| |
| home_server:web_server_setup [2022-06-28 Tue wk26 05:02] – [Install FluxBB] baumkp | home_server:web_server_setup [2023-04-30 Sun wk17 17:43] (current) – external edit 127.0.0.1 |
|---|
| {{tag>linux debian apache web server php certbot letsencrypt nextcloud cloud vm virtual machine kvm proxy reverse proxy gid uid vipw vigr group id user id}} | {{tag>linux debian apache apache2 httpd web server php certbot letsencrypt nextcloud cloud vm virtual machine kvm proxy reverse proxy gid uid vipw vigr group id user id}} |
| ======Web Server setup====== | ======Web Server setup====== |
| =====Basic Web Server setup on VM===== | =====Basic Web Server setup on VM===== |
| ++++ | ++++ |
| ''Usage: changeUID.sh [username] [oldUID] [newUID]''\\ | ''Usage: changeUID.sh [username] [oldUID] [newUID]''\\ |
| |
| \\ | \\ |
| | |
| Seems there are tools to directly manually edit the **/etc/group** and **/etc/passwd** files and their shadow files. The commands are ''sudo vipw'' and ''sudo vigr''. | Seems there are tools to directly manually edit the **/etc/group** and **/etc/passwd** files and their shadow files. The commands are ''sudo vipw'' and ''sudo vigr''. |
| | |
| ---- | ---- |
| =====LDPA===== | =====LDPA===== |
| *To change the Hosename: ''sudo hostnamectl set-hostname New_Hostname'' | *To change the Hosename: ''sudo hostnamectl set-hostname New_Hostname'' |
| *Ubuntu as 18.04 and up to 20.4 complicates further, another file needs to be modified to prevent automated changes, if present the file ''sudo vim /etc/cloud/cloud.cfg'', configuration variable within must be changed as follow: ''preserve_hostname: true'' | *Ubuntu as 18.04 and up to 20.4 complicates further, another file needs to be modified to prevent automated changes, if present the file ''sudo vim /etc/cloud/cloud.cfg'', configuration variable within must be changed as follow: ''preserve_hostname: true'' |
| *Last the /etc/hosts file should be updated to include the Hostname, this is same procedure as previous | *Last the ''/etc/hosts'' file should be updated to include the Hostname, this is same procedure as previous |
| *127.0.0.1 localhost | *127.0.0.1 localhost |
| *127.0.0.1 New_Hostname | *127.0.0.1 New_Hostname |
| *Additional system hosts can be placed in "/etc/hosts" to provide basic local host name resolution. I prefer to install a separate DNS server to provide this functionality. | *Additional system hosts can be placed in ''/etc/hosts'' to provide basic local host name resolution. I prefer to install a separate DNS server to provide this functionality. |
| ====Apache2 Setup==== | ====Apache2 Setup==== |
| *Copy the current html files to the proposed new location: ''sudo rsync -av /var/www/html /mnt/shared/www16/'' | *Copy the current html files to the proposed new location: ''sudo rsync -av /var/www/html /mnt/shared/www16/'' |
| - Check configuration files with: ''sudo apachectl configtest'' | - Check configuration files with: ''sudo apachectl configtest'' |
| - After changes are made reload or restart apache2: ''sudo systemctl reload apache2'' or ''sudo systemctl restart apache2'' | - After changes are made reload or restart apache2: ''sudo systemctl reload apache2'' or ''sudo systemctl restart apache2'' |
| | To further add to confusion it would seem some Linux distributions refer to ''httpd'' instead of ''apache2'', e.g.: |
| | * ''/etc/httpd/httpd.conf'' or ''/etc/apache2/httpd.conf'' instead of ''/etc/apache2/apache2.conf'' |
| | * systemd service: ''httpd.service'' instead of ''apache2.service'' |
| | Note that these examples are presumption based upon documentation references. Basically Debian and related downstream distributions do not reference 'httpd'. |
| =====Secure Web Server Settings===== | =====Secure Web Server Settings===== |
| |
| *To update the repositories including the newly added Certbot ones: ''sudo apt update'' | *To update the repositories including the newly added Certbot ones: ''sudo apt update'' |
| *To install Certbot: ''sudo apt install certbot'' | *To install Certbot: ''sudo apt install certbot'' |
| | DigitalOcean has Ubuntu 20.04 setup, [[https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04|How To Secure Apache with Let's Encrypt on Ubuntu 20.04]]. |
| ++++ | ++++ |
| DigitalOcean has Ubuntu 20.04 setup, [[https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04|How To Secure Apache with Let's Encrypt on Ubuntu 20.04]]. Once setup, the basic commands are: | To install Certbot: ''sudo apt install certbot'' (Unfortunately Cerbot site recommends use of snap package, unbelievable.....)\\ |
| | Make sure the basic web site domain/sub-domain is working and accessible off internet.\\ |
| | I now prefer to use the following instructions, [[https://workaround.org/ispmail/bullseye/tls-encryption-key-and-certificate/|Creating a TLS encryption key and certificate]]. Once setup, the basic commands are: |
| |
| *To create a new certificate with sub-domains: ''certbot-auto --apache -d example.com -d www.example.com -d mail.example.com''. This assume that all these domains and sub-domains are existing accessible Apache web pages. | *To create a new certificate with sub-domains: ''certbot-auto --apache -d example.com -d www.example.com -d mail.example.com''. This assume that all these domains and sub-domains are existing accessible Apache web pages. |
| | *''%%certbot certonly --webroot --webroot-path /var/www/example.org -d example.org%%'' |
| *To manually auto renewal: ''sudo certbot-auto renew''. Set up auto renew using a cron job. | *To manually auto renewal: ''sudo certbot-auto renew''. Set up auto renew using a cron job. |
| |
| |
| **The cerbot documentation can be found at: [[https://certbot.eff.org/docs/using.html|User Guide]]** | **The cerbot documentation can be found at: [[https://certbot.eff.org/docs/using.html|User Guide]]** |
| *To check systemd times: ''systemctl list-timers'' //(Cerbot used this in systemd enables systems, e.g Ubuntu 18.04)// | *To check systemd times: ''systemctl list-timers'' //(Cerbot used this in systemd enables systems)// |
| *To list cerbot related certificates: ''sudo certbot certificates'' | *To list cerbot related certificates: ''sudo certbot certificates'' |
| *To delete cerbot certificats not required ''%%sudo certbot delete --cert-name certname%%'' | *To delete cerbot certificats not required ''%%sudo certbot delete --cert-name certname%%'' |
| *For the relocated data: ''sudo rsync -Aax /mnt/shared/temp/oc-backupdir/data /mnt/shared/www16/nextcloud/'' | *For the relocated data: ''sudo rsync -Aax /mnt/shared/temp/oc-backupdir/data /mnt/shared/www16/nextcloud/'' |
| *Ensure the path to your nextcloud directory is included in the /etc/apache2/apache2.conf, e.g. statement. | *Ensure the path to your nextcloud directory is included in the /etc/apache2/apache2.conf, e.g. statement. |
| ===Nextcloud Updating=== | ====Nextcloud Updating==== |
| *Nextcloud Stable Server Administration Manual [[https://docs.nextcloud.com/server/stable/admin_manual/maintenance/index.html|Maintenance]]. (This also discusses database management, backup and restore) | *Nextcloud Stable Server Administration Manual [[https://docs.nextcloud.com/server/stable/admin_manual/maintenance/index.html|Maintenance]]. (This also discusses database management, backup and restore) |
| | ====mariadb binary log files==== |
| | The mysql binary log files are located here: ''var/log/mysql''. Some time they fill up the file system and the system then fails to operate. |
| | * ''sudo mysql -p -u root'' - Login in to mysql, need root password |
| | * ''SHOW BINARY LOGS;'' - to list current binary log files |
| | * ''%%PURGE BINARY LOGS TO 'mariadb-bin.003071';%%'' - to purge all binary log files before listed log file, in example ''%%'mariadb-bin.003071'%%'' |
| | * ''%%show variables like "sql_log_bin";%%'' - to see current setting of variable ''%%"sql_log_bin"%%'' |
| | * ''%%SET sql_log_bin = 0;%%'' - to set a variable |
| | * ''exit'' or ^d - to exit |
| |
| ---- | ---- |