| |
home_server:web_server_setup [2022-08-28 Sun wk34 08:30] – [LetEncrypt Certificate Settings] baumkp | home_server:web_server_setup [2023-04-30 Sun wk17 17:43] (current) – external edit 127.0.0.1 |
---|
{{tag>linux debian apache web server php certbot letsencrypt nextcloud cloud vm virtual machine kvm proxy reverse proxy gid uid vipw vigr group id user id}} | {{tag>linux debian apache apache2 httpd web server php certbot letsencrypt nextcloud cloud vm virtual machine kvm proxy reverse proxy gid uid vipw vigr group id user id}} |
======Web Server setup====== | ======Web Server setup====== |
=====Basic Web Server setup on VM===== | =====Basic Web Server setup on VM===== |
++++ | ++++ |
''Usage: changeUID.sh [username] [oldUID] [newUID]''\\ | ''Usage: changeUID.sh [username] [oldUID] [newUID]''\\ |
| |
\\ | \\ |
| |
Seems there are tools to directly manually edit the **/etc/group** and **/etc/passwd** files and their shadow files. The commands are ''sudo vipw'' and ''sudo vigr''. | Seems there are tools to directly manually edit the **/etc/group** and **/etc/passwd** files and their shadow files. The commands are ''sudo vipw'' and ''sudo vigr''. |
| |
---- | ---- |
=====LDPA===== | =====LDPA===== |
*To change the Hosename: ''sudo hostnamectl set-hostname New_Hostname'' | *To change the Hosename: ''sudo hostnamectl set-hostname New_Hostname'' |
*Ubuntu as 18.04 and up to 20.4 complicates further, another file needs to be modified to prevent automated changes, if present the file ''sudo vim /etc/cloud/cloud.cfg'', configuration variable within must be changed as follow: ''preserve_hostname: true'' | *Ubuntu as 18.04 and up to 20.4 complicates further, another file needs to be modified to prevent automated changes, if present the file ''sudo vim /etc/cloud/cloud.cfg'', configuration variable within must be changed as follow: ''preserve_hostname: true'' |
*Last the /etc/hosts file should be updated to include the Hostname, this is same procedure as previous | *Last the ''/etc/hosts'' file should be updated to include the Hostname, this is same procedure as previous |
*127.0.0.1 localhost | *127.0.0.1 localhost |
*127.0.0.1 New_Hostname | *127.0.0.1 New_Hostname |
*Additional system hosts can be placed in "/etc/hosts" to provide basic local host name resolution. I prefer to install a separate DNS server to provide this functionality. | *Additional system hosts can be placed in ''/etc/hosts'' to provide basic local host name resolution. I prefer to install a separate DNS server to provide this functionality. |
====Apache2 Setup==== | ====Apache2 Setup==== |
*Copy the current html files to the proposed new location: ''sudo rsync -av /var/www/html /mnt/shared/www16/'' | *Copy the current html files to the proposed new location: ''sudo rsync -av /var/www/html /mnt/shared/www16/'' |
- Check configuration files with: ''sudo apachectl configtest'' | - Check configuration files with: ''sudo apachectl configtest'' |
- After changes are made reload or restart apache2: ''sudo systemctl reload apache2'' or ''sudo systemctl restart apache2'' | - After changes are made reload or restart apache2: ''sudo systemctl reload apache2'' or ''sudo systemctl restart apache2'' |
| To further add to confusion it would seem some Linux distributions refer to ''httpd'' instead of ''apache2'', e.g.: |
| * ''/etc/httpd/httpd.conf'' or ''/etc/apache2/httpd.conf'' instead of ''/etc/apache2/apache2.conf'' |
| * systemd service: ''httpd.service'' instead of ''apache2.service'' |
| Note that these examples are presumption based upon documentation references. Basically Debian and related downstream distributions do not reference 'httpd'. |
=====Secure Web Server Settings===== | =====Secure Web Server Settings===== |
| |
| |
*To create a new certificate with sub-domains: ''certbot-auto --apache -d example.com -d www.example.com -d mail.example.com''. This assume that all these domains and sub-domains are existing accessible Apache web pages. | *To create a new certificate with sub-domains: ''certbot-auto --apache -d example.com -d www.example.com -d mail.example.com''. This assume that all these domains and sub-domains are existing accessible Apache web pages. |
*''certbot certonly --webroot --webroot-path /var/www/example.org -d example.org'' | *''%%certbot certonly --webroot --webroot-path /var/www/example.org -d example.org%%'' |
*To manually auto renewal: ''sudo certbot-auto renew''. Set up auto renew using a cron job. | *To manually auto renewal: ''sudo certbot-auto renew''. Set up auto renew using a cron job. |
| |
| |
**The cerbot documentation can be found at: [[https://certbot.eff.org/docs/using.html|User Guide]]** | **The cerbot documentation can be found at: [[https://certbot.eff.org/docs/using.html|User Guide]]** |
*To check systemd times: ''systemctl list-timers'' //(Cerbot used this in systemd enables systems, e.g Ubuntu 18.04)// | *To check systemd times: ''systemctl list-timers'' //(Cerbot used this in systemd enables systems)// |
*To list cerbot related certificates: ''sudo certbot certificates'' | *To list cerbot related certificates: ''sudo certbot certificates'' |
*To delete cerbot certificats not required ''%%sudo certbot delete --cert-name certname%%'' | *To delete cerbot certificats not required ''%%sudo certbot delete --cert-name certname%%'' |
*For the relocated data: ''sudo rsync -Aax /mnt/shared/temp/oc-backupdir/data /mnt/shared/www16/nextcloud/'' | *For the relocated data: ''sudo rsync -Aax /mnt/shared/temp/oc-backupdir/data /mnt/shared/www16/nextcloud/'' |
*Ensure the path to your nextcloud directory is included in the /etc/apache2/apache2.conf, e.g. statement. | *Ensure the path to your nextcloud directory is included in the /etc/apache2/apache2.conf, e.g. statement. |
===Nextcloud Updating=== | ====Nextcloud Updating==== |
*Nextcloud Stable Server Administration Manual [[https://docs.nextcloud.com/server/stable/admin_manual/maintenance/index.html|Maintenance]]. (This also discusses database management, backup and restore) | *Nextcloud Stable Server Administration Manual [[https://docs.nextcloud.com/server/stable/admin_manual/maintenance/index.html|Maintenance]]. (This also discusses database management, backup and restore) |
| ====mariadb binary log files==== |
| The mysql binary log files are located here: ''var/log/mysql''. Some time they fill up the file system and the system then fails to operate. |
| * ''sudo mysql -p -u root'' - Login in to mysql, need root password |
| * ''SHOW BINARY LOGS;'' - to list current binary log files |
| * ''%%PURGE BINARY LOGS TO 'mariadb-bin.003071';%%'' - to purge all binary log files before listed log file, in example ''%%'mariadb-bin.003071'%%'' |
| * ''%%show variables like "sql_log_bin";%%'' - to see current setting of variable ''%%"sql_log_bin"%%'' |
| * ''%%SET sql_log_bin = 0;%%'' - to set a variable |
| * ''exit'' or ^d - to exit |
| |
---- | ---- |