{"id":2257,"date":"2015-06-25T13:46:26","date_gmt":"2015-06-25T20:46:26","guid":{"rendered":"http:\/\/www.wellgolly.com\/?p=2257"},"modified":"2018-05-03T06:35:45","modified_gmt":"2018-05-03T13:35:45","slug":"spinning-up-a-new-virtual-machine","status":"publish","type":"post","link":"https:\/\/www.wellgolly.com\/?p=2257","title":{"rendered":"Spinning up a new Virtual Machine"},"content":{"rendered":"

Most of my websites are low volume and so I host them on the same VPS at Linode. For a new project, I decided to put the websites on a separate VPS. I spent a day researching the current choices and you probably won\u2019t go wrong with any of them. For me, it came down to either Linode (which I\u2019ve been happy with) or Digital Ocean (which I\u2019ve used for backups and helping my nephew learn programming). Since I don\u2019t need a lot of space right now and I had a referral code, I decided to go with the $5\/mo Digital Ocean plan.<\/p>\n

Since I\u2019m familiar with it, I installed Ubuntu 14.04.2 LTS with Apache, MySQL, and PHP. I have some customizations that I made to make it consistent with my current server.<\/p>\n

Users, Permissions, and Groups<\/h3>\n

The first thing I did was log in as root and create a new user\u2014me and add myself to the sudoer\u2019s table.
\n

\n   adduser myusername\n<\/code><\/pre><\/p>\n
There are a couple of ways to do this but for now I just added my user name directly instead of creating a sudoers group like I normally do.
\n
\n    myusername ALL=(ALL:ALL) ALL\n<\/code><\/pre><\/p>\n
Without logging out of the root account, I logged in with my username and edited the \/etc\/ssh\/sshd_config. This was a test to see whether I could log in as myself and that I could edit files owned by root using sudo. I then changed PermitRootLogin  to no
\n
\n    # Authentication:\n    PermitRootLogin no\n<\/code><\/pre>
\nTo get the changes to take effect, I restarted the SSH daemon with sudo service ssh restart<\/i>.<\/p>\n
I like to have a group that is able to edit all of the files in www. I call this different things on different machines, e.g. ‘staff’, ‘web-admin’, ‘www’. On this machine I\u2019m using ‘www’.<\/p>\n
If you type the command groups<\/i>, you can see which groups you belong to. To add a new group you can edit the groups file or use these commands to add a group and add a member to a group.
\n
\n    sudo groupadd www\n    sudo usermod -a -G www myusername\n<\/code><\/pre><\/p>\n
Fail2ban<\/h3>\n
I don\u2019t know how they find random IP addresses to attach, but 7 minutes after installing Fail2ban it banned the first site. Installation is straightforward. I didn\u2019t make any customizations except to add my IP address and change the email address for notifications.
\n
\n    sudo apt-get install fail2ban\n    sudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local\n    sudo vi \/etc\/fail2ban\/jail.local\n    sudo service fail2ban restart\n    sudo iptables -L\n<\/code><\/pre><\/p>\n
Updating Apache<\/h3>\n
First, I updated my .profile as I described in an earlier post. Then I changed the default location for my web pages from \/var\/www\/html to \/srv\/www. First I created a www directory in srv. Then made a symlink to it in root. <\/p>\n
I want everyone in the web admin group to be able to edit the files so I ran sudo chown myusername:www www<\/i><\/p>\n
I edited the \/etc\/apache2\/apache2.conf file to change the default location to \/www and prevent directory listing\u2014I removed Indexes<\/i> from Options<\/i>.
\n
\n    <Directory \/www\/*>\n        Options FollowSymLinks\n        AllowOverride None\n        Require all granted\n    <\/Directory>\n<\/code><\/pre><\/p>\n
I don\u2019t want people to see the contents of my .inc files. Some people add the suffix .php to them to hide them, but I prefer to make them all invisible to browsers.
\n
\n# We don't want people to see .inc files\n<Files  ~ "\\.inc$">\n  Order allow,deny\n  Deny from all\n<\/Files>\n<\/code><\/pre><\/p>\n
I also don\u2019t want people to see the Subversion files from my WordPress installs and backups from old  projects that used Subversion (nowadays I use git).<\/p>\n

\n  Order deny,allow
\n  Deny from all
\n<\/Directorymatch><\/p>\n
And I don\u2019t want anyone to see .git files, although best practice says don\u2019t put them in document root.<\/p>\n

\n  Order deny,allow
\n  Deny from all
\n<\/Directorymatch><\/p>\n
Since I don\u2019t have a domain name attached to this IP address, I added these lines to the bottom of the conf file.
\n
\n    # Suppress the warning message when restarting Apache until we get a FQDN\n    ServerName localhost\n<\/code><\/pre><\/p>\n
I have a couple of templates for websites so I put one in the www directory for testing. Then I changed the DocumentRoot in 000-default.conf to that directory and restarted Apache. <\/p>\n
Miscellaneous<\/h3>\n
I don\u2019t plan to use a database for these websites, but I decided to set up MySQL and PhpMyAdmin. I followed the instructions at Digital Ocean<\/a> to change the root password and add myself as a user.<\/p>\n
phpMyAdmin install is straightforward, except that you need to add this line:
\n
\nInclude \/etc\/phpmyadmin\/apache.conf\n<\/code><\/pre>
\nto the end of your \/etc\/apache2\/apache2.conf and restart Apache\u2014even if you are running the latest version of Ubuntu LTS.<\/p>\n
Then I installed git using the command sudo apt-get install git-core.<\/p>\n
Finally, I often convert MySQL databases to SQLite databases for use in Apple Apps so I installed SQLite.
\n
\n    apt-get install php5-sqlite\n    sudo apt-get install sqlite3\n<\/code><\/pre><\/p>\n","protected":false},"excerpt":{"rendered":"
Most of my websites are low volume and so I host them on the same VPS at Linode. For a new project, I decided to put the websites on a separate VPS. I spent a day researching the current choices and you probably won\u2019t go wrong with any of them. For me, it came down … Continue reading Spinning up a new Virtual Machine<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-2257","post","type-post","status-publish","format-standard","hentry","category-programming"],"_links":{"self":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/2257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2257"}],"version-history":[{"count":1,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/2257\/revisions"}],"predecessor-version":[{"id":3104,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/2257\/revisions\/3104"}],"wp:attachment":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}