How to build the ultimate Ubuntu/Lighttpd/PHP/MySQL server, and keep it running
Install and configure Lighttpd
Now we are going to install Lighttpd
sudo aptitude install lighttpd lighttpd-docCongrats, you now have a working Lighttpd server! We still need to configure some things though
nano /etc/lighttpd/lighttpd.confYou can just use the default configuration, it’s quite good. Though you may want to change the site’s root directory on your server. I recommend the following layout:
~/public_html/site1/www/
~/public_html/site1/subdomain1/
~/public_html/site2/www/
~/public_html/site2/subdomain1/
Do not place subdomain directories in your main site’s root. If you do, it’s harder to password protect pages, since you have to protect both subdomain1.example.com and example.com/subdomain/ (maybe you never want to do this – it’s still a good idea to learn using a simpler layout).
To use this layout, you have to change your servers root to ~/public_html/, and you have to setup some ‘vhosts’, which will point to the actual website directories. Of course you first need to create the directories (exit nano, by pressing CTRL+X, first of course)
sudo mkdir ~/public_html/
sudo mkdir ~/public_html/site1/
sudo mkdir ~/public_html/site1/www/
sudo mkdir ~/public_html/site1/subdomain1/You can add as many sites and subdomains as you want. In order to enable a subdomain, you need to create a A/AAAA record in your domain names DNS settings. Set the hostname to the name of you subdomain, the IP address to your sites IP address and the TTL to default. You can also look at the ‘www’ record. www is also a subdomain, so you can use the same settings. It can take some time before the domains will start working, so don’t panic, and get some coffee.
We also create a directory for access and error logs
sudo mkdir ~/public_html/logs/Now we’re going to edit Lighttpd’s config file
sudo nano /etc/lighttpd/lighttpd.confScroll down all the way and add
$HTTP["host"] =~ "^(www\.)?site1\.com$" {
server.document-root = "/home/ntux/public_html/site1/www/"
server.errorlog = "/home/ntux/public_html/logs/site1_error.log"
accesslog.filename = "/home/ntux/public_html/logs/site1_access.log"
}
else $HTTP["host"] =~ "(^|\.)subdomain1\.site1\.com$" {
server.document-root = "/home/ntux/public_html/site1/subdomain1/"
server.errorlog = "/home/ntux/public_html/logs/site1_error.log"
accesslog.filename = "/home/ntux/public_html/logs/site1_access.log"
}
Now press CTRL+X to quit Nano, of course you need to overwrite the file with your new settings. Want to see if everything is working? Create a small html file and restart Lighttpd
sudo echo "Hi!" >> ~/public_html/site1/www/index.html
l2rAs you see, because we assigned the alias, you can just type ‘l2r’ to restart Lighttpd, instead of ‘sudo /etc/init.d/lighttpd restart’!
Now surf to your website and check if it’s working! If it’s not working, check if you didn’t forget a step, and if your domain name’s DNS is pointing towards your server.
Install and configure PHP 5
The server can only display static files now. We need to install and configure PHP in order to display dynamic PHP files
sudo apt-get install php5-cgi
sudo nano /etc/php5/cgi/php.iniAdd the following line to the php.ini file
cgi.fix_pathinfo = 1Now edit your Lighttpd config file again
nano /etc/lighttpd/lighttpd.confAdd the following to the list at the top (server.modules), or uncomment it
mod_fastcgiAnd add the following lines just above the vhost lines you’ve added in previous steps
fastcgi.server = ( ".php" => ((
"bin-path" => "/path/to/php-cgi",
"socket" => "/tmp/php.socket"
)))Restart Lighttpd and PHP will be working! We’ll create a basis php(info) file to check if it’s working
l2r
echo "<?PHP phpinfo(); ?>" >> \
~/public_html/site1/www/info.phpRemember that by typing l2r we restart Lighttpd. If you didn’t set the alias, you have to type “sudo /etc/init.d/lighttpd restart”
Now surf to yoursite.com/info.php. You’ll see the PHP configuration!
It looks quite basic at the moment. It’s possible that you need to install some PHP modules to get your application working, rfer to your applications documentation for this. Most of the times, the installation of a module is very easy. For example, if you want the GD Graphics Library (which is needed to dynamically generate images, like those CAPTCHA’s on forums), you can install it by simply typing
sudo apt-get install php5-gd
l2rOn the next page I'll show you how to add MySQL support.
(would be great if you left one too!)
Nicely written how-to.
I’ve scheduled a server reinstall for this Friday, and was trying to decide between Fedora 10 and Ubuntu. You’ve just made up my mind with this great walk-through, so look forward to ‘pimping my server’! :)
Since I run a large (10,000 user) phpBB forum on my server, I’ll also look at xcache from your Twitter too…
Ubuntu will be great. First I wanted to use Gentoo (best desktop linux distro imo) on my server, but after seeing that Ubuntu ‘just works’, without looking after it every day, which is exactly what a server has to do, I chose Ubuntu (and never regretted it).
And maybe you already thought of this, but make sure you don’t forget to make backups of the forum before the reinstall! It sounds quite stupid, but even big sites like dpreview.com lose things because of bad backups (ok, they maybe had just bad luck with a failing raid setup)…
And about xcache, it quite great :). I think I’m going to add a guide about it in a month or so (maybe earlier, but I’ve got some difficult exams this month, so don’t know how much spare time I’ll have – it’s also not that hard to install, I think you’ll manage to do it with the guides that are available atm).
My server is currently running Gentoo, albeit a heavily-modified-by-the-hosting-company edition, which sadly doesn’t work very well…
I had to heavily tweak the MySQLd and Apache2 setup – and its now running the site stably, but does freeze every now and again and they seem to have crippled a lot of the extensions/dependancies within Gentoo, so other software (service monitors, etc) just refuse to install.
I will backup the forum ;) At 10gb of files + 1gb DB, it’s a little too big to forget! Shame on any Admins who don’t regularly backup their sites – let alone check they have everything before wiping the server!!
Good luck with the exams.
After applying the changes to the ssh config I get the following error message when trying to connect with putty:
Disconnected: No supported authentication methods available
Any idea?
Eric:
Sorry! At first I was typing a guide in which you authenticated to SSH with a special file. Now I see I forgot to remove one line from a black box.
In ‘/etc/ssh/sshd_config’ you have to either remove
PasswordAuthentication no
or set it to ‘yes’.
One problem though may be getting into your box now.. I can’t tell you how to do this if I don’t know your exact situation, but most of the times you can login through a web based terminal, which is provided by your host.
Again, sorry for the hassle, but thanks for your comment!
I’m updating the guide now!EDIT: Guide updated. I also removed the line “UsePAM no”. You can also set it to yes, or remove it from your sshd_config
Thanks for updating it. Actually I figured it out myself ;-)
Now I’m stuck here:
iptables-restore < /etc/iptables.test.rules
Bad argument `DROP’
np, thanks for leaving the comment! Even though you figured it out by yourself, I really appreciate the comment. It helps me improve the guide.
But ok, now to your question. I think the problem lies with the ` before DROP. Look at the rules you want to implement in IPTables. There should be DROP somewhere (CTRL+W is search in Nano). You should replace the ` before it into a ‘ (I don’t know how you call those things, sorry, I mean the regular ‘ below ” on your keyboard).
Also, you have to type sudo before the line (I forgot to mention that in the guide, will update it now).
I hope this solves the problem, if not, don’t hesitate to comment again!
Thanks for the fast answer!
There’s no ` before the DROP in the textfile:
-A LINWIZ-INPUT -s 127.0.0.0/8 -j DROP
Since I don’t do it exactly the same way I don’t need to sudo anyway ;-)
since iptables-restore doesn’t work I’ll go for a script version of the iptables rules.
can you suggest the rc-update command so I have all important runlevels covered?
will “update-rc.d firewall defaults” do it?
I think you might find the apostrophe problems is actually WordPress… It tries to be clever and do curly quotes, but obviously not code with code is involved..
Glad others have found the problems before me… lol
Not sure if it helps others, but on previous servers, I’ve actually used two programs to look after the IPTables/Firewall: APF (Advanced Policy Firewall) and backed up with BFD (Brute Force Detection).
How-To guide for APF:
http://www.webhostgear.com/61_print.html
Then BFD (you need to install APF first):
http://www.webhostgear.com/60_print.html
Once running, it will look after you server, email you when someone tries to hack into your server with all their details, but don’t worry – its already blocked them on the firewall… :)
thanks, will have a look at it.
by the way, mysql doesn’t work with the server this way. you have to install php-mysql additinally for making it work!
eric: Thanks for pointing that out! Also sorry for forgetting things, but you (I’m not implying that you don’t) have to understand that there will always be a few errors in a brand new guide (even though I tried to write down almost exactly how I setup the server this site is running on).
And by pointing that out you also helped me remember that I was going to add something about PHP modules like GD.
(I’ll look into your try to look into your problem tomorrow btw, have to sleep now)
andi: Thanks for the links!
all: excuse me for using both apt-get and aptitude, as I’m used to Gentoo’s emerge I don’t exactly know which of the two is better….
Since most ‘powered by’ website nowadays needs GD and SQL, if you could add these to the guide – that would be great!
I’ll be needing to get both of those tonight ;)
Added a small part about installing GD, it’s quite easy actually: most important thing is restarting Lighttpd after installing it. The php5-mysql module is also added to the guide (which is indeed crucial to get mysql running).
Brilliant, thank you!
Looks like the Mrs. has vito’d me playing with Ubunutu tonight, but she’s out tomorrow night, so rescheduled for Saturday! Haha..
Just completed my server re-install, with a massive help (and thanks) to this guide.
All went pretty well apart from a little bit of ‘fun’ trying to get lighttpd working. In the end, I setup simple-vhosts which once configured made it all a doddle!!
It’s 3 simple lines in the config:
simple-vhost.server-root = “/home/USER/web/”
simple-vhost.default-host = “domain.tld”
simple-vhost.document-root = “/”
Then add
“mod_simple_vhost”,
in your server.modules string in the config too.
Then all I need to do is create a new folder in /home/USER/web for the domain I want to add and place the www files in there. No need to touch the config!
So to add eg google.com, I would:
cd /home/USER/web
mkdir google.com
sudo ln -s google.com http://www.google.com
The last part I make a symbolic link from www. to the directory so both work.
—– do you know how to make the www. always work via the simple-vhosts bit? Would be nice not to have to do the symlink each time.
In the guide there are a couple of ‘sudo’ bits missing – but the command line will tell you if you don’t have the rights ;)
*sigh*
All was working well early this morning when I went to bed (4:30am!).
Got up at 8am and checked – yup, site still up, so went out for the day.
I’ve had a raft of messages saying the site has been really slow, sometimes unavailable, or missing pictures (gifs mostly)…
I’ve tried diabling the image caching (thinking it may affect the gif icons on a forum) and tried it with both xcache enabled and disabled. Also looked at server tweaks for lighttpd… Nothing seems to help :(
I’m at a loss at what to do now. I’m sure the issue is in the config, somewhere….. where to start?
Update: (Haha, who’s blog is this? lol)
I didn’t do anything with the server last night – I was too tired. It was misbehaving and wasn’t responding, wouldn’t show gifs, css… (I’m talking about its web-servery-ness. As an actual machine it runs fine, but serving webpages, mostly php, is it purpose).
This morning?
Running like a peach. Didn’t do anything.
I like it when things get fixed by me – not by themselves!!
Sorry, but you use sudo ways too often and restart lighttpd ways too often. You don’t need to be root to edit a file in your home directory and after installing a PHP module, you don’t need to restart lighttpd, it’s enough to kill the PHP FastCGI server by running
sudo killall php.fcgi(or something smililar, depends of the name of the PHP process).Question from a complete Linux Newbie: I’m following this guide along with a brand-new Ubuntu 8.04 LTS image on Linode. When I get to the part where I’m implementing the aliases and I enter “sudo source ~/.bashrc” I get a “sudo: source: command not found” error.
Can anyone tell me what this means? I didn’t find any thing terribly helpful when I searched. I’m reluctant to experiment – I shot my last attempt at Linux that way.
Thanks!
Never mind, I think I stumbled across it right after I posted. I did a simple “source .bashrc” and it seemed to work just fine.
[...] got the first ubuntu box pretty much set up thanks to a nice tutorial from nanoTux. Of course I skipped the http server portion as well as the PHP and got Java installed. No real [...]
Great howto, but I have problems setting up MySQL. These are the error messages I get:
Starting MySQL database server mysqld [fail]
invoke-rc.d: initscript mysql, action “start” failed.
dpkg: error processing mysql-server-5.0 (–configure):
subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of mysql-server:
mysql-server depends on mysql-server-5.0; however:
Package mysql-server-5.0 is not configured yet.
dpkg: error processing mysql-server (–configure):
dependency problems – leaving unconfigured
Errors were encountered while processing:
mysql-server-5.0
mysql-server
Any idea what to do about this?
yours,
Erik
Erik: Hmmm… Kinda strange. Could you do the following:
sudo aptitude update
sudo aptitude remove mysql-server-5.0
sudo aptitude remove mysql-server
and then
sudo aptitude install php5-mysql
sudo aptitude install mysql-server mysql-client
sudo aptitude install libmysqlclient15-dev
mysql_secure_installation
If the error persists, please give me the full output of the last commands in a pastebin: http://pastebin.com/ (don’t paste them here, just link to the pastebin)
got a small issue, as soon as I add:
fastcgi.server = ( “.php” => ((
“bin-path” => “/path/to/php-cgi”,
“socket” => “/tmp/php.socket”
)))
I can’t access my site (either index.html or info.php). removing that solves the problem.
Any ideas?
Thanks
I fixed it, on Ubuntu 8.10 the “/path/to/php-cgi” needs to be replaced with “/usr/bin/php-cgi”
The standard hardy install of lighttpd includes mechanisms to enable and disable configuration files. Fastcgi is already included.
/etc/lighttpd/conf-available/README contains instructions and you can enable/disable modules from the commandline without the need to edit the config file.
I only used your HowTo to install lighttpd and php, so I’ve not read all of it. Otherwise, thanks for this HowTo, covers it nicely.
Hi!
I don’t know if that is possible, but I’m trying to test the mail server on my local machine… I have Google Apps in one domain of mine, and I’m trying to user that, but when I try to send emails from there, I get the following on the msmtp.log file:
Fev 09 15:21:00 host=smtp.gmail.com tls=on auth=on user=dejamps@domain.net from=dejamps@domain.net recipients=eber.freitas@gmail_domain.com errormsg=’cannot set X509 trust file /home/eber/.certs/ThawtePremiumServerCA.crt for TLS Session: Error while reading file.’ exitcode=EX_NOINPUT
My server log file says the following:
msmtp: cannot set X509 trust file /home/eber/.certs/ThawtePremiumServerCA.crt for TLS Session: Error while reading file.
msmtp: could not send mail (account default from /etc/msmtprc)
Is that only ’cause I’m running it locally or is there anything wrong with the certicates and so on? Thankyou!
Hey! I fixed it!
I’ve run the following:
——————————————
sudo aptitude install ca-certificates
sudp update-ca-certificates
sudo vim /etc/msmtp
tls_trust_file /etc/ssl/certs/ca-certificates.crt
l2r
——————————————
Now the mail server is running perfectly :)
How about installing and configuring Ruby/Rails?
Hi
The link to IPTables is not working – do you have an alternative link?
thanks
@Adam: Thanks for your reply! The site seems down indeed.
You can use
http://easyfwgen.morizot.net/gen/index.php
in the meantime. It’s maybe even better than the original link I posted. Make sure you choose “Allow Inbound Services” and “Specify a custom port range”, insert your SSH port there and declick the SSH option. Big chance that you also have to choose “Static IP” and fill in your servers IP address.
@Kevin: Installing will be quite easy through the package manager (apt-get or aptitude). Configuring is to complicated to explain in a comment, but there’s a chance that I make a post about somewhere soon (depends on my spare time).
I setup a server very similar to this, however I was using Apache 2.2 rather than Lighttpd, next time I plan to build a server from scratch, I will try using Lighttpd that way you have here.
Great guide, thanks.
I’m getting ‘opening errorlog …. failed: Permisson denied’
To fix, edit the lighttpd.conf entry for virtual hosts and instead of ‘server.errorlog’ , i believe it should be:
‘errorlog.filename’ .
Great guide; thanks for posting; I’ll be trying it out in the next few days.
Thanks NanoTux! It took me a while to set up (my first server) but everything works great now! Thanks for the tutorial.
Awesome guide I just got it working on my laptop thanks :D
Dear Admin,
Great walk through tutorial. I had already installed Ubuntu 8.04 server onto my web server along with the Apache, MySql, and PHP packages. After reading your tuturial, do I need to reinstall Ubuntu and start from scratch if I want to setup the lighttbd?
Thanks for the guide. This has been my goto for a while now to remind me what all I need to do when setting up a new server. Even a couple of years later it works great with minor modifications and additions (Debian, using RSA pubkey authentication for ssh, denyhosts, one or two other little things). I’ve finally realized I do this often enough that I’m going to just write a shell script to set up servers for me, but I wanted to thank you for the work. It’s been really useful.