LEB Setup script for Debian 6 VPS - Nginx, MySQL, IPtables, etc..

Xeoncross

A couple years ago LEA created a debian install script that helped to setup a web server while removing most of the unneeded bloat.

However, the script was missing a firewall (like IPTables), used php-cgi instead of php-fpm and generally lacked some other features. Later that year, people started forking the project and adding new features and improvements.

There are two main branches at this point, sk33lz and mine. Both serve to handle server setup for you making it much easier to get going with your new VPS.

For example, here is the full process I use to setup a new VPS with my lowendscript.

# After login as root...

# Create a new user
adduser demo

# Add demo to the sudo group
usermod -a -G sudo demo

# Check that he does
groups demo 

# (from your PC) Copy your ssh-key to the server
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

# Install git so we can install our server
apt-get install git

# Download the script
git clone git://github.com/Xeoncross/lowendscript.git /root/git/

# Setup locals
dpkg-reconfigure locales

# Run it
cd /root/git
./setup-debian.sh dotdeb
./setup-debian.sh system
./setup-debian.sh dropbear 22
./setup-debian.sh iptables 22
./setup-debian.sh nginx
./setup-debian.sh php
./setup-debian.sh mysql

# Now create a site
./setup-debian.sh site example.com

After you have finished this you will have PHP, Nginx, MySQL (with InnoDB disabled), IPtables, dropbear (SSH), all setup, configured, and working. You can also create new sites and matching MySQL accounts quickly.

./setup-debian.sh site othersite.com
./setup-debian.sh mysqluser othersite.com

Those two commands will create the directories in /var/www/, nginx configs, test page, and mysql user so you can get back to developing.

Mon5t3r

just another nice thread/script from xeoncross..

i'll try this script in my KVM box and report back to you if i found some problem..

but, i'm wondering can this script use for OVZ too?

Xeoncross

@Mon5t3r, I built it for my OpenVZ box so it should work fine. In fact, I would be interested in whether it works right for your KVM.

djvdorp

Nice work!

rev3rse

Will it work for Ubuntu aswell?
I tried a Debian 6 script before, but it didn't allow me to continue(it says your OS is not supported).
Will be interested to know.

Xeoncross

I don't think so.

Most people use ubuntu because that is the first OS they start using linux on. ubuntu has a great deskop OS and is actually built on-top of Debian. Since a VPS doesn't need a GUI (or most of the applications that make ubuntu useful), there is no reason to use it when Debian has a much longer track-record of solid performance.

Basically, use Debian for servers and ubuntu for your desktop.

A minimal Debian install only uses 6MB of RAM while ubuntu uses a whole lot more.

jar

@Xeoncross said: A minimal Debian install only uses 6MB of RAM while ubuntu uses a whole lot more.

Well of course a minimal install of one uses more than a regular install of another

TheHackBox

Ubuntu only uses a lot because of extra services like upstart.

Xeoncross

@jarland I meant a minimal Debian 32bit vs minimal ubuntu 32bit install.

jar

@Xeoncross said: I meant a minimal Debian 32bit vs minimal ubuntu 32bit install.

Oh, well mine only uses 3mb so I'm confused but oh well

Adapting for Ubuntu wouldn't be difficult though. Could try it first, might not even have to be.

Pats

any stats on memory consumption after all install?

rev3rse

@Xeoncross said: I don't think so.

Most people use ubuntu because that is the first OS they start using linux on. ubuntu has a great deskop OS and is actually built on-top of Debian. Since a VPS doesn't need a GUI (or most of the applications that make ubuntu useful), there is no reason to use it when Debian has a much longer track-record of solid performance.

Basically, use Debian for servers and ubuntu for your desktop.

A minimal Debian install only uses 6MB of RAM while ubuntu uses a whole lot more.

the reason I'm using Ubuntu is because I(think) it has newer packages.
anyway, I tried it few minutes ago, it works like charm! I ran System, Nginx, PHP and MySQL. it all works!

But, the memory use is little bit high(55MB of RAM). When I done this manually I used 22~26MB, with same configuration. Do you have any idea why using more ram? even though I'm using the same configurations and less software running?

And finally, your script is really helpful, thanks for sharing it. it just got rid of some mailing software that I don't really care about. and I'm definitely using it(the script) again.

Xeoncross

@rev3rse, the majority of the memory goes to PHP-FPM and MySQL. You can change /etc/php5/fpm/pool.d/www.conf.

pm.max_children = 1
pm.start_servers = 1
pm.max_spare_servers = 1

Check free -m or htop then stop each process to see.

$ /etc/init.d/php5-fpm stop
$ htop
$ /etc/init.d/mysql stop
$ htop
$ /etc/init.d/nginx stop
$ htop

You can tweak each apps settings to your liking, the default settings try to give PHP and MySQL enough memory to perform decent.

ynzheng

so it｀s only for openvz？

telephone

@rev3rse said: the reason I'm using Ubuntu is because I(think) it has newer packages.

You don't have to use the stable packages in Debian, you can add the unstable (latest release) deb.

Soylent

If Ubuntu has newer packages it's because they basically fork Debian unstable every 6 months. I read a statistic that about 89% of the packages in Ubuntu come straight from Debian, about 7% from other upstream repos, and then other random stuff thrown in. Obviously this is mostly desktop user stuff, since that's Canonical's target audience.

The entire point of Debian Stable is to not be on the bleeding edge. If that's where you want to be, just change apt repos, and just by changing a few lines you can be ahead of Ubuntu's default packages too.

On a completely different note, it'd be cool to see a version of this that uses lighttpd instead of nginx.

yomero

@rev3rse said: the reason I'm using Ubuntu is because I(think) it has newer packages.

Also the LNMP stack has third party repositories, see dotdeb.

Mon5t3r

@Xeoncross said: I built it for my OpenVZ box so it should work fine. In fact, I would be interested in whether it works right for your KVM.

i'll do it today.. sorry i'll post a result + some test here later. any idea what kind of script for testing nginx server? does "ab" command should work for nginx aswell?

dmmcintyre3

@Mon5t3r said: does "ab" command should work for nginx aswell?

Yes.

bamnael

One of those scripts install "PHP Fast CGI" the other "PHP-FPM (v5.3+ with APC installed and configured)"
what is 'better' / the difference?

NanoG6

I'd personally choose php-fpm since it is dedicated service to manage php scripts. It is memory wise also.
http://php-fpm.org/about/

Xeoncross

@bamnael, "PHP FastCGI" was the name given to all the custom bash wrappers that ran the php-cgi binary. Anyway, the modern way is to use the php-fpm wrapper which is many times more stable, optimized, and efficient.

bamnael

Getting this error: invoke-rc.d: unknown initscript, /etc/init.d/php5-fpm not found.

Whole installog for php installer: http://pastebin.com/Hk1Mtwwg
What I installed: dotdeb -> mysql -> nginx -> php. I did not run the other installers.

Xeoncross

You have to run the commands in order. In your case, perhaps the package php5-fpm wasn't at the correct version because you had not run the system sources update.

However, the log seems to state it was installed correctly - so perhaps the location of the init script is somewhere else. What version of linux are you using?

Note, you only really have to run the following, the rest are optional:

wget --no-check-certificate https://raw.github.com/Xeoncross/lowendscript/master/setup-debian.sh
$ ./setup-debian.sh dotdeb
$ ./setup-debian.sh system

bamnael

Oh found the problem; didn't do apt-get update/upgrade after adding the other repos.
Did it and now php5-fpm is found there and got installed.
Maybe in your script you should add apt-get update/upgrade in the dotdeb part of the installer.
I for example did not run your system part of the script because I didn't want to uninstall/install the stuff your script wants to and then there is no update.

sandbox

in case someone unable to run the script,

set this:
chmod +x setup-debian.sh

Xeoncross

@bamnael said: Maybe in your script you should add apt-get update/upgrade in the dotdeb part of the installer.

Good suggestion, I'll do that since it won't hurt even if it's run twice.

fresher_06

While creating the mysqluser using the below command --

./setup-debian.sh mysqluser mysite.com

I am getting the error as --

mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: YES)'
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
MySQL Username: mysite
MySQL Password: NzQ1NzA2ZjcxY
MySQL Database: mysite

Please note I already have a root mysql user created .. what should I do now.. to add a new mysqluser using this script.

fresher_06

Got it sorted ..
By default the script reads the mysql root user from the file "~root/.my.cnf" .. since I have change the root password but didn't changed in this file, thats the reason was getting the above error.
So if anone of you just changed their mysql root passwd .. the make changes in ~root/.my.cnf as well..

Happy days

Asim

@Xeoncross said: dropbear (SSH)

Can we have this as an option? I dont like replacing openssh with dropbear

bamnael

Simply do not run setup-debian.sh dropbear...

Asim

@bamnael my bad, didn't see that its not part of "system" or something. Thanks for pointing it out

Asim

Any chances we can get the same script for Ubuntu 12.04?

Asim

How to make index.php default? right now it looks for index.html or display 403: forbidden

new to nginx, be nice

TheHackBox

@Asim I would look in the /etc/nginx/sites-enabled/default file and look for index files and make sure you setup fpm to do PHP.

Asim

Can you add this?

// look for .html then .htm then .php
index index.html index.htm index.php

server {
listen 80;
server_name www.$1 $1;
root /var/www/$1/public;
access_log /var/www/$1/access.log;
error_log /var/www/$1/error.log;

TheHackBox

How about

     location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                include fastcgi_params;
        }

EDIT: Make sure you have php5-fpm installed (apt-get install php5-fpm) and make sure it is listening on port 9000 (127.0.0.1:9000)

Xeoncross

@Asim and @TheHackBox, I'm not sure what you guys are wanting since what you just posted looks like a stripped down version of what is already there. Can you edit your posts with more information?

Edit: added support for ".htm"

TheHackBox

For some odd reason @Xeoncross he is having issues doing PHP on his nginx.

ErawanArifNugroho

maybe the php didn't see the files to be served.

sandbox

@Asim said: Any chances we can get the same script for Ubuntu 12.04?

asim, you can use this for Ubuntu 12.04 and you can skip dotdeb part. since ubuntu 12.04 already include php5-fpm on its repository.

bamnael

You still should add the apt-get update/upgrade after the dotdeb package.

Asim

@Xeoncross requests, please include phpmyadmin and wordpress installation in it

rgenzon

+1 @asim's request.

connercg

I agree with @asim this is something missing from a lot of installations, that would have a lot of value.

shaunpud

And/or sqlbuddy.com

connercg

I'm sold on SQL Buddy! Man that's slick...

Xeoncross

@Asim said: please include phpmyadmin

You should never, ever, ever run development tools like XDebug or phpmyadmin directly on the server. Instead, download it to your local development machine and follow my simple port forwarding tutorial to connect SQLBuddy, MySQL Work bench, phpMyAdmin, or anything else to your VPS server without endangering your production VPS.

When I get some time I'll look into adding Wordpress back in.

bamnael

Isn't it just possible to simply put phpmyadmin folder with an .htaccess so you first have to enter this pw? Should be pretty save then...

Pats

+1 wordpress - must :P

optional joomla/drupal

BoGs

Boooo to mysql why not have PostgreSQL in there also for the free minded non closed source people. I am just kidding thanks for your work