For a side project, I’m using cheap server from these guys:

http://buyvm.net/

I’ve decided that since it’s for development, I’d rather use Apache instead of NgineX. NgineX is much better than Apache when it comes to memory usage and performance, but Apache is a little easier to organize thanks to .htaccess files. And since Ludum Dare runs and will continue to run Apache for a while, I’ve decided to make my life working on both projects a little simpler.

For my reference, the following are my setup notes for the server.

0. Nuking the server

The old NgineX install is now gone. Replaced with a fresh Ubuntu 14.04 OpenVZ image. I believe it’s the Ubuntu 14.04 Minimal image from here:

http://wiki.openvz.org/Download/template/precreated

SSH’ing in, I need to remember to get the login from the control panel. I also specifically only allowed my own IP address to SSH in to the server, using the Remote Access Policy “Only Allowed IPs”.

Now we can begin.

1. Preamble

SSH in. I am groot.

apt-get update
apt-get dist-upgrade

To be able to add additional repositories, we need:

apt-get install python-software-properties

locale-gen en_US.UTF-8
export LANG=en_US.UTF-8

The former solves issues with add-apt-repository, as apparently UTF-8 hadn’t been configured yet.

Source: http://askubuntu.com/a/393649/364657

NOTE: When we start adding launchpad repositories, we’ll eventually get an error like this when we run “apt-get update“:

W: GPG error: http://ppa.launchpad.net trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AM8147UI12ADUD

To solve that, grab the UID after NO_PUBKEY and feed it in to this command:

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AM8147UI12ADUD

apt-get update

Source: http://askubuntu.com/a/15272/364657

2. Basic Apache and PHP Setup

The Ubuntu repository has Apache 2.4.7 and PHP 5.5. For the latest (2.4.12+ and 5.6+), we do this:

add-apt-repository ppa:ondrej/php5-5.6
apt-get install apache2 php5 php5-mysql

That covers the basic Apache+PHP configuration.

If you wanted to install MySQL Server, you’d do the following.

apt-get install mysql-server

I don’t need it (the host I’m using offers an external SQL server), but for reference that’s what you need to know.

3. Apache Configuration

nano /etc/apache2/apache2.conf
nano /etc/apache2/ports.conf
nano /etc/apache2/sites-enabled/000-default.conf

DocumentRoot /var/www/public   # Instead of /var/www/html

http://httpd.apache.org/docs/trunk/rewrite/avoid.html

https://servercheck.in/blog/3-small-tweaks-make-apache-fly

TODO: mod_CloudFlare

4. PHP PECL Packages

To use PECL packages, we need to install Pear and PHP5 Dev.

apt-get install php-pear php5-dev

pear config-set php_ini /etc/php5/apache2/php.ini

The last line will save you from manually adding things like “extension=apcu.so” to php.ini.

We can now use PECL.

4a. APCu

I’m a big fan of APCu. It lets me share data with other PHP processes with RAM.

pecl install apcu-beta

I’m using a low memory server (256 MB), so we should explicitly say how much memory to give APCu.

The default is 32 MB, which should be fine for now.

5. PHP Configuration (php.ini)

nano /etc/php5/apache2/php.ini

display_errors = on
memory_limit = 128M         # make this smaller
upload_max_filesize = 2M

5b. PHP OpCache

;opcache.enable=0
;opcache.memory_consumption=64
;opcache.interned_strings_buffer=4
;opcache.max_accelerated_files=2000

6. Restart Apache

Now that everything is installed, restart Apache.

/etc/init.d/apache2 restart

7. Git, SSH and Source Code

apt-get install git

Now, generate an SSH key. Pass-phrase?

cat ~/.ssh/id_rsa.pub

Copy the Public Key, and paste it to your SSH Keys configuration (GitHub/Bitbucket).

Move the placeholder website out of the www folder.

mv /var/www/html /var/

git clone the source repository with an SSH URI.

8. Remote Database

Given a Web Server and a Database Server on the same local network.

Using Database Server’s CPanel:

  • Add a Database.
  • Add a User.
  • Give user full permissions to the database.
  • Add the Web Server’s internal IP to the “Remote Database Access Hosts” list

Then from the Web Server:

  • In PHP code, reference the database by the internal HostName/IP of the Database Server instead of “localhost”.

9. Automatic Updates

Details: https://help.ubuntu.com/lts/serverguide/automatic-updates.html

nano /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}-security";
//      "${distro_id}:${distro_codename}-updates";

Can enable downloading of general updates in addition to security updates by uncommenting.

nano /etc/apt/apt.conf.d/10periodic

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

Apparently if we create this file, this is a decent daily configuration (see Details).

10. Lockdown SSH

Figure out the local IP addresses of the server, and open sshd_config.

ifconfig

nano /etc/ssh/sshd_config

Add a ListenAddress for your LAN IP.

ListenAddress 172.16.2.3

Reboot, and SSH will now only allow incomming SSH connections from the local network.