Contents for those who want to skip to a topic directly Create a new user and secure SSH access [page 1] Add some basic aliases to speed up things [page 2] Learn how 'free -m' works [page 2] Update OS, install essential applications [page 2] Install and configure Lighttpd [page 3] Install and configure PHP 5 [page 3] Install and secure MySQL [page 4] Google mail, and get php(mail) working [page 4] Configure IPTables (firewall) [page 5] Speed up your sites performance with etags [page 5]
This is going to be a very long post. Read it thoroughly, it’s very detailed and you can mess things up easily if you forget certain steps, which forces you to start over again.
If you don’t understand something, read it again. If you still don’t understand it, post a comment and I will do my best to explain it. Also DO post a comment if you want to say thank you, I really appreciate it!
OK, fasten your seatbelts and get some coffee. Here we go:
Setup your server or VPS, I won’t go into how hardware or how to install Ubuntu in this guide. If you have a VPS, you can select a Linux distribution in the control panel most of the times, and it will be installed for you automatically. For this guide we’ll use Ubuntu Lucid 10.04, since it’s very stable, and has a very large user community, and long term support.
Create a new user and secure SSH access
Connect to your server via SSH. To do this, you’ll need an SSH client. OS X users can use the built in Terminal application for this purpose. Windows user can use the free program ‘Putty‘.
To connect, type.
Don’t forget to change 184.108.40.206 to your servers IP!
Each time you re-setup your server, the SSH remote host identification changes. If you get a message like “remote host identification has changed”, you need to edit the SSH known_hosts file on your *local*, home, not-server computer and remove any entries that point to your server’s IP address. On OSX, you can do this by typing in the terminal
or you could just delete the file
sudo rm ~/.ssh/known_hosts
Check which version of Ubuntu you are using by typing
You should see the following
DISTRIB_ID=Ubuntu DISTRIB_RELEASE=10.04 DISTRIB_CODENAME=lucid DISTRIB_DESCRIPTION="Ubuntu 10.04.1 LTS"
This guide is optimized for Ubuntu Lucid, but should also work fine for other versions.
You don’t want to use the root account. Add a new user
Though you do want to do some things which need root to be done by the root user. To bypass this problem, give yourself ‘sudo’ rights
Add this to the file the following line: (note, if your distro uses Vim for as text editor: scroll to the last line with your arrow buttons, press ‘a’ and type the line you see below. Hit ESC and : (or SHIFT + ;), write wq and hit ENTER).
ntux ALL=(ALL) ALL
After creating the new account, you don’t need to use the root account anymore. Though before you log out of the root session, make sure you change some permissions
You can tune this config file as you want, but since I don’t think you want to read all man pages, just edit these settings
Port 98765 Protocol 2 PermitRootLogin no X11Forwarding no
You can press CTRL+W in Nano to search for the strings if you can’t find them. Change the port to a number that’s different from 22, though you still have to type it in often so don’t make it to hard. Append these settings to the end of the file. Of course you need to replace ‘ntux’ with the name of the user you added.
UseDNS no AllowUsers ntux
In order to enable the setting you changed, you need to reload SSH (don’t logout! just enter the following command)
Still understand everything we did? In the last few steps you configured the server to only allow the user ntux to login to the server via SSH, which means that if you logout the root account now, you won’t be able to SSH back in with the root account (until you change the setting again, but that won’t be needed). You can safely close the current SSH connection, but if you want, you may also leave it open until the end of this tutorial. In either case, open a new terminal window (in OS X) and issue this command to connect via SSH with your new user
ssh -p 98765 firstname.lastname@example.org
Don’t forget to change the port, username and server IP according to your own configuration.