Base de Conhecimento
Complete Webserver- Ubuntu 14.04, apache, php-fpm, fail2ban, ufw, mariadb-server Imprimir este Artigo
A complete webserver for hosting heavy traffic php based CMS websites like wordpress, drupal etc is also needed many components to be install and configure and they are:
Ubuntu 14.04 (Very popular Linux distribution)
Apache ( Webserver )
Mariadb-server ( drop in replacement of mysql server)
Fail2ban (intrusion detection prevention)
UFW ( firewall for ubuntu )
Lets start with setup :
- Apache setup with php5-fpm
# apt-get update #update local cache for available repository packages)
# apt-get install fail2ban vim curl gcc htop sysstat unzip wget ufw -y # install required packages
# apt-get install apache2-mpm-event -y # install apache mpm support
Edit the ubuntu repository file and add few lines into it. Actually thease repository required in order to get the fast cgi module install for apache support.
# vim /etc/apt/sources.list
Add these line at the end of file and save file
deb http://us.archive.ubuntu.com/ubuntu/ trusty multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty multiverse
deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
# apt-get update
# apt-get install libapache2-mod-fastcgi -y
# apt-get install php5-fpm php5-mysql php5-gd php5-mcrypt php5-curl php5-memcached memcahced -y
Create a new php-5fpm.conf file where information to use fastcgi module with apache will be stored.
# vim /etc/apache2/conf-available/php5-fpm.conf
Add following lines into file and save exit.
<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization -idle-timeout 300
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</IfModule>
Note: -idle-timeout 300 is added extra you can skip adding because its default value is 30s i have added so that if some script uses to execute in more time they can. Also note any script taking more time than default 30s to execute may be a performance bottleneck.
enable required apache module
# a2enmod actions fastcgi alias
# a2enconf php5-fpm
# a2enmod rewrite
# service apache2 restart
# service php5-fpm restart
Though we have installed the php5-curl but it needs to enable
# php5enmod curl
# service php5-fpm restart
To test the php installation create a phpinfo file in /var/www/html
# vim /var/www/html/info.php
add these lines
<?php phpinfo(); ?>
save and exit now access url in your browser
http://<ip address>/info.php
2. How to enable mod_rewrite ?
We have already enabled mod rewrite for apache but we need to configure this for our virtual website host config file.
# vim /etc/apache2/sites-enabled/000-default.conf
Just bellow the document root
Save and exit restart apache service once
# service apache2 restart
3. Install Mariadb-server
# apt-get install mariadb-server
This will ask for setting root password of mysql.
complete.
4. Ufw config:
Ufw is the default firewall configuration utility we should set default to deny every request and then to allow ssh and httpd
Please note do the same order as suggested here else you will lost the ssh access
# ufw allow ssh
# ufw allow 80/tcp
# ufw enable # it ask to y/n give y
# ufw default deny incoming
# ufw default allow outgoing
Some more important ufw rules:-
Allow a port range
# ufw allow 1000:2000/tcp
Deleting a rule
# ufw delete allow 80/tcp # this will delete a rule which we created above to allow all port 80 request.
To show/display status and rules
# ufw status
5. Setup fail2ban to stop ddos on port 80 and 22
We have already installed fail2ban package above now we will configure that
# cd /etc/fail2ban
# cp jail.conf jal.local
# vim jail.local
edit this file
add your vps ip in the file to ignore itself
ignoreip = 127.0.0.1/8 <ip of server>
set the following in the following
bantime = 3600
findtime = 3600
maxretry = 3
action = %(action_mwl)s
Find the sections [ssh-ddos] , [apache-noscript] , [apache-overflows]
and set enabled=true
We will create a rule for apache ddos
at the end of the file add bellow lines
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/*error.log
maxretry = 300
findtime = 300
bantime = 300
action = iptables[name=HTTP, port=http, protocol=tcp]
save the file
now create a new file
# vim /etc/fail2ban/filter.d/http-get-dos.conf
add these lines into and save and exit
[Definition]
failregex = ^<HOST> -.*”(GET|POST).*
ignoreregex =
now restart the service
# service fail2ban restart
6. php.ini edit
php.ini file also need to modify some parameters
# vim /etc/php5/fpm/php.ini
find and modify bellow lines
upload_max_filesize = 25M
post_max_size = 35M
max_execution_time = 90
memory_limit = 256M
save and exit
# service php5-fpm restart
7. Virtual websites hosting (multi website hosting)
To host multiple websites on this server now you should copy the config file in /etc/apache2/sites-enabled directory and change the value of DocumentRoot , ServerName , <Directory /var/www/html>, ServerAlias(optional).
Let assume i have to host three websites (1)dsstech.in (2)dsstech.com (3) cp.dsstech.in
# cd /etc/apache2/sites-enabled
First modify the default file for my first domain
# vim 000-default.conf
add lines like
save the file. Now for second virtualhost website i will copy this file and edit values
# cp 000-default.conf dsscom.conf
and the value will be like this
I will do the same thing for my next virtual website host and file named cpdss.conf and the values will be like this
Now save the files and check whether all your parameters are ok
# apachectl configtest
Syntax ok
Now restart apache in order to take effect
# service apache2 restart
Esta resposta foi útil?
Leia também
If we need a high traffic website host on apache due to .htaccess rules ( which is very painfull...
Xmlrpc is a type of attack in which your site goes down and if you see the error log of nginx...
If you have opted crazytech india KVM VPS for hosting a high traffic wordpress website then we...
We can setup a vps by using bind9 package # apt-get update #apt-get install bind9 # cd...
Using cloudflare for your website gives so many of options and flexibility for your web. Free...
Powered by WHMCompleteSolution