First, update the packages;
sudo apt-get update && sudo apt-get upgrade
Set up initial applications;
sudo apt-get -y install unzip fail2ban apache2 mysql-server php5 php5-curl php-pear php5-mysql php5-mcrypt screenfetch htop nload curl git ntp freetds-common freetds-bin unixodbc php5-sybase && sudo php5enmod mcrypt && sudo a2enmod rewrite && sudo service apache2 restart && sudo mysql_secure_installation
Set Up SMTP Email with Postfix
Create firewall rule to block smtp access (This is redundant because we will configure SMTP for loopback access only);
sudo iptables -A INPUT -i eth0 -j REJECT -p tcp –dport 25
Install Postfix;
sudo apt-get -y install postfix && sudo apt-get -y install mailutils
Edit postfix config file;
sudo nano /etc/postfix/main.cf
Change “inet_interfaces = all” to “inet_interfaces = 127.0.0.1” allowing only loopback requests. This is in addition to the firewall which prevents outside access.
Edit aliases list;
sudo nano /etc/aliases
Append this to the end and save;
root email@domain.com
Run this to apply the changes;
sudo newaliases && sudo postfix stop && sudo postfix start
Edit the default virtualhost
sudo nano /etc/apache2/sites-available/000-default.conf
Set the ServerName to the fqdn. Save and restart apache2;
sudo service apache2 restart
Edit aptitude’s sources list;
sudo nano /etc/apt/sources.list
Set Up LetsEncrypt for SSL/HTTPS
Install LetsEncrypt Certbot;
sudo apt-get install python-certbot-apache -t jessie-backports
(This may require extra steps. The Debian default aptitude sources list does not contain backports, but the default Azure list does.)
Run Certbot to install HTTPS;
sudo apt-get install python-certbot-apache -t jessie-backports
Create a credential set with some high-entropy username and password combination. I like to use a 32-bit random key for both. This will only be transmitted through an SSL 1.2 connection with LetsEncrypt, so it’s very safe;
sudo htpasswd -c /etc/apache2/.htpasswd [Username]
Edit the ssl-virtualhost and add this within the virtualhost tag;
<Directory “/var/www/”>
AuthType Basic
AuthName “Restricted Content”
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
Add this to the end of the end of the file, outside the virtualhost tag in order to enable htaccess if you’re going to need that;
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Restart Apache;
sudo service apache2 restart
Set Up PHPMyAdmin
PHPMyAdmin can also be installed via aptitude, but that exposes it publically and there is some potential for exploits down the road. This way you can;t access it until you get past the virtualhost password we set up earlier.
Head over to PHPMyAdmin and clone the current version into the /var/www directory;
sudo wget https://files.phpmyadmin.net/phpMyAdmin/[Version]/phpMyAdmin-[Version]-all-languages.zip
Unzip it;
sudo unzip phpMyAdmin-[Version]-all-languages.zip
PHPMyAdmin It will prompt you for a blowfish secret. Navigate to its directory and copy the sample config file;
sudo cp config.sample.inc.php config.inc.php
Open the new file and look for this line…
$cfg[‘blowfish_secret’] = ”;
I wrote a tool which comes up with a perfectly sized high-entropy string to put here. Check it out.
Once that is entered, navigate to the sql/ directory within the PHPMyAdmin folder and run this to set the tables up. It will prompt you for the password you set up earlier;
sudo mysql -u root -p < create_tables.sql
I Made This Simple Stats Tool
VPS-Home is a simple tool I made some time ago which shows a few important things. It shows the free space on the disk, the disk utilization for each directory within /var/www and the top running processes at the moment, along with the runtime and motd.
Install it by simply downloading it into the virtualhost we made;
sudo wget https://raw.githubusercontent.com/cjtrowbridge/vps-home/master/index.php
Connect to MSSQL
We installed FreeTDS which allows for tabular data-stream connections to Microsoft SQL Server from PHP5.
Test it with this command;
tsql -H [host/ip] -p [port] -U [username] -P [password] -D [database]
You should see something like this;
locale is “en_US.UTF-8”
locale charset is “UTF-8”
using default charset “UTF-8”
Default database being set to [database]
1>
If you see something about “Unable to connect: Adaptive Server is unavailable or does not exist” that is ok too. Edit /etc/freetds/freetds.conf and add this to the end;
[nickname]
host = [host/ip]
port = [port]
tds version = 7.0
Your version may vary. For MS SQL Server 2008, this was the version I used.
Now you can use mssql_query() in PHP5
to build server applications with Microsoft SQL Server!