Ubuntu/Debian server with public/private key authentication, PHP-CGI, Lighttpd and MySQL for Zend Framework
I know there are many tutorials which explain how to set up a server in VPS environment. This is probably just another one and it won't teach you anything new. I just want to use this post as a reference, because lately I had to do it couple times for my customers. After completing the steps below you will have a server ready to run Zend Framework backed up by MySQL server. Let's dig in.
I encountered that on a fresh install of Ubuntu/Debian on my VPS the locales were not set up correctly (or at all). Before you will start the configuration of the server you probably want to set the correct locales. You can do it by executing following commands.
$ apt-get install language-pack-en-base $ export LANGUAGE=en_US.UTF-8 $ export LANG=en_US.UTF-8 $ locale-gen en_US.UTF-8 $ dpkg-reconfigure locales
Right now you can update the sources and upgrade your system.
$ apt-get update && apt-get upgrade
Always choose N when asked about replacing the configuration. If you won't and you are on Ubuntu 10.04, it might be possible your SSH configuration will be overwritten and you won't be able to login to your server anymore.
Enable Public/Private key authentication
On your local machine generate a new public/private key pair. Next copy your public key to your server, add it to your authorized_keys and delete your public key.
$ ssh-keygen $ scp ~/.ssh/id_rsa.pub root@example.com:~/ $ ssh root@dmins.de $ mkdir /root/.ssh && mv /root/id_rsa.pub /root/.ssh/ $ cat >> /root/.ssh/authorized_keys < /root/.ssh/id_rsa.pub $ rm /root/.ssh/id_rsa.pub
Next we need to do some changes to sshd_config to enable Public/Private key authentication and disable password authentication.
$ vim /etc/ssh/sshd_config
Locate the following lines, uncomment them if necessary and change their values accordingly.
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys PasswordAuthentication no
Restart your SSH server and you should be able to login using your private key. No password needed anymore.
$ /etc/init.d/ssh restart
In the next step we will jump to PHP, MySQL and Lighttpd installation.
Install PHP, Lighttpd and MySQL
Execute following command. This will install PHP as FastCGI, PHP CLI, PHP MySQL bindings, Pear, Lighttpd and MySQL server. You will be prompt to provide a root password for your MySQL server.
$ apt-get install php5-cgi php5-gd php5-dev php-pear php5-cli php5-mysql lighttpd mysql-server libmysqlclient15-dev
If you want to serve your content through SSL, you will also need a certificate. In order to prepare the certificate you will need a private key and the certificate provided by your certificate issuer.
Prepare the certificate
First you need to concatenate your private key and your certificate and copy it to your server.
$ cat privateKey.txt certificate.txt > www.example.com.pem $ scp www.example.com.pem root@exmaple.com:/etc/lighttpd/ssl/
In the next step we will configure the Lighttpd server.
Configure Lighttpd
In the first step you need to create some directories and adjust the permission.
$ mkdir -p /var/log/lighttpd/www.example.com && mkdir -p /var/www/www.example.com $ chown -R www-data\: /var/log/lighttpd
After creating the necessary folders, you will need to alter the configuration of your server.
$ vim /etc/lighttpd/lighttpd.conf
# You need to enable fastcgi, rewrite, compress and redirect server.modules = ( "mod_access", "mod_alias", "mod_accesslog", "mod_fastcgi", "mod_rewrite", "mod_redirect", "mod_compress", # "mod_status", # "mod_evhost", # "mod_usertrack", # "mod_rrdtool", # "mod_webdav", # "mod_expire", # "mod_flv_streaming", # "mod_evasive" ) # You don't want to display directory listings server.dir-listing = "disable" # Enable php through FastCGI. Lighttpd will take care of spawning it for you. fastcgi.server = (".php" => (( "bin-path" => "/usr/bin/php5-cgi", "socket" => "/tmp/php.socket" ))) # You want to enable compression for your resources. Make sure # this lines are present in your configuration and the cache folder # is writable. compress.cache-dir = "/var/www/cache" compress.filetype = ( "text/css", "text/javascript", "text/html" ) # Redirect all http connections to https $SERVER["socket"] == ":80" { $HTTP["host"] =~ "(^|\.)example\.com" { url.redirect = ( "^/(.*)" => "https://www.example.com/$1" ) } } # Enable ssl engine and configure your zend framework project $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/ssl/www.example.com.pem" $HTTP["host"] == "www.example.com" { # Rewrite rule for Zend Framework url.rewrite-once = ( ".*\?(.*)$" => "/index.php?$1", ".*\.(js|ico|gif|jpg|png|css)$" => "$0", "" => "/index.php", ) server.document-root = "/var/www/www.example.com/public" server.errorlog = "/var/log/lighttpd/www.example.com/error.log" accesslog.filename = "/var/log/lighttpd/www.example.com/access.log" } # If you don't have wild card certificate, you want to redirect # all subdomain requests to www.example.com else $HTTP["host"] =~ "(^|\.)example\.com" { url.redirect = ( "^/(.*)" => "https://www.example.com/$1" ) } }
And finally restart Lighttpd. If you navigate to your site it should automatically redirect you to https. There are still some things, which you can enable like automatic backup through crontab or deployment scripts. This stuff is project dependent therefore I won't cover it here. Enjoy your new server.