The current article contains resources and ideas on how to setup an Ubuntu 16.04 droplet on Digitalocean, together with Webmin, LAMP – where M might 🙂 stand for MariaDB – and SSL from letsencrypt.
First of all, for the domain name you could use a free domain name provided by freenom.com (.tk, .ga, .ml, .gq or .cf extensions). Also, you have a choice between using the Freenom provided DNS or the Digitalocean DNS, which are both free of charge. I am now going for the Digitalocean DNS, as they have a nicer interface.
Important notes:
- our server’s address is
example.com
; - the dns needs to solve
webmin.example.com
the same asexample.com
; - our main example user is
sudouser
. So, please do replace that with your user wherever you have it in the commands; - to enable monitoring – which is free of charge, at least at the moment – via SSH in a droplet, use the following command:
curl -sSL https://agent.digitalocean.com/install.sh | sh
- for some operations in the server, you could use Midnight Commander:
sudo apt-get install mc
to install andmc
to open the interface.
Initial setup
To begin, we need a fresh and clean droplet. Except for the OS, we do not need anything else.
Security aspects
Using the root account directly is not recommended, as it has way too extended privileges in the system. Therefore, we will create a new user with sudo access and disable the root account:
adduser sudouser
usermod -aG sudo sudouser
sudo passwd -l root
su - sudouser
For enhanced security, we could use Public Key Authentication with disabled password authentication.
Also, it is important to setup the firewall rules and enable the firewall:
sudo ufw app list
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status
sudo ufw disable
Please remember to add a specific rule for each of the programs you install and also to enable the firewall at the end of this tutorial.
Set up locale settings
Use the following commands to fix your locale environment:
locale
apt-get install language-pack-en-base
sudo dpkg-reconfigure locales
To change the locale settings with an interface- exit and log back in
Enable a swap file
sudo swapon --show
sudo fallocate -l 4G /swapfile
ls -lh /swapfile
sudo chmod 600 /swapfile
ls -lh /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo swapon --show
SQLite
sudo apt-get install sqlite3 libsqlite3-dev
A Webmin-only setup
LAMP
Apache
sudo apt-get update &&
sudo apt-get install apache2 -y
sudo apache2ctl configtest
sudo systemctl restart apache2
sudo ufw app info "Apache Full"
sudo ufw allow in "Apache Full"
MariaDB
sudo apt update
sudo apt install software-properties-common -y
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://lon1.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu xenial main'
sudo apt update
sudo apt install mariadb-server -y
PHP
We will use the latest version of PHP.
sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql
sudo systemctl restart apache2
sudo systemctl status apache2
Add some necessary packages
sudo apt-get install php7.0-zip
Other necessary software
Postfix
sudo apt-get update
sudo DEBIAN_PRIORITY=low apt-get install postfix
sudo ufw allow Postfix
Composer
sudo apt-get update
sudo apt-get install curl php-cli php-mbstring git unzip
cd ~
curl -sS https://getcomposer.org/installer -o composer-setup.php
sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
NVM
sudo apt-get update
sudo apt-get install build-essential libssl-dev
curl -sL https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh -o install_nvm.sh
bash install_nvm.sh
Node.js and NPM
nvm install 8.9.4
nvm use 8.9.4
Webmin
sudo nano /etc/apt/sources.list
- append the following line to
sources.list
:deb http://download.webmin.com/download/repository sarge contrib
- press
Ctrl+x
and then confirm saving withy
wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
sudo apt-get update
sudo apt-get install webmin
Change default access settings
For changing these settings, we will use the webmin interface. Login to your webmin interface via http://example.com:1000
with sudouser
and the established password;
Webmin
We will asume that the new host is webmin.example.com
and the port is 30000
- In the sidemenu select “Webmin > Webmin configuration”;
- Click “Ports and Addresses”;
- Change “Listen for broadcasts on UDP port” to 30000;
- Change “Web server hostname” to webmin.example.com and save the form;
- Click “Restart Webmin”.
Mysql
- In the sidemenu select “Servers > Mysql Database Server”
- Select “MySQL Server Configuration”
- Change the value for “MySQL server port”;
- Click “Save and Restart MySQL”.
SSH
- In the sidemenu select “Servers > SSH Server”;
- Go to “Networking”;
- Change the value for “Listen on port” to a different number and save the form;
- Click “Apply changes”
SSL
Webmin
- In the sidemenu select “Webmin > Webmin configuration”;
- Select “SSL Encryption”;
- Complete the “Hostnames for certificate” with the domains you want in the certificate;
- For “Website root directory for validation file”, select the “Other Directory” button and enter
/var/www/html
- For “Months between automatic renewal section”, deselect the “Only renew manually” option by typing
1
into the input box, and selecting the radio button to the left of the input box; - Click the “Request Certificate” button. After a few seconds, you will see a confirmation screen and then you will need to restart webmin.
- Wait for about 30 seconds, reload the page and login again.
Apache
All hosted websites will have a specific configuration file structure, which will enforce the usage of https://
E.g.:
<VirtualHost *>
<Directory "/var/www/sites/subdomain.example.com">
Allow from all
Options +Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
AllowOverride All
<IfModule mod_ssl.c>
RewriteCond %{SERVER_NAME} =subdomain.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
<IfModule>
</IfModule>
<IfModule mod_ssl.c>
SSLCertificateFile /etc/webmin/letsencrypt-cert.pem
SSLCertificateKeyFile /etc/webmin/letsencrypt-key.pem
SSLCACertificateFile /etc/webmin/letsencrypt-ca.pem
</IfModule>
</Directory>
DocumentRoot /var/www/sites/subdomain.example.com
ServerName subdomain.example.com
</VirtualHost>
Code language: HTML, XML (xml)
The configuration files for Apache are usually in /etc/apache2/sites-enabled
. Also, do remember to add your domains to the certificate.
If you have made changes to the configuration files, use service apache2 restart
to apply them.
About the directory structure
- All the websites will be stored in
/var/www/sites
; - All the websites will be stored in the root of the public file, without parent directories.
E.g./var/www/sites/example2/
or/var/www/sites/firstsubdomain.example.com
phpMyAdmin
sudo apt-get update
sudo apt-get install bzip2 zip unzip
sudo apt-get install php7.0-bz2
sudo apt-get install phpmyadmin php-mbstring php-gettex
Use the defaults provided by the installation, spacebar to select.sudo phpenmod mcrypt
sudo phpenmod mbstring
sudo systemctl restart apache2
phpMyAdmin should be available at: http://example.com/phpmyadmin
If the result is an not found page, the following might help you:
sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
sudo a2enconf phpmyadmin.conf
sudo systemctl restart apache2
Further configuration can be done with:
sudo htpasswd -c /etc/phpmyadmin/htpasswd.setup admin
sudo pma-configure
Then go to http://example.com/phpmyadmin/setup (here the browsers ask for auth, the user is admin and the password is what you write in first command), with that wizard you configure your serverssudo pma-secure
A Virtualmin setup
For our server, we do not the full power of Virtualmin: the main thing we will use is the security it provides though easy to use and good looking interfaces. Another thing is that it can easily be extended, though it would be better to have the options figured out before actually using the server.
Resources inside this article
- setup locale;
- setup the sudo user;
Virtualmin
sudo apt-get update
sudo apt-get dist-upgrade -y
wget https://software.virtualmin.com/gpl/scripts/install.sh
sudo /bin/sh ./install.sh --minimal --force
Complete the post install by accessing https://example.com:10000
.
Edit apache landing page
sudo nano /var/www/html/index.html
- delete all the content and something basic and new (e.g. “Hello world!”);
- press
Ctrl+x
and confirm withY
Remember to
- add SSL from letencrypt;
- change default ports and addresses;
- activate automatic updates, wherever you think it’s useful.
Sources
- https://www.digitalocean.com/community/tutorials/how-to-create-your-first-digitalocean-droplet
- https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
- https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos
- https://askubuntu.com/questions/20450/disable-root-account-in-ubuntu
- https://www.digitalocean.com/community/tutorials/how-to-add-swap-space-on-ubuntu-16-04
- https://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue
- https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-16-04
- https://blog.programster.org/ubuntu-16-04-install-mariadb-10-1
- https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-16-04
- https://www.digitalocean.com/community/tutorials/how-to-install-and-use-composer-on-ubuntu-16-04
- https://www.digitalocean.com/community/tutorials/how-to-install-node-js-on-ubuntu-16-04
- (!) https://www.digitalocean.com/community/tutorials/how-to-install-webmin-on-ubuntu-16-04
- https://helpdesk.ssls.com/hc/en-us/articles/115001610352-How-to-install-a-SSL-certificate-in-Webmin
- https://www.virtualmin.com/node/51570
- https://doc.ez.no/eZ-Publish/Technical-manual/3.10/Installation/Virtual-host-setup/Virtual-host-example
- https://github.com/aamnah/bash-scripts
- https://guides.wp-bullet.com/configure-automatic-security-updates-with-webmin/
- https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-on-ubuntu-16-04
- https://askubuntu.com/questions/387062/how-to-solve-the-phpmyadmin-not-found-issue-after-upgrading-php-and-apache
- https://askubuntu.com/questions/19973/how-to-configure-phpmyadmin-to-access-multiple-servers