Perfect Server: Debian 8 (Jessie) V1.0 (page 2)

botond published March 2018, 05, Thu - 03:13 time
Perfect server - Debian, ISPConfig, Apache, PHP, MySQL

Content

 

Installing Apache2, PHP5, phpMyadmin, FCGI, suExec, Pear and mcrypt

Let's install it Apacheand the programs referred to in the title below apt-get command:

apt-get install \
    apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils \
    libapache2-mod-php5 libapache2-mod-fcgid apache2-suexec libapache2-mod-python \
    libapache2-mod-passenger \
    php5 php5-common php5-gd php5-mysql php5-imap php5-cli php5-cgi php-pear \
    php-auth php5-mcrypt imagemagick php5-imagick php5-curl php5-intl \
    php5-memcache php5-memcached php5-pspell php5-recode php5-sqlite \
    php5-tidy php5-xmlrpc php5-xsl \
    phpmyadmin mcrypt libexpat1 ssl-cert libruby memcached

 

 

The command installs about 223 Mb of packages and the configuration panels appear during installation. First, the phpMyAdmin configuration appears:

phpMyAdmin configuration - apache2

Select apache2then OK.

phpMyAdmin Configuration - dbconfig-common

Let's choose yes.

phpMyAdmin Configuration - Enter the administrative password

Enter the MySQL The root password you specified when installing.

phpMyAdmin Configuration - Application Password

Here you will be asked for an internal password that will be used only by the system, so leave it blank and generate one for you.

It then creates the required database and system users, checks access, and configures what is needed. Then we can try the http://192.168.1.120/phpmyadmin or whatever IP address you have set up for the server at that address.

phpMyAdmin - Login

 

Enable basic Apache modules

The following Apache modules must be enabled for the server to function normally. Run the following command:

a2enmod suexec rewrite ssl actions include auth_digest cgi

Then Apache restart a Service command:

service apache2 restart

 

 

Enable WebDAV

Optional, but it is advisable to enable WebDAV module as it is ISPConfigból then you can comfortably manage its users. To enable it, run the following command:

a2enmod dav_fs dav

Let's restart Apache here too:

service apache2 restart

 

Apache test

Here, typing the IP address of our server into the browser will bring up the default Apache2 page, which will indicate the success of our work (at my IP address):

http://192.168.1.120

Apache2 Debian default page

 

Installing XCache

XCache is free and open source PHP action code cache that can help us greatly optimize the speed of our PHP pages. Installation is therefore strongly recommended:

apt-get install php5-xcache

Then restart Apache:

service apache2 restart

 

PHP-FPM

Starting with ISPConfig 3.0.5, an additional PHP SAPI is available that you can select for Apache: PHP-FPM.

To use PHP-FPM with Apache, you'll need a mod_fastcgi Apache module (not to be confused with mod_fcgid -with). So install the PHP-FPM and mod_fastcgi packages:

apt-get -y install libapache2-mod-fastcgi php5-fpm

Enable the required modules and then restart Apache:

a2enmod actions fastcgi alias
service apache2 restart

 

Install and configure PureFTPd

Let's install it FTP server:

apt-get -y install pure-ftpd-common pure-ftpd-mysql

Then edit the / Etc / default / pure-ftpd-common file:

nano /etc/default/pure-ftpd-common

And make sure the following settings are in the file (if not, correct it):

[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]

We are now configuring PureFTPd to enable FTP and TLS sessions. By default, FTP is a non-secure protocol because all passwords and data are transmitted as plain text. Using TLS, on the other hand, can secure all communication over an FTP connection.

To enable both FTP and TLS sessions, run the following:

echo 1 > /etc/pure-ftpd/conf/TLS

 

 

Create your own SSL for a TLS connection

To use TLS SSL you need to create a certificate. THE / Etc / ssl / private / will be placed in a directory. To do this, we first create the directory:

mkdir -p /etc/ssl/private/

We then generate an SSL certificate with the following command:

openssl req -x509 -nodes -days 7300 \
    -newkey rsa:2048 \
    -keyout /etc/ssl/private/pure-ftpd.pem \
    -out /etc/ssl/private/pure-ftpd.pem

You will then be asked for the following information and respond to it (leaving the values ​​in square brackets blank will be stored):

  • Country Name (2 letter code) [AU]: HU
  • State or Province Name (full name): Give us our county
  • Locality Name (eg, city) []: Give us our city
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]: Enter your company name (anything you can enter)
  • Organizational Unit Name (eg, section) []: Specify a (in-house) class, eg: Web development
  • Common Name (eg server FQDN or YOUR name) []: Enter your server here FQDN or, if not, our own name.
  • Email Address []: Our email address

This completes our own SSL certificate.

 

It is worth knowing that self-signed certificates made in this way also serve their encryption function, but for our various encrypted services (e.g. https, ftps, etc.) external clients (eg web browsers, FTP clients) will mark our server as an unsafe connection and warn the user not to connect (for example, in the case of a https site, it is highly trust destroying). Thus, we need to consider the purpose for which we want to use our certificates (eg developer / test environment, experimental purposes, etc.). For live use, it is strongly recommended that you purchase an SSL certificate issued by an official CA (Certificate Authority) or get a free but official version.

 

A chmod command to configure the appropriate privileges for the SSL certificate to prevent unauthorized access:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Finally, restart PureFTPd:

service pure-ftpd-mysql restart

 

Related Content, Useful Links:

 

This description consists of several pages:

 

Tags
perfect server
Debian
Apache
PHP
phpMyAdmin
fcgi
WebDav
xcache
PHP-FPM
pureFTP
SSL