I have created a droplet with ubuntu 18.04 OS in Digital Ocean. I have also attached a storage. Made it auto format with aut mount. The storage may be useful in future when we change the droplet and we may need to attach the same to another droplet. Added an SSH Key. You can create the ssh key through putty using the following link.https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/create-with-putty/Login to your Server using putty.Get your IP Address from Droplet Page. Copy IP address and connect to the server using putty.If you are using a key file for authentication this key file may needed to be pointed within putty application. This can be done in the following page: Linking your private key file:In the Left side menu follow linksConnection>SSH> AuthIn this page point your private key file. Click Session in the menu and save settings for future use. Now click your connection and open connection using the existing configurations.After establishing connection create a new user and grant it administrative privileges. This is to avoid using root user extensively. Create a New Useradduser johnTo avoid having to log out of our normal user and log back in as the root account, we can set up what is known as "superuser" or root privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word sudo before each command.Add Public Key Authentication (Recommended)The next step in securing your server is to set up public key authentication for your new user. Setting this up will increase the security of your server by requiring a private SSH key to log in.Follow the instructions to create ssh key pairhttps://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/create-with-putty/Within the link please note. Because this is the place where some of you guys may stuck while configuring the server. :- Working with PuTTY's Public Key FormatTo disable password authentication on your server, follow these steps.As root or your new sudo user, open the SSH daemon configuration:sudo nano /etc/ssh/sshd_configFind the line that specifies PasswordAuthentication, uncomment it by deleting the preceding #, then change its value to "no".sshd_config file - Disable password authentication It should look like this after you have made the changePasswordAuthentication noHere are two other settings that are important for key-only authentication and are set by default. sshd_config - Important defaultsIf you haven't modified this file before, you do not need to change these settings:PubkeyAuthentication yesChallengeResponseAuthentication noWhen you are finished making your changes, save and close the file Type this to reload the SSH daemon:sudo systemctl reload sshdPassword authentication is now disabled. Your server is now only accessible with SSH key authentication.Set Up a Basic FirewallInitially run sudo apt-get updateInstalling Nginx from sourceGoto http://nginx.org/en/download.htmlChoose mainline version. Copy link.Download the file to the server using the following commangwget paste-copied-link-location-hereExample: wget http://nginx.org/download/nginx-1.15.8.tar.gzExtract the tar.gz file with the following commandtar -zxvf archive-file-nameExample: tar -zxvf nginx-1.15.8.tar.gzWe will have a directory after extracting. Cd into the directoryExample : cd nginx-1.15.8First configure installerIn order to configure, within the installation directory type./configureIf you see following error please follow below instructions: checking for C compiler ... not foundFollow the instructionsInstall compiling tools-sudo apt-get install build-essentialInstall some more dependencies before we proceedsudo apt-get install libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev libxml2-dev libxslt1-dev python-dev libgd-dev libgeoip-devConfigure the installer with the following command.To understand more about the modules please visit the given linkhttp://nginx.org/en/docs/configure.html./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=www-data --group=www-data --build=ubuntu --builddir=nginx-1.15.8 --with-select_module --with-poll_module --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-compat --with-pcre --with-pcre-jit --with-openssl-opt=no-nextprotonegAfter successful execution of ./configure runExecute following commandsmakesudo make installSymlink /usr/lib/nginx/modules to /etc/nginx/modules directory. etc/nginx/modules is a standard place for NGINX modules:sudo ln -s /usr/lib/nginx/modules/ /etc/nginx/modulesCheck NGINX syntax and potential errors:# Create NGINX cache directories and set proper permissionssudo mkdir -p /var/cache/nginx/client_temp /var/cache/nginx/fastcgi_temp /var/cache/nginx/proxy_temp /var/cache/nginx/scgi_temp /var/cache/nginx/uwsgi_tempsudo chmod 700 /var/cache/nginx/*sudo chown nginx:root /var/cache/nginx/*# Re-check syntax and potential errors.sudo nginx -tIt should give a success message.Now we need to access nginx service using systemctl command.Create NGINX systemd unit file:sudo vim /etc/systemd/system/nginx.serviceCopy/paste the below content into /etc/systemd/system/nginx.service file:[Unit]Description=nginx - high performance web serverDocumentation=https://nginx.org/en/docs/After=network-online.target remote-fs.target nss-lookup.targetWants=network-online.target[Service]Type=forkingPIDFile=/var/run/nginx.pidExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.confExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.confExecReload=/bin/kill -s HUP $MAINPIDExecStop=/bin/kill -s TERM $MAINPID[Install]WantedBy=multi-user.targetNow Save and close the file.( Hit Escape , type :wq and hit Enter)Enable NGINX to start on boot and start NGINX immediately:sudo systemctl enable nginx.servicesudo systemctl start nginx.serviceTry Accessing your host ip address through browser you should get a web page like thisCheck if NGINX will automatically initiate after a reboot:sudo systemctl is-enabled nginx.serviceIt should give result "enabled"Create conf.d, snippets, sites-available and sites-enabled directories in /etc/nginx directory:sudo mkdir /etc/nginx/{conf.d,snippets,sites-available,sites-enabled}Change permissions and group ownership of NGINX log files:sudo chmod 640 /var/log/nginx/*sudo chown www-data:www-data /var/log/nginx/access.log /var/log/nginx/error.logNow, you have the latest version of NGINX installed by building it from source code.2. Install MariaDBMariaDB is the drop-in replacement of MySQL database server.It takes a single command line to install MariaDB Database Server.To install it, run:sudo apt updatesudo apt install mariadb-server mariadb-clientAfter installing, the commands below can be used to stop, start and enable MariaDB service to always start up when the server boots.sudo systemctl stop mariadb.servicesudo systemctl start mariadb.servicesudo systemctl enable mariadb.serviceNow our MariaDB instance is started and it is enabled to start automatically on every boot. Next we need to run the commands below to secure MariaDB server by creating the root user password and deleting the test database.sudo mysql_secure_installationWhen prompted, answer the questions below by following the guide.Enter current password for root (enter for none): Just press the EnterSet root password? [Y/n]: YNew password: Enter passwordRe-enter new password: Repeat passwordRemove anonymous users? [Y/n]: YDisallow root login remotely? [Y/n]: YRemove test database and access to it? [Y/n]: YReload privilege tables now? [Y/n]: YThat's it. Password for the database administrative user account has been set.Restart MariaDB server when done.sudo systemctl restart mariadb.servicePlease Note:- If you try to access your mariadb instance using mysql -u root -p command, you have to first login as a root user . Then execute the above command as a root user. Or else you may end up in error.3. Install PHPTo install PHP, run:sudo apt-get install php-fpm php-mysqlAfter installing PHP, we need to secure it by doing a simple change.To do so, edit php.ini file:sudo vim /etc/php/7.2/fpm/php.iniFind the following line:;cgi.fix_pathinfo=1Uncomment it and change its value from 1 to 0 (zero).cgi.fix_pathinfo=0Save and close the file. Then, restart PHP-FPM service to take effect the changes.sudo systemctl restart php7.2-fpmCheck PHP-FPM service is running or not using command:sudo systemctl status php7.2-fpmSample output for the above command:● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2019-01-03 19:39:41 IST; 2min 35s ago Docs: man:php-fpm7.2(8) Main PID: 10732 (php-fpm7.2) Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0
