Here’s my “software shopping list” for when I set up a general purpose web server (nginx, mysql, php-fpm). This isn’t a complete perfect server/indepth set up guide but more of a checklist for what the steps I take:
- Debian 6 minimal install
- check/set up networking
- check/setup date and time (dpkg-reconfigure tzdata)
- add a limited user account (adduser)
- add my public key to /home/<user>/.ssh/authorized_keys
- apt-get update
- apt-get upgrade
- setup ssh to deny password login for most users
- setup ssh to deny root login on public interfaces
- set up base iptables rules (e.g.)
- set up autoload of iptable rules
- add dotdeb repositories www.dotdeb.org/instructions/
- apt-get update
- apt-get upgrade
- apt-get install postfix
- apt-get install mysql-server mysql-client
- apt-get install nginx
- apt-get install php5-fpm
- apt-get install php5-mysql php5-curl php5-gd php5-imagick php5-mcrypt php5-xmlrpc
- apt-get install php5-apc
- apt-get install fail2ban
- apt-get install monit (process monitor)
- config packages
NB all the apt-get installs can go in all at once. It’s just easier to read if they are listed like that here. I also usually config packages as they get installed so I don’t forget about one.
Most of the time using apt-get you get a package that will run out of the box and you can just set it to your needs. Postfix is usually the one that throws me off. Normally because I muck-up the host name and or the domains/networks it can relay for. /var/log/ is your friend.