title | metadata | taxonomy | ||||
---|---|---|---|---|---|---|
Server Setup |
|
|
[notice]This page needs updating. To contribute to this documentation, please submit a pull request to our learn repository.[/notice]
We recommend that you start with a $4/month Droplet and install a LEMP stack (Ubuntu 20.04, nginx, MariaDB, and PHP 8.0). If you prefer you may install Apache instead, but nginx offers superior performance and requires less configuration.
When you go to create your Droplet, DigitalOcean will ask you some initial configuration questions. Choose Ubuntu 22.04 as your distribution, and select a datacenter that is nearest to you and your customers. Do NOT set up SSH keys at this time - if you do, DigitalOcean won't email you a root user password. We will set up SSH later, after we've logged in with a password first.
From here, you can follow DigitalOcean's tutorials to set up your server:
First, follow this tutorial.
Some notes:
- On Windows, you may find it easier to generate an SSH key in Putty and manually copy it to the
authorized_keys
file on your Droplet. - When you create your non-root user account in Ubuntu, we recommend adding them to the
www-data
group, which is the group to which your webserver belongs. That way, you can set the group owner of your UserFrosting application files towww-data
, and both your account and the webserver account will have ownership. To do this, dosudo usermod -a -G www-data alex
, replacingalex
with your user account name. - Their instructions for the
ufw
firewall only have you open up thessh
port by default. Obviously for a web server, you will also need to open up ports 80 orhttp
and/or 443 orhttps
. See this guide for help opening up additional ports. DigitalOcean also provides a cloud firewall which can be set up through the dashboard, rather than the commandline. - For additional security, you may also want to disable root login via SSH by setting
PermitRootLogin
tono
in your/etc/ssh/sshd_config
file.
See this guide from DigitalOcean.
Because spaces rule.
nano ~/.nanorc
Add the following:
set tabsize 4
set tabstospaces
Save and exit (Ctrl-X).
You'll probably want to do this same thing in the root .nanorc
file, for when you are editing files as the root user:
sudo nano /root/.nanorc
Follow this tutorial. Swap space is a part of virtual memory, which allows your server to temporarily move data to the hard drive when there is not enough physical memory available for whatever it is doing. This is essentially the same thing as the pagefile.sys
in a Windows environment.
Some notes:
- This is just a failsafe in the event that your server experiences occasional spikes in memory usage, for example when installing new software or running a backup. If your server seems to be routinely using more than 70% of its allocated memory, you should consider upgrading to a Droplet with more memory.
- DigitalOcean recommends against enabling a swap file on any server (including theirs) which uses SSD.
See this guide.
Some notes:
- This guide has you install MySQL instead of MariaDB. In general they are completely interchangeable, but MariaDB is more reliable as an open-source option going forward. See Switching to MariaDB for help with this.
- Be sure to log into MySQL from the command line and create a non-root database user account. You should give this user limited permissions on your production database.
- The
gzip
module (which is important for site speed and SEO!), may require some additional configuration. See this guide.
Install gd and curl:
sudo apt-get install php8.0-gd
sudo apt-get install php-curl
sudo service nginx restart
PHP's get_browser()
function uses the User-Agent
header to guess information about your visitors such as browser, OS, etc. For it to work properly, you need to download a copy of browscap.ini
from the Browscap Project and configure your php.ini
to find the file.
Assuming that your PHP installation is in /etc/php/8.0
, do the following:
cd /etc/php/8.0/fpm
sudo mkdir extra
sudo curl -o /etc/php/8.0/fpm/extra/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI
This will download the "lite" browscap database, which is supposed to be adequate for most websites. Visit Browscap Project for other options.
Now, we need to edit our php.ini
to tell PHP where this file is located:
sudo nano /etc/php/8.0/fpm/php.ini
Use Ctrl+W to search for the browscap
section. Uncomment the browscap =
line. When you're done, it should look like this:
[browscap]
; http://php.net/browscap
browscap = extra/browscap.ini
Save and exit.
- Installing Composer (Steps 1 and 2 only)
- Installing Node.js and npm (Distro-stable version)
- Git comes preinstalled on Ubuntu, but you may want to update and configure it as well.
On Ubuntu, the node
package has been changed to nodejs
to avoid a naming collision with another package called node
. Unfortunately, this breaks npm
, which is expecting the node
command to refer to Node.js. To fix this, install the compatibility package:
sudo apt-get install nodejs-legacy
See the certbot tutorial.
Some notes:
- You won't actually be able to set up a new SSL certificate until you have deployed your application for the first time. Just install the
certbot
client for now.
See this DigitalOcean tutorial.
Notes:
- Make sure to pick a particularly strong password for the phpmyadmin user account. For development, you can use Random.org - we recommend generating something with at least 20 characters. [notice]Random.org recommends against using any online password creation service, including theirs, for anything sensitive.[/notice]
- To enable
mcrypt
in PHP 8:
sudo phpenmod mcrypt
sudo service php8.0-fpm restart
To disable root login and restrict access to specific users:
cd /etc/phpmyadmin
sudo nano config.inc.php
Find the lines that say:
/**
* Server(s) configuration
*/
$i = 0;
// The $cfg['Servers'] array starts with $cfg['Servers'][1]. Do not use $cfg['Servers'][0].
// You can disable a server config entry by setting host to ''.
$i++;
Below this add:
$cfg['Servers'][$i]['AllowDeny']['order'] = 'explicit';
$cfg['Servers'][$i]['AllowDeny']['rules'] = [
'allow alex from all'
];
This will allow only alex
to log in via phpMyAdmin.