OpenVZ Server Setup Notes – Ubuntu 14.04 LAMP (w/o M)

For a side project, I’m using cheap server from these guys:

http://buyvm.net/

I’ve decided that since it’s for development, I’d rather use Apache instead of NgineX. NgineX is much better than Apache when it comes to memory usage and performance, but Apache is a little easier to organize thanks to .htaccess files. And since Ludum Dare runs and will continue to run Apache for a while, I’ve decided to make my life working on both projects a little simpler.

For my reference, the following are my setup notes for the server.

0. Nuking the server

The old NgineX install is now gone. Replaced with a fresh Ubuntu 14.04 OpenVZ image. I believe it’s the Ubuntu 14.04 Minimal image from here:

http://wiki.openvz.org/Download/template/precreated

SSH’ing in, I need to remember to get the login from the control panel. I also specifically only allowed my own IP address to SSH in to the server, using the Remote Access Policy “Only Allowed IPs”.

Now we can begin.

1. Preamble

SSH in. I am groot.

To be able to add additional repositories, we need:

The former solves issues with add-apt-repository, as apparently UTF-8 hadn’t been configured yet.

Source: http://askubuntu.com/a/393649/364657

NOTE: When we start adding launchpad repositories, we’ll eventually get an error like this when we run “apt-get update“:

To solve that, grab the UID after NO_PUBKEY and feed it in to this command:

Source: http://askubuntu.com/a/15272/364657

2. Basic Apache and PHP Setup

The Ubuntu repository has Apache 2.4.7 and PHP 5.5. For the latest (2.4.12+ and 5.6+), we do this:

That covers the basic Apache+PHP configuration.

If you wanted to install MySQL Server, you’d do the following.

I don’t need it (the host I’m using offers an external SQL server), but for reference that’s what you need to know.

3. Apache Configuration

http://httpd.apache.org/docs/trunk/rewrite/avoid.html

https://servercheck.in/blog/3-small-tweaks-make-apache-fly

TODO: mod_CloudFlare

4. PHP PECL Packages

To use PECL packages, we need to install Pear and PHP5 Dev.

The last line will save you from manually adding things like “extension=apcu.so” to php.ini.

We can now use PECL.

4a. APCu

I’m a big fan of APCu. It lets me share data with other PHP processes with RAM.

I’m using a low memory server (256 MB), so we should explicitly say how much memory to give APCu.

The default is 32 MB, which should be fine for now.

5. PHP Configuration (php.ini)

5b. PHP OpCache

6. Restart Apache

Now that everything is installed, restart Apache.

7. Git, SSH and Source Code

Now, generate an SSH key. Pass-phrase?

Copy the Public Key, and paste it to your SSH Keys configuration (GitHub/Bitbucket).

Move the placeholder website out of the www folder.

git clone the source repository with an SSH URI.

8. Remote Database

Given a Web Server and a Database Server on the same local network.

Using Database Server’s CPanel:

  • Add a Database.
  • Add a User.
  • Give user full permissions to the database.
  • Add the Web Server’s internal IP to the “Remote Database Access Hosts” list

Then from the Web Server:

  • In PHP code, reference the database by the internal HostName/IP of the Database Server instead of “localhost”.

9. Automatic Updates

Details: https://help.ubuntu.com/lts/serverguide/automatic-updates.html

Can enable downloading of general updates in addition to security updates by uncommenting.

Apparently if we create this file, this is a decent daily configuration (see Details).

10. Lockdown SSH

Figure out the local IP addresses of the server, and open sshd_config.

Add a ListenAddress for your LAN IP.

Reboot, and SSH will now only allow incomming SSH connections from the local network.