Migrating Everything to a Cloud VPS

Over the last six months, I undertook the project of migrating all of my web apps, sites, and other projects to a new XenHypervisor which I hosted at home for free.

I always thought of this as a transitional step. It doesn’t make sense to try to host these kinds of things at home. After all, I don’t want to be a datacenter provider, but I wanted to understand how they work before I outsourced my infrastructure to a good provider.

digital-ocean-logo

After lots of research, I decided on DigitalOcean (Referral Link) as the best option. It’s only $5/month and I don’t have to worry about infrastructure or connectivity issues.

  • Setting up the VPS was easy and took just a few seconds. DigitalOcean makes it very simple to create the new machine, and they had the latest version of Debian as an option.
  • Next, I setup an A-Record for (vps1.cjtrowbridge.com) a new subdomain off of my main domain. This serves as a FQDN for this new VPS. (Note that this is my second VPS, I am not using a 1-based index 😛 )
  • Referencing my previous tutorial about Setting Up Debian as a LAMP Server, I configured the new machine with all the normal tools.
  • I created virtual hosts for all the sites I was migrating in and copied those files and databases over to the new VPS.
  • I used this tutorial to secure the root web directory for the VPS’ FQDN. This directory contains all the directories for the virtual hosts and tools lime PHPMyAdmin, as well as the backups for other servers. With valid credentials, this lets you see all the tools, hosts, and backups.
  • Lastly, I setup BitTorrent Sync using this tutorial in order to securely backup files across the internet.

Building the Web Application Framework Stack

This post begins at the point of having installed Debian, Apache, MySQL, and PHP and being ready to start developing web applications.

Now I need to install the technologies that facilitate some of the higher level features I will be using.

Installing and Configuring Git

First step is to install Git. This will help keep track of versioning and changes as the work progresses.

apt-get -y install git

I followed these steps to configure my local git account;

Then I setup the repository for this project by navigating to the correct directory, in this case…

cd /var/www/projects

And running the command;

git init

I am greeted with the message “Initialized empty Git repository in /var/www/projects/.git/”

Installing Node.Js

The first step is to get the install file;

curl --silent --location https://deb.nodesource.com/setup_0.12 | bash -

Then run the install;

apt-get install nodejs

Installing Bower

Bower is a package manager for web application frameworks that helps keep all our frameworks up to date, along with their dependencies. I installed it with this command;

npm install -g bower

In order to configure bower, the following commands need to be run as a user instead of root, so I used su cj to switch to my user account. And then I installed some frameworks;

bower install jquery
bower install jquery-ui
bower install bootstrap
bower install angular
bower install material-design-icons
bower install polymer

If you encounter permissions errors at this step, you may need to use something like chown -R cj:cj /var/www to give yourself ownership of the directories. I created new virtual hosts for a number of different websites I am hosting on this server, including this blog. As such, they were owned by the root account that created them, and bower was not able to access them from the user account until I made my user account the owner.

Now all I need to do in order to keep every part of the server and all my frameworks up to date is periodically run;

apt-get update && apt-get -y upgrade && npm update && bower --allow-root update

Building a XenServer at Home with a Local Repository

I have gone over the process of setting up a XenServer before, but this time there is one major difference. It will be using a local repository instead of using a NAS as an ISO repository.

This was a little tricky but not too bad.

Once I had XenServer installed and configured, I opened an SSH session on the server.

I used the following commands to create a local repository;

mkdir -p /var/opt/xen/ISO_Store

xe sr-create name-label=LocalISO type=iso device-config:location=/var/opt/xen/ISO_Store device-config:legacy_mode=true content-type=iso

Now when I open XenCenter, there was a local repository attached to the server. I renamed the repository form within XenCenter to be more clear.

local_repository

Now I can use wget to download files to the repository like so;

cd /var/opt/xen/ISO_Store

wget http://cdimage.debian.org/debian-cd/8.2.0/amd64/iso-cd/debian-8.2.0-amd64-CD-1.iso


 

Now I can create a new vm and use this local ISO! Once the download is complete, the file will be visible in the list;

 
debian_local

Migrating our Enterprise Production Environment From ESXi to Xen

When I started developing software at my current workplace, our web app server was running Turnkey Linux on Debian 6 inside a hypervisor running VMware ESXi 4.5; all of these tools were already very obsolete when I joined the development environment, and after over two years, it was time to make some changes.

debianI decided to move to a modern, open source hypervisor and the current version of Debian without the hundreds of irrelevant packages that come with Turnkey Linux.

I started by creating a new VM and installing Debian 8 with Apache, PHP and MySQL and then I migrated all the PHP scripts and the database over from the old web app VM to this new virtual server.

Now it was time to create a temporary hypervisor while I upgrade the current physical server. I found a disused workstation from the office and installed XenServer on it.

Both VMWare and Xen have a feature where you navigate to the server’s IP address in a browser and they give you a download for the desktop management tool to let you work with the server. Installing these was simple enough, then I exported all the old ESXi hypervisor’s virtual machines to OVF files, a universal standard format for virtual machine migrations.

Importing them into XenServer took A LONG TIME; I ended up leaving it overnight. But there were no problems on any of the VMs; Windows or several flavors of Linux, everything went very smoothly.

With the new VMs successfully imported, I shut down the old VMs and Started them new ones up. They took over their same static IPs and booted up as though nothing had happened.

virtualization-missingNow it was time to upgrade the old VMWare ESXi server to Xen. This process was a lot harder than I expected, and I did encounter two problems trying to get it to boot up for the first time.

Because it was an older Dual-Xeon server, it was missing an architecture feature required for some types of virtualization. It said Windows VMs might potentially have issues. This is fine for me because I am not using any Windows VMs. I looked at Dell’s website and there are no BIOS updates currently available which appear to resolve this issue. It may be impractical to use an older Dell server like this for hosting windows machines with Xen.

panicAnother problem arose because the older hyperthreading architecture threw a non-maskable interrupt parity error which caused a Kernel Panic and halted the machine. It took hours of research and work to solve this problem.

The first step was to disable hyperthreading in bios. Dell couldn’t make this simple; my server’s bios referred to it as disabling the “Logical Processor Feature.” Now the server was able to boot up, though it was only using one core on just one of its CPUs, instead of all the cores on both Xeons.

In order to prevent this Kernel panic, we need to tell the system to skip parity checks for NIM (or non-maskable interrupts). This is theoretically simple enough, but finding the bootloader configuration file proved very difficult as it was not in any of the normal places.

Once in the “Console” section of the XenCenter tool, the next step was finding the bootloader configuration file. This may differ for different versions of Xen, mine is 6.5. I eventually found the file here;

 /boot/extlinux.conf 

Find the section that looks like this…

label xe
  # XenServer
  kernel mboot.c32
  append /boot/xen.gz dom0_mem=752M,max:752M watchdog 

We need to add “nmi=ignore” into the “append” section like so;

label xe
  # XenServer
  kernel mboot.c32
  append /boot/xen.gz dom0_mem=752M,max:752M watchdog nim=ignore

After saving this file, I was able to reboot and turn the “Logical Processor Feature” back on, enabling all the cores and CPUs in the server. Then I was rewarded with a happy boot screen;

booting-up

Moving the virtual machines back to this server was as simple as moving them to the temporary one. Now everything is setup and running happily on this new, modern and open source hypervisor! 😀

Moving My Phone Number to The Cloud with Google Voice

St Thomas
Recently, I was sitting in a cafe in St Thomas and I was very frustrated to learn that even though I could browse the internet on their fast, free wifi, I was not able to call or text without spending huge amounts of money because I was outside the continental US. This struck me as insane since St Thomas is a US territory, and my phone supports wifi calling. I was determined to solve this problem when I returned home.

I landed on Google Voice as a great, mostly free solution to this and many other issues I had with the classic phone plan scenario.

Moving my number from T-Mobile to Google Voice cost me a one-time fee of $20. I was surprised when the process completed, and I received a text; the notification sound came not just from my phone, but also my laptop and desktop. I had not even considered the fact that my phone number was now accessible from any internet-connected device. I soon discovered I could not only send and receive texts, but even make and receive phone calls on any of my Android, Windows or Chrome devices.

I knew immediately that my relationship with connectedness was already different.

I have looked for a long time for a great tool that lets me send and receive my texts from a web browser, and there are lots of options. I had always used Mighty Text. The problem that all of these tools share is that they are extensions of the phone and not of the phone number. Your phone has to be on, with reception and a phone plan in order for them to work.

Google Voice provides a direct connection to my phone number from any web browser, regardless of the status of my cell phone. My phone can be off, broken, or overdue and I am totally unaffected. I can use any of my devices to call or text whenever I want. And I find that the interface I use most is the new hangouts web app. This beautiful interface provides exactly what was missing from the kind of experience I want to have with texting and with my phone number.

tmobile
I even did an experiment and turned off my mobile data for a week in Portland, Oregon; relying only on free public wifi for all my calls and texts. The only problem was when I was on transit, no wifi. I ended up keeping my unlimited data plan with T-Mobile, but I managed to get it down to just $10/month.

I cover the story of how I did that in another post.

How I Got a Free $180 Asus RT-AC68U Router

Last year, I switched to T-Mobile; a choice which has come with lots of perks. One of them was that they gave me a free router. This router supports the 802.11ac standard which means it forms very good connections to devices because of new nanotech in the antennas that allow “beam-forming” to focus the energy of the antenna towards only the devices it is connected to. Giving me a nice router benefits T-Mobile because my phone supports wifi-calling which decreases the load on their network.

I actually ended up porting my number to Google Voice which means I have unlimited free wifi texting as well as calling now, but that’s covered in another post.

asus_rt-ac68u
RT-AC68U

If you have T-Mobile, ask if you can get a free router too.

Installing Debian on a Mac Mini G4

This post is part of a larger series about Building a Cloud at Home For Free as part of building scalable web applications from the ground up. Here we are focusing specifically on installing Debian an old G4 Mac Mini. If you are trying to setup Debian in a virtual server inside Windows, check out my post Installing Virtualbox and Debian on Windows 10.

I work at a tech support company and I recently came upon a Mac Mini G4 for free which had been discarded at work as no one wanted it. At this point it was about ten years old and did not support any of the new software. I found some spare parts around the shop that were compatible and maxed out all its resources. Here’s what I ended up with;

 

apple_mac_mini_g4

  • CPU: 1.5ghz G4
  • RAM: 1gb ddr
  • HDD: 80gb pata

 

This may not sound like much, but it’s more than enough to run Debian!

My research made it clear that the right Linux distribution was going to be Debian for PowerPC. This version would work on this computer and support all the things I had in mind for it. Go over to the Debian Repository and grab the first CD of the most recent distro for “PowerPC.” Torrents are usually the fastest way to get them!

Booting To Debian Installer On The Mac

The trickiest part was figuring out how to get Debian onto the Mac Mini. The key turned out to be burning the ISO to a CD instead of trying to boot from USB as this is not supported. Also, the file system was not supported by most of the usual ISO burning tools I usually use. The only one I found that could handle burning this image’s filesystem with a working bootloader was ImgBurn which is available in Ninite. Burn that CD and put it in the Mac’s optical drive.

The first time you power on the Mac, you need to clear the “PRAM” which will prevent your new installation from booting afterwards. Hold down Command+Option+P+R immediately after the boot sound. Hold it down until you hear the sound again. Then hold down just the C button to boot from your Debian for PowerPC CD.

Installing Debian

Now it is basically just the normal setup process.

Most of the installation process is pretty self-explanatory. Choose a language, timezone, keyboard layout, etc… It goes just like any OS install. I used the hostname lamp2 as part of my larger plan and roadmap for the greater project. I am forwarding a subdomain from my website to the server cluster, so I used that domain (projects.cjtrowbridge.com) but this step can be skipped if you do not intend to setup a publicly accessible server. And this can easily be changed later.

Next setup your root password. This is the main administrative password for the “root” user account. Choose a strong password because this account has access to everything!

Next up is your user account. This is the account you will use to log into the machine whenever you may don’t need to do anything major that requires root access.

Timezone is critical to many important technologies as well as to web application frameworks working correctly. You’d be surprised how often mistakes here will create issues.

Now comes partitioning. I recommend sticking with the recommended setting of “Guided – Use Entire Disc” and then selecting just one single partition. Then it will ask you if you are sure. The default option is no, but choose yes to continue.

The installer will ask if you want to scan another disc. Select No, it is not necessary. Then select Yes to using a network mirror and go with the default options, we will come back to this in a moment. It will download any necessary files which may take a few minutes.

Here is the tricky part. It asks what you want the installer to setup for you. I recommend selecting ONLY “SSH Server” and “Standard System Utilities” from this menu.

debian_install_2

This image is of the installation happening inside windows. It is difficult to take screenshots on computers which do not have an OS installed yet, but it looks just like this!

The first step to setting up Debian is to log into the machine as root using the password you setup for your root account a moment ago.

Setup a Static IP

Use the nano text editor to edit the network configuration file by executing the following command;

nano /etc/network/interfaces

You will find something like this;

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

Comment out the old settings for the primary network interfaces and add the new lines shown below. You will need to select an IP and use the correct gateway for your network;

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp

auto eth0
iface eth0 inet static
	address 8.0.0.11
	netmask 255.255.255.0
	gateway 8.0.0.1

Hold down control+x and then press y, then enter to save your changes.

Enable SSH

Type the following command to get to the config file for SSHD, the service which allows you to remote into the terminal and access

nano /etc/ssh/sshd_config

Find the line that says PermitRootLogin with-password and change it to;

PermitRootLogin yes

Setup a Static IP

Use the text editor nano to edit the network configuration file by typing the following command;

nano /etc/network/interfaces

You will find something like this;

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

Comment out the old settings for the primary network interfaces and add the new lines shown below. You will need to select an IP and use the correct gateway for your network;

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp

auto eth0
iface eth0 inet static
	address 8.0.0.11
	netmask 255.255.255.0
	gateway 8.0.0.1

Hold down control+x and then press enter to save your changes. Type the command “reboot” into the console to restart the server and apply the changes.

Enable SSH

Type the following command to get to the config file for SSHD, the service which allows you to remote into the terminal and access

nano /etc/ssh/sshd_config

Find the line that says PermitRootLogin with-password and change it to;

PermitRootLogin yes

Save your changes.
 
Enabling root remotely is potentially a security concern as someone could brute-force the password and have root access. So we need to install fail2ban to prevent this. If too many failed attempts are made, the remote user will be banned from attempting to log into the server.

apt-get -y install fail2ban

Set APT To Online-Only

We need to set the package manager to use the online-repositories only, so it won’t be constantly asking us to insert the CD.

Type out

nano /etc/apt/sources.list

Find the line that starts with "deb cdrom"... Add a "#" at the beginning to comment it out, and then Ctrl+X to save! Simple as that.

Now let's apply all our changes by typing the command "reboot" into the console to restart the server. Now you can use putty to connect securely to the server! At this point, I switch to putty as it is much easier to work with the server through putty with the ability to copy and paste commands. This is not possible when using the console directly. Putty is free software available through Ninite or from putty's website.

At this point, I tried to install Xen from apt, but unfortunately it turns out this chip is not supported :[ So for now, I completed the rest of the LAMP setup procedures detailed here, and this is now just a normal Lamp Server.

Setting Up Debian as a Postfix Mail Server

This post is part of a larger series about Building a Cloud at Home For Free as part of building scalable web applications from the ground up. This post starts at the point of setting the server up to be able to send emails. If you still need to setup your hypervisor and virtual server or install and configure Debian, check out my post Installing Virtualbox and Debian on Windows 10.

Install Postfix

For the purposes of this post, I have chosen to install Postfix. It is a simple solution that works for what we need; sending emails directly from our server cluster. If you are trying to start an email company, this might not be the right option for you 😛

In order to install PostFix and the associated tools, run the following commands as root in debian;

apt-get -y install postfix
apt-get -y install mailutils

Once installation is complete, you will receive the following prompt;

postfix1

postfix2

In this case, I choose “Internet Site.” You will then be prompted to enter the FQDN for the site.

There are lots of options for configuring Postfix. Check out this tutorial if you want more information about postfix…

First lets edit the config file with the command;

nano /etc/postfix/main.cf

We need to make sure the following lines have the correct values. Make sure to replace yoursite.com with your fqdn.

myorigin=yoursite.com
myhostname=yoursite.com
inet_interfaces = 127.0.0.1

Because we are changing the inet_interfaces, a simple reload of postfix is not enough. We need to stop and start it in order for this change to take effect.

postfix stop
postfix start

Now we need to create a firewall rule to disable any connections to the smtp server not coming from localhost with the following command. Be careful as messing this up could be difficult to fix. What it does is create a rule to block any incoming connections to port 25 from our ethernet connection.

iptables -A INPUT -i eth0 -j REJECT -p tcp --dport 25

Now setup your webmaster address. Type the following command and you will see a list of aliases set to root. At the end, you will see root and your username. Change your username to the email you want these emails to be forwarded to, then save.

nano /etc/aliases

Type this command to save the changes to aliases.

newaliases

Type the following two commands to reload the server to let the changes take effect. Normally this step is sufficient for most changes that need to take effect other than inet_interfaces changes.

postfix reload

Now it’s time to test the server…

telnet localhost 25

You should see something like this;

root@mail1:~# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 f2.tech2u.com ESMTP Postfix (Debian/GNU)

Now send a test email! (These commands need to be entered one at a time)

mail from: 
rcpt to: 
data
To: me@myemaildomain.com
From: example@testdomain.tld
Subject: TEST SUBJECT
This is a test email sent by telnet through postfix!
.

You will then get something like “250 2.0.0 Ok: queued as EBECF8B” This means your message has been queued to send and will go out shortly! Type the command ‘quit’ to get out of telnet.

You should receive your email after just a moment!

If configured as specified, your new email server should be very secure and only accessible from localhost.

Setting up Debian as a LAMP Server

This post is part of a larger series about Building a Cloud at Home For Free as part of building scalable web applications from the ground up. This post starts at the point of setting up our LAMP stack on the a new Debian server. If you still need to setup your hypervisor, virtual server and install Debian, then check out my post Installing Virtualbox and Debian on Windows 10.

Setting Up Debian as a LAMP Server

The first step to setting up the server is to log into the machine as root using the password you setup for your root account.

Setup a Static IP

Use the text editor nano to edit the network configuration file by typing the following command;

nano /etc/network/interfaces

You will find something like this;

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

Comment out the old settings for the primary network interfaces and add the new lines shown below. You will need to select an IP and use the correct gateway for your network;

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp

auto eth0
iface eth0 inet static
	address 8.0.0.11
	netmask 255.255.255.0
	gateway 8.0.0.1

Hold down control+x and then press enter to save your changes. Type the command “reboot” into the console to restart the server and apply the changes.

Enable SSH

Type the following command to get to the config file for SSHD, the service which allows you to remote into the terminal and access

nano /etc/ssh/sshd_config

Find the line that says PermitRootLogin with-password and change it to;

PermitRootLogin yes

Save your changes.
 
Enabling root remotely is potentially a security concern as someone could brute-force the password and have root access. So we need to install fail2ban to prevent this. If too many failed attempts are made, the remote user will be banned from attempting to log into the server.

apt-get -y install fail2ban

This is a good time to reboot; then you can use putty to connect securely to the server! At this point, I switch to putty instead of using the virtual machine, as it is much easier to do the rest of this process with the ability to copy and paste commands. This is not possible when using the console directly, outside of putty. Putty is free software available through ninite or from putty’s website.

Set APT To Online-Only

We need to set the package manager to use the online-repositories only, so it won’t be constantly asking us to insert the CD.

Type out

nano /etc/apt/sources.list

Find the line that starts with “deb cdrom”… Add a “#” at the beginning to comment it out, and then Ctrl+X to save! Simple as that.

Install Apache2 With SSL

If you do not want to buy an SSL certificate, you can create your own, but it will prompt visitors that your certificate is invalid every 24 hours when they look at your page. Depending on what you are doing, either option might be appropriate, but in the spirit of doing this for free, I am demonstrating the free self-signed certificate process option.

Logged in as root, run the command;

apt-get -y update && apt-get -y upgrade

This will update all your installed packages and get you ready to run this command to install Apache2;

apt-get -y install apache2

Now enable SSL by executing the following series of commands;

a2enmod ssl
a2enmod rewrite
apt-get -y install mysql-server
a2ensite default-ssl
service apache2 reload
mkdir /etc/apache2/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

SSL will ask you several questions as shown below. The most important one is the FQDN which should be the domain name if you are using one or else the hostname or ip if you are not using a public domain.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Sacramento
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CJTrowbridge
Organizational Unit Name (eg, section) []:Projects
Common Name (e.g. server FQDN or YOUR name) []:projects.cjtrowbridge.com               
Email Address []:cj@cjtrowbridge.com

Now run this command to set the correct permissions for your new self-signed certificate;

chmod 600 /etc/apache2/ssl/*

Now you need to edit the configuration file for both SSL and non-SSL connections in Apache by running the following commands;

You will need to pick a document root. The typical default is /var/www/html but i prefer /var/www for simplicity’s sake. Just make sure it matches in both of the following files…

Most likely this will already be basically setup correctly. You will need to set the correct paths to the certificate files you created above, change ‘example.com’ to your FQDN, set the correct email address, and make sure these other lines are written somewhere in the file and not commented out with a hashtag before them.

nano /etc/apache2/sites-enabled/default-ssl.conf
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName example.com:443
        DocumentRoot /var/www

        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key

    </VirtualHost>
</IfModule>
nano /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName example.com:443
        DocumentRoot /var/www
</VirtualHost>

Run the following command to restart apache now that these changes have been saved;

service apache2 reload

Test the SSL by typing in your hostname or ip to a browser like ‘https://8.0.0.11’ You should see a warning about an invalid certificate. Select the option to proceed anyway, or in chrome type out the word ‘danger’ and it will bypass this screen for 24 hours. These warnings can be very obnoxious, and it is a tempting buy at around $50/year for a valid SSL certificate, but the 24 hour setting can also be changed in chrome in order to avoid paying for a certificate while also avoiding the warnings. :]

Install MySQL

For the purposes of this project, I will creating a separate, dedicated MySQL server. BUT, installing MySQL on this server fulfills some dependencies for PHP and Apache that can cause issues with connecting to databases, so we install it anyway by running the following command;

apt-get -y install mysql-server

You will be prompted to create a root MySQL password. Make it a strong one! After installation is done, execute the following command to run the secure installation. It will give you lots of suggestions for securing your installation.

mysql_secure_installation

Install PHP

Now we install PHP, the real heart and soul behind the web applications we will be building on this server. Type the following commands;

apt-get -y install php5 php-pear php5-mysql

Install mcrypt to enable php to use cryptography.

apt-get install php5-mcrypt
php5enmod mcrypt

cURL is required by things like wordpress, and generally good to have, so let’s install that too;

apt-get install php5-curl

Finally restart apache to let all the changes take effect;

service apache2 restart

Test Your Server!

Let’s create a phpinfo file. Run the following command;

nano /var/www/info.php

Note that depending on the path you used in setting up your SSL configuration file, the file might need to be in /var/www/html instead of /var/www/

Put the following code into the file and save it.

<?php phpinfo(); ?>

The moment of truth…

Now navigate to https://hostname/info.php

If it works, you will get a certificate error and then a page like this telling you all about your php server 😀

phpinfo

Now you’re ready to move on to Setting Up Debian as a Postfix Mail Server

Installing Virtualbox and Debian on Windows 10

This post is part of a larger series about Building a Cloud at Home For Free as part of building scalable web applications from the ground up. This post starts at the very beginning of setting up the servers. It assumes you are familiar with the game plan from the previous post mentioned above. Once we are done with this post, we will be ready to move on to Setting up a Debian LAMP Server!

We will start by setting up our hypervisor. I have chosen to use the free hypervisor Virtualbox which will host the virtual servers we setup. The first step is to download the installer from Oracle’s Virtualbox website.
https://www.virtualbox.org/wiki/Downloads

Next we install Virtualbox. I am using a Windows 10 host. This machine has an i7 processor with lots of RAM and an SSD so it should be more than capable of handling the workload we will be giving it today and in the foreseeable future. In my case, I said yes to every prompt during installation and used all the default settings while setting up Virtualbox.

virtualbox_install_done

Now that Virtualbox is installed, we need to download the installation media for the operating system we will be using. I like Debian Linux because it is fast, stable and widely supported; so I will be setting these servers up with Debian 8, the latest version at the moment.

Since we are running an i7 CPU and Windows 10 on the host machine, I could use the 64 bit version of Debian Linux as long as the host computer’s motherboard and chipset support the necessary virtualization features required by Virtualbox, but I have found that the 32 bit version is usually more stable with Virtualbox, less difficult to setup and use, and easier to find software for.

Grab the free installation ISO file from the Debian website here; (Hint: Only the first ISO is necessary, though there are lots of other ones listed. These contain optional features which we will not need. Debian will automatically get any files we need directly from their servers after we setup the base operating system, a process which requires only the first disc!)
http://cdimage.debian.org/debian-cd/8.2.0/i386/iso-cd/

While that is downloading, let’s setup our first Virtual Machine. Start by clicking “New” once Virtualbox opens up.

virtualbox_new

For 32 bit Debian Linux, it is pretty self-explanatory; we will be using the following settings to create our virtual servers;

virtualbox_2_settings

During the next few steps, the only thing I changed from the Default option was to increase the amount of RAM allocated to the server. Web applications running lots of threads can be hungry for resources! I decided to go with 2gb instead of the default 768mb. Then click next on all the prompts until you are back at the main screen and your first virtual server is waiting for you.

Now we need to change the way that Virtualbox’s networking operates by default. With your machine highlighted, click settings and then networking. Change the “Attached to” field from “NAT” to “Bridged.” This will make your server accessible to other computers within the local network.

virtualbox_3_settings

Now we need to put our Debian ISO into the virtual CD drive. Click on “Storage” on the left menu and then select the CD drive listed under “Controller: IDE.” Next click the CD icon to the far right of the menu. This will drop down a menu where we select “Choose Virtual Optical Disc File…” Now we navigate to the Debian ISO we downloaded. Click ok and the virtual disc is now in your virtual server!

Installing Debian

Ok! So here we are booting into the Debian installation disc for the first time;

debian_install_1

Most of this is pretty self-explanatory. Choose a language, timezone, keyboard layout, etc… It goes just like any OS install. I used the hostname lamp1 as part of my larger plan and roadmap for the project. I am forwarding a subdomain from my website to the server cluster, so I used that domain (projects.cjtrowbridge.com) but this step can be skipped if you do not intend to setup a publicly accessible server. And this can easily be changed later.

Next setup your root password. This is the main administrative password for the “root” user account. Choose a strong password because this account has access to everything!

Then comes your user account. This is the account you will use to log into the machine whenever you may need to.

Timezone is critical to many important technologies as well as to web application frameworks working correctly. You’d be surprised how many times mistakes here will create issues.

Now comes partitioning. I recommend using the recommended setting of “Guided – Use Entire Disc” and then selecting just one single partition. Then it will ask you if you are sure. The default option is no, but go ahead and choose yes.

The installer will ask if you want to scan another disc. Select No, it is unnecessary. Then select Yes to using a network mirror and go with the default options. It will download any necessary files which may take a few minutes.

Here is the tricky part. It asks what you want the installer to setup for you. I recommend selecting ONLY “SSH Server” and “Standard System Utilities” from this menu.

debian_install_2

Lastly, it will ask you about the boot loader. You want to install the GRUB boot-loader just like normal. Then it will ask where, there will only be two options. /dev/sda or else enter a location manually. Choose the /dev/sda option and click continue!

Your shiny new Debian install should reboot and be ready to move on to setting it up as a server!

Now we are ready to move on to Setting up a Debian LAMP Server!