Server setup for Ubuntu 15.04 on Digital Ocean

The setup installs the following software:

Nginx
MySQL
PHP
Memcache
PHPMyAdmin
Node
Composer

Update system

apt-get update && apt-get dist-upgrade -y
apt-get autoremove -y

Add new user

Instead of using root as the user, we add a new one.

useradd -d /home/<username> -m -s /bin/bash <username>
usermod -a -G adm,cdrom,sudo,dip,plugdev <username>

If you provided your SSH key when creating the droplet, you can copy the authorized_keys to the new username to skip needing a password when connecting.

mkdir /home/<username>/.ssh
cp /root/.ssh/authorized_keys /home/<username>/.ssh/
chmod 600 /home/<username>/.ssh/authorized_keys
chown -R <username>:<username> /home/<username>/.ssh

Run visudo and add the following line at the end of the file.

<username> ALL=(ALL) NOPASSWD: ALL

Create and expose a SSH Key for the new user

ssh-keygen -t rsa -C "[email protected]"
cat ~/.ssh/id_rsa.pub

Install packages

apt-get install -y \
build-essential \
python-software-properties \
python \
g++ \
make \
fail2ban \
apache2-utils \
curl \
git \
htop \
ntp \
ntpdate

Set correct timezone

dpkg-reconfigure tzdata

Install NodeJS

curl -sL https://deb.nodesource.com/setup_5.x | sudo -E bash -
apt-get install -y nodejs

Update npm.

npm update -g

Install bower.

npm -g install bower

Install Composer

curl -sS https://getcomposer.org/installer | php -- \
--install-dir=/usr/bin \
--filename=composer

Create default htpasswd file

htpasswd -c /etc/default/htpasswd <htpasswd-username>

Install Nginx

add-apt-repository ppa:nginx/development
apt-get update && apt-get install nginx-full -y

Configure Nginx

Check number of cores to set worker_processes.

grep processor /proc/cpuinfo | wc -l

Check core limit for number of connections.

ulimit -n

Configure Nginx accordingly.

worker_processes <number-of-cores>;
worker_connections <core-limit>;
multi_accept on;
server_tokens off;
server_names_hash_bucket_size 64;
server_name_in_redirect off;

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 2;
gzip_buffers 16 8k;
gzip_min_length 1100;
gzip_http_version 1.1;
gzip_types text/plain text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/rss+xml text/javascript image/svg+xml application/x-font-ttf font/opentype application/vnd.ms-fontobject;

access_log off;

client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 64m;
client_header_timeout 12;
client_body_timeout 12;

keepalive_timeout 15;
send_timeout 10;
large_client_header_buffers 2 1k;

Restart Nginx.

service nginx restart

Configure Nginx vhost

Create config file for virtual host.

pico /etc/nginx/sites-available/<domain-name>.conf

server {
  listen 80;
  listen [::]:80;

  root /var/www/<domain-name>/public/;
  index index.php index.html;

  server_name <domain-name>;
  charset utf-8;

  location ~* \.(?:manifest|appcache|html?|xml|json)$ {
    expires -1;
  }

  location ~* \.(?:rss|atom)$ {
    expires 1h;
    add_header Cache-Control "public";
  }

  location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location ~* \.(?:css|js)$ {
    expires 1y;
    add_header Cache-Control "public";
  }                                                                                                                 

  location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
    expires 1M;
    add_header Cache-Control "public";
  }

  location / {
    try_files $uri $uri/ /index.php?$query_string;

    auth_basic "Restricted";
    auth_basic_user_file /etc/default/htpasswd;
  }

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;

    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_intercept_errors on;
  }
}

# Redirect www to non-www
server {
  server_name www.<domain-name>;
  return 301 http://<domain-name>$request_uri;
}

Create public directory in site folder.

mkdir -p /var/www/<domain-name>/public

Fix correct owner.

chown -R <username>:<username> /var/www/<domain-name>

Enable vhost.

ln -s /etc/nginx/sites-available/<domain-name>.conf /etc/nginx/sites-enabled/<domain-name>.conf

Restart Nginx.

service nginx restart

Install PHP

apt-get install -y \
php5-common \
php5-mysqlnd \
php5-xmlrpc \
php5-curl \
php5-gd \
php5-cli \
php5-fpm \
php5-dev \
php5-imap \
php5-mcrypt \
php5-memcache \
php5-sqlite \
php-pear \
memcached \
imagemagick

Configure PHP

Adjustments for php-fpm is based on the 2GB Digital Ocean setup.

pico /etc/php5/fpm/pool.d/www.conf

listen.owner = www-data
listen.group = www-data

pm.max_children = 16
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6

pico /etc/php5/fpm/php.ini

post_max_size = 64M
upload_max_filesize = 64M
date.timezone = Europe/Stockholm
session.save_handler = memcache
session.save_path = unix:/tmp/memcached.sock
mysql.default_socket = /var/run/mysqld/mysqld.sock

Enable mcrypt.

php5enmod mcrypt

Configure Memcached

Configure Memcached to use socket instead of TCP service.

pico /etc/memcached.conf

# Remove the following.
-p 11211
-l 127.0.0.1

# Add the following instead.
-s /tmp/memcached.sock
-a 666

Install MySQL

aptitude install -y \
mysql-server \
mysql-client

Install PHPMyAdmin

apt-get install -y phpmyadmin

Add PHPMyAdmin configuration to default host.

location /phpmyadmin {
  root /usr/share/;
  index index.php index.html index.htm;

  location ~ ^/phpmyadmin/(.+\.php)$ {
    include snippets/fastcgi-php.conf;
    root /usr/share/;

    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_intercept_errors on;
  }

  location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
    root /usr/share/;
  }
}

location /phpMyAdmin {
  rewrite ^/* /phpmyadmin last;
}

mamedinfo/ubuntu-server-setup-16.04.md