Creating a webserver: Difference between revisions
Leechfinger (talk | contribs) |
|||
| (14 intermediate revisions by one other user not shown) | |||
| Line 24: | Line 24: | ||
== Get colors in .bashrc for root == | == Get colors in .bashrc for root == | ||
Edit /root/.bashrc and un-comment two lines. | We are going to be doing a lot of work as root so it is best to get some colors in our shell to distinguish between files and directories. Edit /root/.bashrc and un-comment two lines. | ||
<br> | <br> | ||
<syntaxhighlight lang="bash" line> | <syntaxhighlight lang="bash" line> | ||
| Line 30: | Line 30: | ||
alias ls='ls $LS_OPTIONS' | alias ls='ls $LS_OPTIONS' | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Update the system == | |||
We just did a fresh install, which was a net-install; so, everything should be current. It does not hurt to run an update anyway. | |||
<syntaxhighlight lang="bash" line> | |||
# apt update; apt upgrade; apt dist-upgrade; | |||
</syntaxhighlight> | |||
== Essential utilities == | |||
We need to secure the server and also get the logs rolling. Plus, we need our favorite editor, way to change to su, un-compress files and copy files. Here is what we need for all this: | |||
<syntaxhighlight lang="bash" line> | |||
# apt install ufw rsyslog vim sudo unzip rsync | |||
</syntaxhighlight> | |||
== Setup simple firewall rules for web == | |||
You can add a lot more rules later on but here are the basic ones to secure your server for now, since it is already live on the wire. | |||
<syntaxhighlight lang="bash" line> | |||
# ufw enable | |||
# ufw allow in on eno8303 from 10.11.12.0/24 proto tcp to any port 22 | |||
# ufw default deny incoming | |||
# ufw default allow outgoing | |||
# ufw logging on | |||
# ufw logging medium | |||
# ufw allow log 22/tcp | |||
# ufw allow log 80/tcp | |||
# ufw allow log 443/tcp | |||
# ufw allow in on eno8303 from any proto tcp to any port 80,443 | |||
</syntaxhighlight> | |||
== Installing Apache == | |||
Please read [[:Installing Apache]]. | |||
[[Category:Debian]] | [[Category:Debian]] | ||
== Installing PHP == | |||
Please read [[:Installing PHP]]. | |||
== Installing Database == | |||
Please read [[:Installing MariaDB]]. | |||
Latest revision as of 22:03, 17 May 2024
Purpose
This document highlights our steps in building a very simple low end Webserver.
Hardware
We chose Dell for our build. Just a few key configuration items:
- PowerEdge R250 Server
- Intel Xeon E-2378G 2.8GHz, 16M Cache, 8C/16T, Turbo (80W), 3200 MT/s
- PERC H755 Adapter, Low Profile
- 4 3.5" 22 TB SATA drives
- 128 GIG RAM
- Broadcom 5719 Quad Port 1GbE BASE-T Adapter
- Enterprise Drac
Installing Debian
Please refer to installing Debian articles.
Post install
- Make sure sshd is running and proper space is showing for your drives.
# systemctl status sshd.service
● ssh.service - OpenBSD Secure Shell server
# df -h | grep sda
/dev/sda2 60T 1.8G 57T 1% /
/dev/sda1 512M 5.9M 506M 2% /boot/efi
Now, you can close the lid and slide back your KVM and go to your workstation for the rest of the configuration, unless you were doing all this from iDRAC to start with. In that case, you can close the console and ssh into your server.
Get colors in .bashrc for root
We are going to be doing a lot of work as root so it is best to get some colors in our shell to distinguish between files and directories. Edit /root/.bashrc and un-comment two lines.
export LS_OPTIONS='--color=auto'
alias ls='ls $LS_OPTIONS'
Update the system
We just did a fresh install, which was a net-install; so, everything should be current. It does not hurt to run an update anyway.
# apt update; apt upgrade; apt dist-upgrade;
Essential utilities
We need to secure the server and also get the logs rolling. Plus, we need our favorite editor, way to change to su, un-compress files and copy files. Here is what we need for all this:
# apt install ufw rsyslog vim sudo unzip rsync
Setup simple firewall rules for web
You can add a lot more rules later on but here are the basic ones to secure your server for now, since it is already live on the wire.
# ufw enable
# ufw allow in on eno8303 from 10.11.12.0/24 proto tcp to any port 22
# ufw default deny incoming
# ufw default allow outgoing
# ufw logging on
# ufw logging medium
# ufw allow log 22/tcp
# ufw allow log 80/tcp
# ufw allow log 443/tcp
# ufw allow in on eno8303 from any proto tcp to any port 80,443
Installing Apache
Please read Installing Apache.
Installing PHP
Please read Installing PHP.
Installing Database
Please read Installing MariaDB.
