Configure your first VDS server as a web server

Good afternoon.

It just so happened that recently I had to change VDS providers quite often, and each time I had to reconfigure the system, so I decided to write a short summary on the configuration. All of the following works correctly on Linux Ubuntu server 12.04 LTS. In this article I will describe how to install and perform the initial configuration of nginx + apache2, eaccelerator, memcached, fure-ftpd, php, mysql, phpmyadmin as well as the game server control panel - open game panel.

I'll start with a brief description of some of the terms.

VDS - aka VPS - Virtual Dedicated (Private) server - a virtual machine, server - you need it when there is not enough shared hosting, and a dedicated server is expensive. There are a great many providers in the modern market of VDS rental services, and each has its pros and cons, but we will not discuss them.
Type of virtualization - in simple terms, this is how the virtual machine is organized. Currently, the most common are OpenVZ and XEN. Plus, OpenVZ is low cost, since in this type of virtualization, for all virtual machines running on a hardware server, a specially modified core of the host system is used. The disadvantage of this type of virtualization is that it is impossible to change the parameters of the OS kernel, and overselling is almost always present (more on this later). And for serious projects, it is better to use XEN or KVM virtualization - there the guest OS does not even know that it is installed on a virtual machine, and with the OS you can do almost anything your heart desires, especially on XEN-HWM and KVM.
Overselling - providers sell more resources than they actually are. This works due to the fact that customers rarely use resources at a rate of 100 percent, but unscrupulous providers with an oversized overselling coefficient may experience problems, such as extremely slow machine operation or script failure due to lack of memory. Returning to the types of virtualization on XEN and KVM, overselling is practically impossible technically.

Choosing a hosting provider



So, you have decided to buy the VDS service. How should you choose a provider. You should start with geography - where your server will be located geographically.

Germany - pluses: cheap tariffs, fast channels, unlimited traffic, minuses - a fairly large delay to Russia - about 80ms, very serious about torrent trackers, torrent clients, warez, etc.
Holland, Canada - the same thing is Germany, but a little more expensive, but the main plus is legislation that is more loyal to various types of stored and transmitted information, for which we are not stroked by the head.
The United States - for the most part consider traffic, large pings to Russia - in general, is not the best option.
Russia, Ukraine - minimal delays to the Russian audience, in most cases pseudo-unlimited traffic (speed reduction after a certain threshold or the need to observe the proportions of incoming / outgoing Russian / foreign traffic), not the most reliable data centers - in almost every case, mass service outages for several hours, despite three independent electric inputs, redundancy of Internet channels and diesel generators.
Choosing a Virtualization Type
If resources allow, then this is definitely KVM or XEN. But not all providers have these types of virtual machines available, and it costs a little more money than OpenVZ. Therefore, if your project is a certain site \ two \ ten with low traffic (up to about 10,000 unique hosts per day) and \ or some kind of ICQ chat, then OpenVZ will be quite enough for you.
Well, if you need to perform any more demanding tasks, such as hosting game servers or video chats, it is better to choose XEN | KVM, also these types of virtualization should be chosen if there is a need to create VPN tunnels. VPN is easier to raise here than on OpenVZ.

Server Tuning


Further I will talk about the various features that I configured on my server, some may be useful to you. The operating system I use is Ubuntu 12.04.1 LTS. Since the vast majority of the commands that are executed below require root privileges, and I am a lazy person, I perform all the actions under the root. Logging in immediately under the root is usually impossible, therefore, log in as a user with sudo privileges and run the sudo -s command

Rebuild the core



If you chose OpenVZ, then you can safely skip this part of the article.
This procedure will not give a tangible increase in productivity, and this procedure is needed only for self-development and "practice for the future."
Download the source code for the latest stable kernel version from kernel.org. This is currently version 3.6.7
wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.6.7.tar.bz2

• Unpack the archive
tar -xjf linux-3.6.7.tar.bz2

• Install the packages necessary for compilation
aptitude update
aptitude install build-dep linux kernel-package

• go to the source folder and generate the kernel configuration. In our case, everything will go automatically - only those modules that are needed by the current hardware will be included in the kernel. If you want to manually configure the kernel, then please google at the request of make config or make menugonfig.
cd linux-3.6.7
make localyesconfig

• we start compilation of a kernel - the process not fast goes from 15 minutes to several hours.
fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers

• go up to the directory above and install packages
cd ..
dpkg -i linux-*.deb

• Reboot and check that the kernel is up.
reboot
uname -r

• That's all, in your system a new kernel.

Change the time zone and PC name



If you install Ubuntu on a dedicated server yourself, then you set the language and geographic parameters of the system during installation, but in the case of VDS, the provider has a ready-made image of the system that it rolls to your server. And we are all pleased to see the correct time for our time zone on the server.
• So, set the time zone, for this, execute the command in the console
dpkg-reconfigure tzdata

• A pseudographic interface will appear in which we select our location.
• If suddenly (I have never seen anything like this) there are discrepancies in date / time, then we will execute the following command, into which we substitute the current date and time
hwclock --set --date=”11/24/2012 16:19:55"

• To change the server name, open the / etc / hostname file and replace the contents with the desired server name.

Install nginx with backend apache2, PHP, MySQL, phpmyadmin



In this part of the article, we will install and configure a web server designed for a large number of connections.

• First, install the standard “children’s” set of packages for the web server.
aptitude update
aptitude install mysql-server mysql-client libmysqlclient15-dev apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-certlibapache2-mod-php5 libapache2-mod-ruby php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl phpmyadmin g++

• They will ask us to set a password for MySQL, then they will ask what phpmyadmin should be handled with - we need to respond with Apache, and they will ask for a password for MySQL for phpmyadmin needs.
• At the time of writing, phpmyadmin was not automatically registered in the apache2 configuration, as a result, at the address of the site_zone.zone / phpmyadmin we see error 404, so we open the file /etc/apache2/apache2.conf and add the line to the end
Include /etc/phpmyadmin/apache.conf

• Turn on apache2 modules
a2enmod include
a2enmod rewrite
a2enmod suexec
a2enmod ssl

• Draw the default Apache config. To do this, open / etc / apache2 / sites-available / default, erase everything in this file and write the following:

        ServerAdmin твой@e-mail
        DocumentRoot /home/www/адрес_сайта.зона
        
                Options FollowSymLinks
                AllowOverride All
        
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order deny,allow
                deny from all
	   allow from 127.0.0.0/255.0.0.0 ::1/128
        
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        
                AllowOverride All
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        
        ErrorLog /var/log/apache2/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel crit
        CustomLog /var/log/apache2/access.log combined
    Alias /doc/ "/usr/share/doc/"
    
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    


• The fact that the eight hundredth port is indicated is not an error; nginx will hang on the eighty standard port for http. The DocumentRoot parameter, for reasons unknown to me, is most advised to specify / var / www / ..., in my opinion it is more logical to keep important data in / home - it will be easier to set up a backup.
• Edit the file /etc/apache2/ports.conf
NameVirtualHost *:800
Listen 800

• Copy the file / etc / apache2 / sites-available / default to / etc / apache2 / sites-enabled / site_address
• It is better to name directories and files with configs by the addresses of sites since in the future this will simplify the search for the necessary configs \ directories, for example /home/www/tweedle.ru /etc/apache2/sites-enabled/tweedle.ru
• Edit the file /etc/apache2/apache2.conf - change the value of the MaxClients parameter to 20, This must be done in two places.
• We prescribe the nginx repository, for this we open the file /etc/apt/sources.list and add it to the end
deb http://nginx.org/packages/ubuntu/ precise nginx
deb-src http://nginx.org/packages/ubuntu/ precise nginx

• Install nginx and apache2-mod-rpaf
wget http://nginx.org/keys/nginx_signing.key
apt-key add nginx_signing.key
aptitude update
aptitude install libapache2-mod-rpaf libpcre3 libpcre3-dev nginx

• Next, configure nginx, for this, open the file /usr/local/etc/nginx/nginx.conf and replace the contents with the following
user www-data;
worker_processes  1;
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    server_names_hash_bucket_size 64;
    access_log  /var/log/nginx/access.log;
    sendfile        		on;
    #tcp_nopush     	on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    tcp_nodelay        	on;
    gzip              		on;
    gzip_proxied        	any;
    gzip_min_length     	300;
    gzip_http_version   	1.0;
    gzip_buffers        	4 8k;
    gzip_comp_level     9;
    gzip_types          	text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

• in the event that the role of the web server is the main role of your server and / or sites have high traffic, set worker_processes equal to the number of available CPU cores, otherwise one process will be quite enough
• create a config for our site / etc / nginx / sites -enabled / site_address.zone
server {
listen 80;
server_name адрес_сайта.зона;
access_log /var/log/nginx.access_log;
location ~* \.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx|mp3|bsp)$ {
root /home/www/адрес_сайта.зона/;
index index.php index.html index.htm;
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location / {
proxy_pass http://127.0.0.1:800/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_set_header Host $host;
proxy_connect_timeout 60;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_redirect off;
proxy_set_header Connection close;
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
}
}

• install memcached, no additional settings are required for it
aptitude install memcached

• install eAccelerator
aptitude install php5-dev 
aptitude install make
cd /tmp/ 
wget https://github.com/downloads/eaccelerator/eaccelerator/eaccelerator-0.9.6.1.tar.bz2 
tar xvjf eaccelerator-0.9.6.1.tar.bz2 
cd eaccelerator-0.9.6.1

• now, before we compile eAccelerator, we fix one bug in the code, which causes all kinds of problems, for example, authorization in phpmyadmin stops working. Open the eaccelerator.c file, line 867. Replace it if (php_check_open_basedir(realname TSRMLS_CC)) { with if (php_check_open_basedir(p->realfilename TSRMLS_CC)) { Save and continue ...
phpize 
./configure --enable-eaccelerator=shared 
make 
make install


• Create a folder for the cache, and give it rights
mkdir -p /var/cache/eaccelerator 
chmod 0777 /var/cache/eaccelerator

• Configure php to work with eaccelerator, for this, open the file /etc/php5/apache2/php.ini and add it on top
[PHP]
extension                       = "eaccelerator.so"
eaccelerator.shm_size           = "16"
eaccelerator.cache_dir          = "/var/cache/eaccelerator"
eaccelerator.enable             = "1"
eaccelerator.optimizer          = "1"
eaccelerator.check_mtime        = "1"
eaccelerator.debug              = "0"
eaccelerator.filter             = ""
eaccelerator.shm_max            = "0"
eaccelerator.shm_ttl            = "0"
eaccelerator.shm_prune_period   = "0"
eaccelerator.shm_only           = "0"
eaccelerator.compress           = "1"
eaccelerator.compress_level     = "9"
eaccelerator.allowed_admin_path = "/var/www/eaccelerator"

• We restart the services, making sure that the site is in / home / www / site_name
service apache2 restart
service nginx restart
service memcached restart

• Now we have a fairly fast web server that consumes less than 100MB of RAM. Todo: There is one drawback - phpmyadmin, which is available at the address site_site.zone / phpmyadmin is displayed ugly (without pictures), a temporary solution that I can offer is to open phpmyadmin at the address site_zone.zone : 800 / phpmyadmin

Installing pure-ftpd MySQL FTP server



FTP server is useful to us for simple and quick and convenient transfer of information from the server to the server.
• Installing pure-ftpd with mysql support
aptitude install pure-ftpd-mysql

• We create a group for ftp users and the user in it - this is done in order to subsequently make it more convenient to monitor what is happening on your server.
groupadd -g 4001 ftpusers && useradd -u 4001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpusers ftp

• Create a database in MySQL for pure-ftpd. This can be done through phpmyadmin, but with a great and powerful copy-paste it can be done faster in the console
mysql -u root –p

CREATE DATABASE pureftpd;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost' IDENTIFIED BY 'пароль_для_pureftpd';
FLUSH PRIVILEGES;

• Create a table in which FTP accounts will be stored.
USE pureftpd;
CREATE TABLE ftpd (
User varchar(16) NOT NULL default '',
status enum('0','1') NOT NULL default '0',
Password varchar(64) NOT NULL default '',
Uid varchar(11) NOT NULL default '-1',
Gid varchar(11) NOT NULL default '-1',
Dir varchar(128) NOT NULL default '',
ULBandwidth smallint(5) NOT NULL default '0',
DLBandwidth smallint(5) NOT NULL default '0',
comment tinytext NOT NULL,
ipaccess varchar(15) NOT NULL default '*',
QuotaSize smallint(5) NOT NULL default '0',
QuotaFiles int(11) NOT NULL default 0,
PRIMARY KEY (User),
UNIQUE KEY User (User)
) ENGINE=MyISAM;
quit;


• Now configure pure-ftpd, for this, open the file /etc/pure-ftpd/db/mysql.conf and make its contents like this:
MYSQLSocket      /var/run/mysqld/mysqld.sock
MYSQLUser       pureftpd
MYSQLPassword   пароль_для_pureftpd
MYSQLDatabase   pureftpd
MYSQLCrypt      md5
MYSQLGetPW      SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetUID     SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetGID     SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetDir     SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTASZ   SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTAFS   SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

• Now we make sure that the user's home directory is automatically created if it does not exist
echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir

• The following command will not give users access to directories that are higher than their home directory.
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone

• Finally, turn off user hostname verification - this will significantly speed up the authorization process and slightly reduce the amount of traffic.
echo "yes" > /etc/pure-ftpd/conf/DontResolve

• Restart the service to apply the settings
service pure-ftpd-mysql restart

• Now create a www-ftp user with GID and UID 4002, home directory / home / www, download / upload speed limits of one megabyte per second and without restrictions on the occupied disk space. I’ll give an example using the command line, you can use “execute SQL query” in phpmyadmin, or even use “add lines” in phpmyadmin - but in this case you don’t have to spoil the fact that the password in the database is stored as its md5 hash , and in the password field select "Function" md5
mysql -u root -p

USE pureftpd;
INSERT INTO `ftpd` (`User`, `status`, `Password`, `Uid`, `Gid`, `Dir`, `ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`, `QuotaFiles`) VALUES ('www-ftp', '1', MD5('пароль_для_пользователя_www-ftp'), '4002', '4002', '/home/www', '1024', '1024', 'Комментарий', '*', '0', '0');
quit;

• That's all, you can try to connect to your ftp server at the address site_site.zona with the login www-ftp and the specified password.
• If you intend to transfer data via FTP protocol that should not fall into the wrong hands, then it will not be superfluous to set up TLS encryption. To do this, do the following:
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/

• Install the openssl package if it is not installed and generate a certificate.
aptitude update
aptitude install openssl
openssl req -x509 -nodes -days 3652 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

• We answer questions - this data will be displayed in the created certificate.
• Set the access rights to the certificate and restart pure-ftpd
chmod 600 /etc/ssl/private/pure-ftpd.pem
service pure-ftpd-mysql restart

• That's all. Remember that in order for data to be encrypted, it is necessary to enable tls encryption on the client side, and not all FTP clients support it.

Installing a game server management complex - Open Game Panel



Open game panel - aka OGP - is the only free solution I have found that allows you to monitor and manage a variety of game servers. At the time of writing, more than 50 different games with servers on Windows and Linux platforms are supported. Including such popular ones as Counter-Strike (2D, 1.5, 1.6, Source, GO) and Minecraft (Vanilla, Bukkit). A
complex of two parts consists of a web-muzzle through which monitoring and control (front-end) and an agent-service are carried out , which hangs on machines with game servers and transfers logs to the front-end, and teams from the front-end to game servers.
• First, register at http://www.opengamepanel.org- for installation this is not necessary, but on the site you can download additional modules (for example, a billing system), themes and other goodies.
• Install the necessary packages
aptitude update
aptitude install libxml-parser-perl libpath-class-perl libarchive-any-perl screen

• If the system is x64, then additionally install ia32-libs
aptitude install ia32-libs

• Download the agent itself
wget "http://www.opengamepanel.org/downloads/ogp_agent_nightly.tar.gz" -O agent.tar.gz
tar xf agent.tar.gz
cd agent

• Install. Attention - I previously created the user in the system, included him in the root and sudo groups and created the home directory for him - this is all necessary for the agent to work correctly.
bash ./install.sh

• They will ask us for the username under which the service will be spinning - you need to specify the one I spoke about in the previous paragraph, his password, the directory in which the executable files (/ home / username / OGP) will be located and will be asked to enter the agent key - this is not a user password, but an agent management key, it will be useful to us later, and we will also be asked to agree to the Steam policy rules.
• After installation, log in under the user created and run
cd /home/имя пользователя/OGP
perl ./ogp_agent.pl --log-stdout

• They should write to us that everything is in order, the process is started and listens on port 12679.
• Press ctrl + c, log in under the root and register - this is necessary so that the service starts when the system starts
 update-rc.d ogp_agent defaults

• If there are several servers (dedicated or virtual), then the agent must be installed on each
• Now install the web interface from OGP, download the archive and unpack
wget "http://www.opengamepanel.org/downloads/ogp_web_nightly.tar.gz" -O upload.tar.gz
tar xf upload.tar.gz

• We move the contents of the upload folder to the folder in which we have the site
• In the browser, open the site_address. Zone / folder_c_ogp and select the language, if we are suddenly told that we don’t have enough rights to create any files or folders, we grant 777 rights to chmod, for we will go into the folder with ogp and execute the command.
chmod 777 –v –R *

• Go back to the web interface and click “Retry”, then “Next”
• Specify the database connection parameters and click “Next”
• Register the administrator account and click “Next”
• Next, follow the instructions, maybe in the next article I will describe the process of adding servers in OGP

Also popular now: