I’m setting up an experimental standalone server for Ludum Dare’s static content.
The server will be behind CloudFlare, which will act as a CDN for image content, and it will store (and occasionally pull) backups from Amazon S3.
The server is a KVM node from:
I’m going with Linode part because of their reputation and price. I’ve been curious about them for a few years, so it’s time to begin the experiment.
NOTE: Linode is in the process of migrating to KVM from XEN. I had to manually migrate my node (clicking a button in the sidebar, and adjusting my default in my settings).
Trying something new: Redis
I don’t necessarily need a full-on MySQL database. I just need a means of persistent storage. I tried the online tutorial for Redis last night, and found it agreeable. It’s nowhere near as powerful as SQL, but as a smarter Key/Value store, I think it’s worth a try.
Going in to this, I’m fully aware Redis is single threaded, can potentially be a memory hog, and when misconfiguration can actually lose data (the latest changes). The test machine is single core with only 1 GB of RAM, so I’m going to have to keep things tight. If this project is a success, and we need more power, I see migrating it to the dual core 2 GB RAM Linode plan. For now, we’ll stick to single core.
0. Preface
Since I’m also running Ubuntu 14 here, many notes will be borrowed from this prior post.
</2015/07/03/openvz-server-setup-notes-ubuntu-14-04-lamp-wo-m/>
This time I’m running a true install of Ubuntu Server (not an OpenVZ Minified Server), so some of the weird workarounds aren’t necessary anymore.
1. PHP and Redis
NOTE: sudo will actually work now since it’s a true Ubuntu Server image.
To check your PHP version.
Source: http://www.dev-metal.com/install-setup-php-5-6-ubuntu-14-04-lts/
Next, Redis.
Source: http://askubuntu.com/a/88288/364657
Next, Pear and Pecl.
Make sure you do that 2nd line. Otherwise, PECL scripts wont be able to auto-add themselves to the PHP configuration.
Next, PHPRedis.
Info: https://pecl.php.net/package/redis
And of course my favourite, APCu.
Info: https://pecl.php.net/package/apcu
At this point, Apache, PHP and Redis should be installed.
2. Disable Public SSH
Security 101 here. The best way to avoid people trying to SSH in and take over your server is to simply disable the outgoing SSH.
Like any good host, Linode will let you SSH in to your box indirectly. Linode has something like like to call Lish. For connect instructions, see the Remote Access->Console Access section of the Linode manager.
Before we start, though we’ll be disabling WAN access via SSH, it may be sensible to still allow SSH access inside the LAN (i.e. the datacenter). Frankly, I’m not entirely sure how Lish works (whether it needs SSH running at all), so I did this just-in-case.
Under Remote Access->Private/LAN Network, generate a Private IP address (if you haven’t already). Now reboot the box.
Figure out your LAN IP address (i.e. ifconfig, or read what it says in Linode manager).
Open up your SSHD config.
Add a ListenAddress for your LAN IP.
Reboot, and your public SSH ports will now be blocked.
* * *
You can add an SSH key from inside My Profile->Lish Settings. You’ll use the same Lish connect command as before, but it’ll save you from logging in twice. Don’t forget to add an entry to your ~/.ssh/config!
3. Do a Sparse Checkout
This server only needs a subset of the Ludum Dare repository, so I’ll be using a Sparse Checkout. Sparse Checkouts let you say specifically which folders you want to access to, as not every project needs everything.
Now you need to list all the directories you want in file: .git/info/sparse-checkout
Finally, pull the code.
Source: http://stackoverflow.com/a/13738951
If you ever change the .git/info/sparse-checkout file, you’ll have to do the following to apply the changes.
Source: http://blogs.atlassian.com/2014/05/handle-big-repositories-git/
In my case, I want Apache to pull from the /var/www/public-static folder and not /var/www/html, so I need to modify the site configuration.
and change the DocumentRoot.
Finally, restart Apache.
5. Setting .htaccess setting inside apache.conf
Instead of .htaccess files, Apache can have those configurations placed right in the config file. This is ideal, since Apache doesn’t have to scan the directory tree *just in case* of .haccess files.
Simply open up your Apache config (i.e. `/var/apache2/apache.conf`), and add a directory section that says where and what you’d typically have in an .htaccess file.
Source: http://askubuntu.com/a/48363/364657
Now restart Apache to keep your settings.
NOTE: You may need to enable mod_rewrite.
6. uhh…
Still working…