Set up a new Virtual Private Server (VPS)

Please note, these commands and steps have worked for me. I know a small bit about servers but not enough to take responsibility for anything in this post - enter the commands at your own risk!

I recently acquired a cheap VPS. The thing that is different with a VPS compared to a "hosting" package is that it is complete bare bones. You can choose to install Windows or Linux or anything on it. The problem with this is that it's bare bones. It's your responsibility to keep it up to date and safe!

The following commands are ones I run to set up a new Virtual Private Server with Debian. I have set up these servers for personal projects and repo hosting, so they are not getting hit by big amounts of traffic. If you're expecting that, you should probably get someone proper to do this for you!

All the following commands assume you are logged in as the root user and you have command line experience

Table of contents #

Install Packages #

Before you start (once debian is fully installed), make sure all the base packages are up to date:

$ apt-get update && apt-get upgrade

Once updated, I like to install some basic (expected) components:

$ apt-get install apache2 apache2-doc apache2-utils php5-common libapache2-mod-php5 php5-cli php5-curl curl git ntp rsync cron host telnet 

This list includes:

  • apache {& utils} (this is the web server fundamentals)
  • php {& utils}
  • curl (to get files)
  • git
  • ntp (to make sure your server us the right time)
  • rsync
  • cron (for cronjobs)

Install MySQL and phpMyAdmin #

Chances are you are going to want to have some sort of MySQL database - to do so, install it

$ apt-get install mysql-server phpmyadmin

When installing phpMyAdmin, you'll be asked a few questions

  • Select Apache2 for the server
  • Choose YES when asked about whether to Configure the database for phpmyadmin with dbconfig-common
  • Enter your MySQL password when prompted
  • Enter the password that you want to use to log into phpmyadmin

Once MySQL has installed, you need to run the configuration tool. During this, it's most likely you will want to say yes to all the questions.

$ mysql_secure_installation

and include the phpMyAdmin config file:

Include /etc/phpmyadmin/apache.conf

Save and close and restart apache

$ service apache2 restart

To continue phpMyAdmin installation, edit the apache2 config file:

$ vim /etc/apache2/apache2.conf

You should now be able to go to /phpmyadmin.

If you would like to secure your phpMyAdmin installation, Digital ocean have a great guide.

Enable Bash Colours #

This is the most important bit - make things pretty. Edit the global bashrc file

$ vim /etc/bash.bashrc

And add the following lines

export LS_OPTIONS='--color=auto'
eval "`dircolors`"
alias ls='ls $LS_OPTIONS'

Set the time #

dpkg-reconfigure tzdata

Updates and Upgrades #

You may wish to ensure your VPS is kept up to date (for security reasons). The following commands are quite brutish but seem to work quite well

First, install unattended-upgrades - this auto updates many packaes for you.

$ apt-get install unattended-upgrades apt-listchanges

I've stuck with the default config but if you wanted to change it, you can find it here:

$ vim /etc/apt/apt.conf.d/50unattended-upgrades

Next, put a cron to run once a day with the following command:

$ DEBIAN_FRONTEND=noninteractive apt-get -qq update && DEBIAN_FRONTEND=noninteractive apt-get -y --force-yes -qq dist-upgrade && apt-get autoclean

If you don't SSH in as root, you'll want to add some sudo commands at the beginning and after every &&.

Install Composer #

$ wget --no-check-certificate https://getcomposer.org/composer.phar
$ mv composer.par /usr/local/bin/composer
$ chmod +x /usr/local/bin/composer

Install Node & npm #

Double check the url on the node website

$ curl -sL https://deb.nodesource.com/setup_6.x | bash -
$ apt-get install nodejs
$ npm install npm -g

Disable root password #

The following disables the password login with the root username and instead relys on SSH keys. If you are not sure what an SSH key is or how to generate one, read the GitHub tutorial.

First, add your key to the authorized_keys file.

On your computer, run:

$ cat ~/.ssh/id_rsa.pub

Copy the output, now on your VPS:

$ mkdir ~/.ssh
$ vim ~/.ssh/authorized_keys

Next, edit the ssh config:

$ vim /etc/ssh/sshd_config

Look for PermitRootLogin yes and change to

PermitRootLogin without-password

Restart the current ssh service but make sure you stay logged in - just in case it does't work

/etc/init.d/ssh restart

In a new tab, ssh into your VPS. If it doesn't ask for a password - assume it worked!

Serving up websites #

This bit is a bit more convoluted. To save you having to edit apache conf files every time you want a new website, the following code takes the domain name and looks for a folder in /var/www/vhosts/ and will serve files found in a html folder inside that.

E.g. mikestreety.co.uk would display /var/www/vhosts/mikestreety.co.uk/html/index.html

This allows you to do subdomains easily too.

First, install the vhost_alias module

$ a2enmod vhost_alias

Next, create a .conf file in the sites-available folder

$ vim /etc/apache2/sites-available/websites.conf

Copy and paste the below into your new conf file.

<VirtualHost *:80>

	DocumentRoot /var/www/vhosts/
	VirtualDocumentRoot /var/www/vhosts/%0/html
	ServerAdmin [email protected]

	LogLevel error
	ErrorLog /var/log/apache2/error.log
	CustomLog /var/log/apache2/access.log combined

	<Directory "/var/www/vhosts/*/html">

		DirectoryIndex index.php index.html index.htm
		AllowOverride All
		Options -Indexes

	</Directory>

</VirtualHost>

Disable the default site conf

$ a2dissite 000-default.conf

Enable, your new conf file

$ a2ensite websites.conf

Lastly, restart apache

$ service apache2 restart

Make your folder structure (e.g. /var/www/vhosts/mikestreety.co.uk/html/) and as long as the domain name is pointed to your server, it should show in the browser.

Serving up websites over HTTPS with an origin certificate #

In some instances, you may wish to serve up sites over HTTPS. On a basic level, this can be done with Cloudflare. Cloudflare offers free SSL certificates and when set in the "flexible" mode, however, there may be the instance where you want a full certificate from server to user. In this instance, you can still use Cloudflare's free SSL certificate.

Log in to Cloudflare and go to the Crypto section of your domain. Find the Origin Certificates section and click create certificate. Follow the prompts until you get presented with both the origin certificate and private key.

Create two files on your server, one for the certificate and one for the key - copy and paste the two codes.

Next, edit your conf file and add the following to the bottom. You will need to know the path to your web root, as well as the domain.

Replace [[WEBROOT]] with the absolute path to your website (e.g. /var/www/vhosts/domain/html) and [[URL]] with your website address (without the https://)

<VirtualHost *:443>
    DocumentRoot   [[WEBROOT]]
    ServerName     [[URL]]
    SSLEngine      on
    SSLCertificateFile        /path/to/origin/cert.crt
    SSLCertificateKeyFile     /path/to/private/key.key

    <Directory "[[WEBROOT]]">
        DirectoryIndex index.php index.html index.htm
        AllowOverride All
        Options -Indexes
    </Directory>
</VirtualHost>

Once saved, restart apache

$ service apache2 restart

Lastly, head back to Cloudflare and, under the Crypto section, change SSL from flexible to full.

Apache modules #

There are many modules available for apache which are not installed by default. To do so, you can use the a2enmod command. By default, you should enable the following:

  • rewrite - allows .htaccess rewrites to work
  • ssl - allows SSL to work
  • headers - allows headers to be sent in the .htaccess file.

To enable any of these, run the command followed by the module name

$ a2enmod headers

once run, you will need to restart apache.

To get a list of all the modules available, cd to /etc/apache2/mods-available and run ls.

References #

Mike Street

Written by Mike Street

Mike is a front-end developer from Brighton, UK. He spends his time writing, cycling and coding. You can find Mike on Twitter.