Tech

Setting up a new server

add1sun

I’ve been playing around a lot with my site, doing an upgrade from Drupal 6 to 7. I also decided to set up a new server on Linode to give them a try (I’ve heard great things about them). I’m an Ubuntu gal so I had to choose between the LTS (Long Term Service) or the latest. Of course, I ended up picking the latest release, Natty Narwhal (It’s a Narwhal!). Once I clicked a button or two to install the new and boot it up, I needed to do some work to make an actual useful web server. Here are my notes from getting things up and running. These aren’t extensive notes with lots of explanation, but it is enough for me to get through the process without wasting several hours. Take them for what you want.

These notes are from setting up a LAMP stack on Ubuntu 11.04 Natty Narwhal.

Hardening

First, I wanted to lock down security a little bit.

Change root password
passwd

Create user
This will be my normal day-to-day user.
adduser username

Set default editor to vim
I can’t stand using nano, but if that floats your boat, then just skip this part.
update-alternatives --config editor

Give user sudo rights
My normal user needs to be able to do things.

  1. visudo
  2. Go to the # User privilege specification section and add:
    username     ALL=(ALL) ALL

You can also set up keys for authentication. I skipped it for now.

Lock down SSH a little more
vim /etc/ssh/sshd_config
We need to change a few things:

  • Port #### (pick a number between 1025 and 65536 and remember it)
  • PermitRootLogin no
  • X11Forwarding no
  • UsePAM no
  • At the bottom of the file add a line to list specific users: AllowUsers username

Restart SSH:
service ssh restart

Log in as user
Do this in a separate terminal window and make sure it is working correctly before you log out as root. Test to make sure sudo works by trying to edit a root user file like:
sudo vim /etc/timezone
Once everything looks good, log out of the root session.

Updating and Installing packages

Now we need to make sure we have the latest updates for our software and install new packages we’ll need to make a web server.

Update the sources
sudo apt-get update

Upgrade the server
First we can see what is going to get upgraded:
sudo apt-get --simulate upgrade
Then we can run the upgrade for reals:
sudo apt-get upgrade

Install stuff we need
These are essentials for a web server running PHP.
sudo apt-get install build-essential apache2 php5 mysql-server-5.1 mysql-client-5.1 php5-mysql php5-gd
I also added these:

  • git, for version control
  • php-pear and libpcre3-dev, so I can install APC with PECL
  • postfix, so Drupal can send email from the sites
  • rsync, for backups

Just follow the prompts for MySQL and Postfix. For Postfix select Internet Site and enter a real domain name for the mail to come from.

Finding stuff
If you want to hunt around for packages to install you can search the cache.
sudo apt-cache search searchterm, where searchterm is what you are looking for.

Set up cron to alert us to security updates
I added a cron job that will simulate an update and then email me the results so that I know what updates need to be run on the server.
sudo crontab -e
Add the email address you want to use and then the command to run:

MAILTO="webmaster@example.com"
17 3 */2 * * apt-get -qq update && apt-get -qq --simulate upgrade

Apache

To run my Drupal sites I need to have the rewrite module enabled on Apache.
sudo a2enmod rewrite
sudo /etc/init.d/apache2 restart

Install APC

APC is a PHP cache that is an easy performance win for any site that runs on PHP.
Make sure you have the right packages installed (listed above), notably php-pear and libpcre3-dev.
sudo pecl install apc
Restart Apache so it pulls in the new config.
sudo /etc/init.d/apache2 restart

MySQL

The main thing I do with MySQL is to make sure I enable query caching. You can also run a tuning script called mysqltuner to see other helpful tweaks.

Query Cache
sudo cp /etc/mysql/my.cnf /etc/mysql/my.cnf.orig
sudo vi /etc/mysql/my.cnf
Find the query cache section and add:
query_cache_type = 1
I also changed the query_cache_size to 64.

MySQLTuner
Put this wherever you want in your filesystem.
git clone https://github.com/rackerhacker/MySQLTuner-perl.git
cd MySQLTuner-perl
perl mysqltuner.pl

Set up site

At this point I set up my Drupal site. I put my sites in my home dir instead of the main /var/www directory. (Keep in mind that means that I have to play around in virtual hosts so that Apache can find my stuff.) I keep my site code in version control, so a simple git clone gets all of my code in place. A database dump from the old site gets scp into the new server and then I rsync my files directory over (I don’t keep that in version control since it gets so big and rsync is great for that stuff.)

Tada!

I end up doing other tweaks as I go along obviously, like adding Drush to the server (a Drupal shell), but these are all the essentials that I start off with and gets me up and running pretty quickly. I’m sure there are all kinds of steps I missed, either because I forgot to write it down, or I’m just ignorant of some awesome thing that better people know about. I’m not a server head by any means, but I get the job done. I just hope sharing my notes may help someone else, including my own future self. 😉