So… in my quest to create the perfect web server, I stumbled into an issue. An easy(ish) way to manage it. There aren’t too many control panels for nGinx that setup the server the way I need it to, in order to get the performance and scalability needed for the sites I run. I initially thought about developing a web based control panel, and still eventually may, however, due to security concerns with the methods needed to create and manage these sites, I figured it’d be best left to shell. So… without any further ado, I will explain what I did and how I did it.   Please keep in mind this is an ongoing w.i.p.

Server Install – Ubuntu 16.04 LTS

First and foremost, we need our OS.  For me, I find Ubuntu extremely stable, so I would highly recommend using it.  I chose Ubuntu Server 16.04 LTS which you can pick up the ISO for over at Ubuntu. Once you download the ISO, burn it off to a DVD, or use something like unetbootin and create a bootable USB stick. Pop your device or disk into your PC and boot from it to start the installation. You can setup how you wish, just make sure to install only the minimals needed for it to run.  I happen to choose OpenSSH and Samba since I am local to my server, as I need to be able to access everything.  At the very least you should install OpenSSH so you can shell into the server to manage it. During the partitioning phase I setup LVM, with the following partition scheme.  I would recommend utilizing LVM, if nothing more than the ability to add storage on the fly.  I have 2 – 256GB SSD’s, I setup in RAID for mirroring, and partitioned it as follows, with a single partition set aside for boot.
  • /boot – 500MB – Bootable, discard, noatime
  • / – LVM System – 15GB, discard, noatime
  • /home – LVM Home – 208GB, discard, noatime
  • swap – LVM Swap – The amount of ram I have (in this case it is 32GB)
Once the install finishes, reboot the machine, fire up a shell session, and run/configure the following:
  • Set Shell to Bash:dpkg-reconfigure dash 
  • Turn off Apparmor:service apparmor stop && update-rc.d -f apparmor remove && apt-get -y remove apparmor apparmor-utils 
  • Configure UFW: 
    ufw allow http
    ufw allow https
    ufw allow ftp
    ufw allow 30000:50000/tcp
    ufw allow 30000:50000/udp
    ufw allow ssh
    ufw enable
Our server is now ready to setup LEMP Commander.

LEMP Commander

This setup step is pretty easy to do, but does require some user intervention through the process.  We’ll need to pay attention 😉 and configure the way we’ll use exim, how we’ll secure MySQL, and how we’ll configure phpMyAdmin… so pay attention! 😉 In shell, make sure you are logged in as a sudo user, via running: sudo -s Next, make sure you are in your “home” directory, and run: git clone https://github.com/kpirnie/LEMP-Command.git && cd LEMP-Command This will download our repository and allow you to keep it up to date with the latest code I will release to it 🙂 Once it is finished downloading you will be in it’s main directory, so to install it, simply run: ./installer and go grab a coffee or 2. The installer will first update and upgrade your server, I have found that this definately takes the longest, and unfortunately, there is very little that can be done about it to make it any quicker (other than upgrading your ISP) Check back every one in a while so you can secure your MySQL install, configure exim, and configure phpMyAdmin as I stated earlier.   Securing MySQL is a simple process, just select Y, put in a username and password combo, and done.   For exim, I run this configuration due to my ISP’s restrictions, and for phpMyAdmin I select no webserver, yes to dbconfig-common, and a random password.    Set these up how you see fit. Once the installer is complete, you will probably see a message that you will need to reboot your machine.  Go ahead and do that now. Once the machine is restarted your server is officially setup as a highly scalable, highly performant web server.

LEMP Commander Usage

Now that your server is setup, we can let the real fun begin.   It’s time to setup a couple of administrative tasks that will help keep your server up to date, malware/virus free, backed up, and running in tip-top shape. For this step we’ll need to be back in sudo mode, and run crontab -e to set the following:
  • 15 0 * * * scanner # Performs a nightly virus/malware scan
  • 30 0 * * * nbl-updater # Nightly updates the nGinx Ban list according to: http://stopforumspam.com/
  • 30 1 * * * backup # Backs up all sites and databases you may have on your server.  As of now, I have it built to auto-remove backups older than 30 days as well
  • */2 * * * * service-up  # Just a quick check to make sure everything is still running.  If anything is stopped, it will restart it
Please change the times here how you see fit.
  • Create a New Site
    • new-site
    • Follow all prompts
  • Manually Run a Site Backup
    • backup
      • Will backup all sites and databases
      • The backups are placed in the following directory structure:
        • Site: /home/USER/backups/site
        • Database: /home/USER/backups/database
    • backup USER
      • Backs up the specified users site and databases
      • The backups are placed in the following directory structure:
        • Site: /home/USER/backups/site
        • Database: /home/USER/backups/database
  • Restore a Site Backup
    • restore USER YYYY-MM-DD
      • Restores the specified users site and databases from the specified date
  • Manually Run an Account Backup
    • account-backup
      • Backs up all users accounts, including their site and databases
      • The backups will be placed in the /home directory
    • account-backup USER
      • Backups up the specified users account, including their site and databases
      • The backup will be placed in the /home directory
  • Terminate an Account
    • terminate USER
      • Runs an ‘account-backup’ for the specified user, then removes the user and all the users files from the server
  • Manually Scan the Server for Malware/Virii
    • scanner
      • Scans the server for virii or malware
  • Restart Services
    • restart-commander
      • Restarts the following services: memcached, php-fpm, niginx, mysql, exim, & pure-ftpd
  • WP-CLI
    • wp COMMAND
      • Too much to cover here, so head over to: http://wp-cli.org/ to see what it can do for you

In The Works – a.k.a.  COMING SOON

  • Restore Full Account
  • Account Password reset
  • MySQL Master Admin Password Reset
  • Account Suspension
  • Sub-Domain & Parked Domain Support
  • SSL Post-Install Support, and regen
  • Extra Database Creation

Other Scripts I use on My Server

COMING SOON That’s it for now folks, I will update this post as more gets created/fixed for this, I will leave you with 2 pieces of advise.
  1. Always keep your servers up to date.  As a rule of thumb, I shell into mine and do this at least once a week.
  2. If you are going to be running a site with any kind of user input, make sure it is up to date and protected against attacks.   As a rule of thumb, the wordpress sites I host get updated nightly.  Since it does power 25% of the websites on the net, it is alot more susceptible to attacks than any other.