configure mysql
sudo mysql --user=root
First delete the default mysql root user and create a new mysql root user, because the default one can only be used with Linux root account, and so not available for the webserver and php scripts.
DROP USER 'root'@'localhost';
CREATE USER 'root'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION;
Check mysql installation
sudo mysql -uroot -ppassword
Phpmyadmin
On debian 10, first install php-twig with buster-backports to get the latest version.
sudo apt-get -t buster-backports install php-twig
sudo apt-get install phpmyadmin
During the installation process, select these options:
- Select Apache2 (press space and enter)
- Configure the database for PHPMyAdmin with db-common: No
Check Phpmyadmin with http://mydomain.com/phpmyadmin/.
UFW
Ufw is a uncomplicated firewall
Warning you need to allow OpenSSH before enabling Ufw.
Allow http and https with 'WWW Full'.
sudo apt-get install ufw
sudo ufw status
sudo ufw allow OpenSSH
sudo ufw allow 'WWW Full'
sudo ufw enable
sudo ufw status
Allow only ssh and https.
sudo ufw delete allow 'WWW Full'
sudo ufw allow 'WWW Secure'
sudo ufw status
Check apache configuration
sudo apache2ctl configtest
sudo apache2ctl -S
sudo apache2ctl restart
Cerbot
Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
sudo apt-get install -t buster-backports python-certbot-apache
Add WWW rule to ufw.
sudo ufw allow WWW
Create a mydomain.conf file in /etc/apache2/sites-available. Create a link from /etc/apache2/sites-enabled/mydomain.conf to /etc/apache2/sites-available/mydomain.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
ServerName mydomain.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias www.mydomain.com
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>
sudo ln -s /etc/apache2/sites-available/mydomain.conf mydomain.conf
Create a sub-mydomain.conf file in /etc/apache2/sites-available.
Create a link from /etc/apache2/sites-enabled/sub-mydomain.conf to /etc/apache2/sites-available/sub-mydomain.conf.
Add the Directory directive in the VirtualHost config.
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sub/public
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory /var/www/html/sub/public>
AllowOverride All
Require all granted
</Directory>
ServerName sub.mydomain.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>
sudo ln -s /etc/apache2/sites-available/sub.mydomain.conf sub.mydomain.conf
Create and verify the certificates.
sudo certbot --apache -d mydomain.com -d www.mydomain.com - d sub.mydomain.com
sudo apache2ctl configtest
sudo apache2ctl restart
sudo apache2ctl -S
sudo certbot renew --dry-run
Use --expand to append another subdomain.
Create a sub2-mydomain.conf file in /etc/apache2/sites-available.
Create a link from /etc/apache2/sites-enabled/sub2-mydomain.conf to /etc/apache2/sites-available/sub2-mydomain.conf.
Add the Directory directive in the VirtualHost config.
sudo certbot --apache --expand -d mydomain.com -d www.mydomain.com -d sub.mydomain.com -d sub2.mydomain.com
remove the WWW rule to ufw.
sudo ufw delete allow WWW
Check installed or removed packages
sudo grep " install " /var/log/dpkg.log
sudo grep " remove " /var/log/dpkg.log
Composer
sudo apt install curl php-cli php-mbstring git unzip
cd $home
curl -sS https://getcomposer.org/installer -o composer-setup.php
php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; } echo PHP_EOL;"
sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
Node and npm
sudo apt install nodejs npm
Man
sudo apt-get install man-db
Update and clear
sudo -u www-data composer update