Japanatron Logo

I re-built my LEMP web-server fresh on Ubuntu 22.04 and learned some things along the way. This is my base build outline mostly created for my own notes.

INSTALL PACKAGES
nginx nginx-extras
mysql-server
php php-curl php-fpm php-gd php-mysql php-xmlrpc php-memcache php-uploadprogress php-cli php-intl

sendmail (for local mailing services)
unzip zip (was already installed)
ffmpeg (for video-based sites)
imagemagick (to generate thumbnails for video-driven sites)

REMOVE UFW
Ubuntu came with ufw pre-installed and blocking all inbound web traffic.  As this doesn't work for a web-server, I simply removed it entirely:
apt purge ufw

Why not just set it up properly?  Because I use my cloud host's network-based firewall instead.

CHECK HOSTS / HOSTNAME
Check /etc/hosts and /etc/hostname to make sure you have a proper FQDN.  If not, set it with hostnamectl set-hostname

In my case, I had to prevent cloud-init from overriding the hosts file:
nano /etc/cloud/cloud.cfg

Comment out this line: 
- update etc-hosts

SETUP SENDMAIL
I. To enable sendmail to use STARTTLS, you need to:
1) Add this line to /etc/mail/sendmail.mc and optionally to /etc/mail/submit.mc:
include(`/etc/mail/tls/starttls.m4')dnl

2) Run
sendmailconfig

3) Restart sendmail

SETUP MYSQL
I. Enable password auth (needed for PHPMYADMIN)
mysql -u root

USE mysql;
UPDATE user SET plugin='mysql_native_password' WHERE User='root';
FLUSH PRIVILEGES;
exit;

systemctl restart mysql.service

mysql_secure_installation

* Set root mysql password.
* Do not use the validation plugin because it doesn't work with PHPMYADMIN.

SETUP PHP.INI
After looking at various sample PHP configs, I found just a few key variables in php.ini that are most often tweaked:

I. Data Handling / File Uploads
post_max_size = 512 (as you like)
upload_max_filesize= 512 (as you like)
register_argc_argv = Off default / On for video-driven sites

II. Resource Limits
max_execution_time = 30 default / 7200 for video-driven sites
max_input_time = 60 default / 7200 for video-driven sites
max_input_vars = 1000 default / 5000 for video-driven sites
memory_limit = 128 default / uploadsize+1MB for video-driven sites

III. Language Options
output_buffering = Off (Joomla wants this)

INSTALL / SETUP PHPMYADMIN
apt install phpmyadmin

NGINX
I. Setup Self-Signed SSL Certs
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/selfssl.key -out /etc/nginx/ssl/selfssl.crt

SETUP CRONTAB
Reconfigure any cron jobs from the old server:
crontab -e -u www-data

Related Articles

Zimbra - How to Stop Automatic...

By default Zimbra automatically discards inbound mail that receives a high spam score (aka "super spam").  Although the score is configurable up to 100, this de...

How to Fix the Windows Managem...

A corrupt WMI repository can mess up things like the Symantec management agent and its ability to deploy software.  If you check properties of "WMI Control" in ...

FreeNAS - Bi-Directional Rsync...

Go to /root on 1st server. ssh [email protected] cd /root FreeNAS OS drive is mounted read-only, so mount it RW. mount -o rw / Generate an RSA key & leave the ...

Nginx - Blocking Access to Joo...

I propose blocking all access to Joomla's administrator login page and front-end user login (if you don't use it) because I constantly see a-hole bots in my log...