Optimizing Your Headway Powered Site – Server Setup

Getting Our Server Ready

Introduction

This is the first tutorial in our series on Optimizing Your Headway Powered site that will actually cover pieces we touched on in the previous intro article.

Today we will be going over getting a server started and setup with some of the basics. Since we are going to be running WordPress on our server we need to take a look at their requirements.

WordPress Requirements:

* PHP Version 5.2.4 or greater
* MySQL Version 5.0 or greater

WordPress does recommend that you use either Apache or Nginx as a http server. When we get into our later tutorials we will be taking a look at Apache and Nginx as separate ways to configure them.

That’s pretty much it. The requirements for running WordPress are pretty simple. With that we can get a server up and running and get WordPress installed.

Digital Ocean

Before we get too far ahead of ourselves though, we need to start at the very beginning. The beginning is to get a server running. We’ll be using Digital Ocean for this series as it provides us with everything we need and it’s super cheap (with the lowest option just $5.00/month.).

If you want to skip setting up an account on Digital Ocean, due to having your own VPS hosting company, please feel free to skip this section. We’ll just be walking through the process to get that setup. The OS we’re going to use for the tutorial is Ubuntu 12.10 x64 (feel free to use a variation) since it’s a common server OS that’s available all over. If you are comfortable using a different version or different OS, go ahead and do so. Our commands just might be a bit different.

To get started with Digital Ocean we just need to create an account:

digital-ocean-account-signup

With our account created we need to do a few house keeping tasks like update our billing. Once our billing information is updated we can create our first “Droplet” or VPS Server. For billing they offer a few different ways to pay.

digital-ocean-billing

After you’ve got your billing information added, you’re ready to create your first droplet. Click the Green Create button and fill out the form.

digital-ocean-new-server

I went ahead and selected the lowest option because at this point in time we’re not sure what kind of traffic we are going to get. From my experience, I’ve been able to run a site that gets about 10k pageviews per day on this size server and it doesn’t seem to have an issue. Will it survive a Slashdot/Reddit/Digg traffic spike, I would guess it would stay up, but the response time might be a little slow. We’ll get to that later on though.

Next we get to select the region that we want our server in. This is pretty neat because Digital Ocean currently has 3 datacenters where we can put our servers. I’ll leave these selection up to you. Since I’m in the midwest, I typically pick the New York 2 region.

Under the “Select Image” section, we’re going to go ahead and select Ubuntu 12.10 x64. You could select any Ubuntu version as long as it’s 12.x or higher and the non-desktop version and you should be fine.

Alright, finally click the create droplet button and it will create our new server. This process to create our server takes about a minute. When we are done, we’ll get an email with the IP address and the password for the root user.

Initial Setup

Let’s recap a second. So far, we’ve created an account on Digital Ocean. We’ve added our billing information and setup our first Droplet running Ubuntu 12.10 x64. We should have gotten our email and are ready to login to our server via SSH.

Basic Tasks

When we first access a new server, it’s barebones. Think of getting a new desktop/laptop. It’s the OS only and you get to start installing all of our favorite programs. A new server is very much the same way, just a different way of accessing it.

Step One — Accessing your Server via Root Login

Remember that email we got telling us about our new droplet? Well we need to grab that IP address and password because we are going to use it right now.

To access our new server we need a command prompt. For Macs you can open Terminal, I recommend finding it via Spotlight (it’s under Applications > Utilities) and then adding it to your dock if you haven’t already. For Windows users I would download PuTTY, a free Windows SSH client.

Go ahead and open your command prompt and we’re going to type in the following:

ssh root@145.234.33.23

*Make sure to replace the IP address with the one from the email.

Your terminal will show something like:
ssh-login

We want to go ahead and type yes, and then enter your root password. Remember this was in your email.

Step Two — Changing Roots Password

Alright so on any new server I start up, the first thing I want to do is to reset the password. While we are in command prompt and logged in, we can change it.

Type the following into your command prompt and follow the on screen instructions:

passwd

Step Three — Create a New User

I never like to login with the root user account via SSH. The biggest reason is that if someone were to get ahold of that account, they could reak havoc on your server. So I like to use a different account. In this step we are going to create a new user for you. Here’s I’m suggesting you use your name, e.g. ajmorris

adduser ajmorris

After you set the password, you do not need to add any of the additional information about the user but you can if you want.

add-ssh-account

Step Four — Root Privileges

So far only root has all the administrative capabilities. We need our new user to have those privileges so we’re going to give them to the user here.

Basically what this means is that when you want to run any tasks with your new user as the root user, you will need to use “sudo” before the command. There’s 2 reasons for doing this. The first is that it prevents the user from making any bad mistaks and the second is that all the command run with sudo gets stored in /var/log/secure which can be reviewed later if you forgot what you ran.

OK so we need to go edit the sudo configuration. Ubuntu comes with a default editor called ‘nano’ so we can run the following command:

visudo

This brings up the file and you’ll need to find the section called User privilege specification. It should look like this:

ssh-root

Under “root”, add the same thing you see above, instead of using root as the username though, we need to use the one we created above. So it should look like this:

ajmorris ALL=(ALL:ALL) ALL

Next, hold ctrl + x to exit the file.

You’ll need to press ‘Y’ to save, press enter, and the file will save in the proper place. This process is going to be the same for editing other files.

Step Five — Configure SSH (This is Optional)

Keeping in mind that we need to keep our server secure, here are a couple of optional steps that will help you in the long run. Something to keep in mind is that changing the port and restricting root login may making logging in more difficult in the future. If you misplace this information, it could be nearly impossible to log back in.

To make the change we need to open the configuration file:

nano /etc/ssh/sshd_config

Find the next couple of sections and change the information where applicable:

Port **23049**
 Protocol 2
 PermitRootLogin no

Port: Although port 22 is the default, you can change this to any number between 1025 and 65536. I typically pick a random number and use that for every server. To help you remember (or not remember) in Terminal you can create aliases for commands. To learn how to do that visit, http://osxdaily.com/2011/04/11/use-aliases-to-create-ssh-shortcuts/. This change alone will make it a little harder to keep unauthorized people away.

PermitRootLogin: This is exaclty what is says. By changing this to ‘no’ it will stop future root login. You will only be able to login as the new user.

A little farther in the configuration, we need to find ‘AllowUsers’ so that we can add our user to allow us to login.

AllowUsers **ajmorris**

Now save the file and exit.

Step Six — Reload and Go!

Alright, so we are almost done with setting up our user account. We need to reload SSH so that it will implement all these changes. Type:

reload ssh

Now we want to test these changes before logging out of root, so open a new terminal windows and login with your new user. Remember to add the port number!

ssh -p 23049 ajmorris@192.241.163.223

Your prompt should now have something like:

[ajmorris@server-name ~]$

Further Steps

While we are done securing our droplet with SSH, we can continue to improve the security by installing programs like Fail2Ban or Deny Hosts, to help prevent brute force attacks.

In our next tutorial we are going to finish securing our server and we’ll get it all updated so that we can starting installing the LAMP stack. LAMP stands for Linux, Apache, MySQL, PHP. 🙂

Spread the word!

One Response

Leave a reply

Copyright © 2016 Vesped Inc. All Rights Reserved. Proudly Powered by Headway and WordPress