, , , , , ,

Here’s my “software shopping list” for when I set up a general purpose web server (nginx, mysql, php-fpm). This isn’t a complete perfect server/indepth set up guide but more of a checklist for what the steps I take:

  • Debian 6 minimal install
  • check/set up networking
  • check/setup date and time (dpkg-reconfigure tzdata)
  • add a limited user account (adduser)
  • add my public key to /home/<user>/.ssh/authorized_keys
  • apt-get update
  • apt-get upgrade
  • setup ssh to deny password login for most users
  • setup ssh to deny root login on public interfaces
  • set up base iptables rules (e.g.)
  • set up autoload of iptable rules
  • add dotdeb repositories www.dotdeb.org/instructions/
  • apt-get update
  • apt-get upgrade
  • apt-get install postfix
  • apt-get install mysql-server mysql-client
  • apt-get install nginx
  • apt-get install php5-fpm
  • apt-get install php5-mysql php5-curl php5-gd php5-imagick php5-mcrypt  php5-xmlrpc
  • apt-get install php5-apc
  • apt-get install fail2ban
  • apt-get install monit (process monitor)
  • config packages

NB all the apt-get installs can go in all at once. It’s just easier to read if they are listed like that here. I also usually config packages as they get installed so I don’t forget about one.

Most of the time using apt-get you get a package that will run out of the box and you can just set it to your needs. Postfix is usually the one that throws me off. Normally because I muck-up the host name and or the domains/networks it can relay for. /var/log/ is your friend.