Japanatron Logo

I re-built my LEMP web-server fresh on Ubuntu 22.04 and learned some things along the way. This is my base build outline mostly created for my own notes.

INSTALL PACKAGES
nginx nginx-extras
mysql-server
php php-curl php-fpm php-gd php-mysql php-xmlrpc php-memcache php-uploadprogress php-cli php-intl

sendmail (for local mailing services)
unzip zip (was already installed)
ffmpeg (for video-based sites)
imagemagick (to generate thumbnails for video-driven sites)

REMOVE UFW
Ubuntu came with ufw pre-installed and blocking all inbound web traffic.  As this doesn't work for a web-server, I simply removed it entirely:
apt purge ufw

Why not just set it up properly?  Because I use my cloud host's network-based firewall instead.

REMOVE APACHE2
Apache was installed by default, and it conflicts with NGINX, causing it not to start properly.  Let's get rid of it.
apt purge apache2

CHECK HOSTS / HOSTNAME
Check /etc/hosts and /etc/hostname to make sure you have a proper FQDN.  If not, set it with hostnamectl set-hostname

In my case, I had to prevent cloud-init from overriding the hosts file:
nano /etc/cloud/cloud.cfg

Comment out this line: 
- update etc-hosts

SETUP SENDMAIL
I. To enable sendmail to use STARTTLS, you need to:
1) Add this line to /etc/mail/sendmail.mc and optionally to /etc/mail/submit.mc:
include(`/etc/mail/tls/starttls.m4')dnl

2) Run
sendmailconfig

3) Restart sendmail

SETUP MYSQL
I. Enable password auth (needed for PHPMYADMIN)
mysql -u root

USE mysql;
UPDATE user SET plugin='mysql_native_password' WHERE User='root';
FLUSH PRIVILEGES;
exit;

systemctl restart mysql.service

mysql_secure_installation

* Set root mysql password.
* Do not use the validation plugin because it doesn't work with PHPMYADMIN.

SETUP PHP.INI
After looking at various sample PHP configs, I found just a few key variables in php.ini that are most often tweaked:

I. Data Handling / File Uploads
post_max_size = 512 (as you like)
upload_max_filesize= 512 (as you like)
register_argc_argv = Off default / On for video-driven sites

II. Resource Limits
max_execution_time = 30 default / 7200 for video-driven sites
max_input_time = 60 default / 7200 for video-driven sites
max_input_vars = 1000 default / 5000 for video-driven sites
memory_limit = 128 default / uploadsize+1MB for video-driven sites

III. Language Options
output_buffering = Off (Joomla wants this)

INSTALL / SETUP PHPMYADMIN
apt install phpmyadmin

NGINX
I. Setup Self-Signed SSL Certs
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/selfssl.key -out /etc/nginx/ssl/selfssl.crt

SETUP CRONTAB
Reconfigure any cron jobs from the old server:
crontab -e -u www-data

Related Articles

FreeNAS - Bi-Directional Rsync...

Go to /root on 1st server. ssh [email protected] cd /root FreeNAS OS drive is mounted read-only, so mount it RW. mount -o rw / Generate an RSA key & leave the ...

Nginx - Blocking Access to Joo...

I propose blocking all access to Joomla's administrator login page and front-end user login (if you don't use it) because I constantly see a-hole bots in my log...

Combine Image File and Audio F...

I wanted to figure out a way to quickly and easily combine an image file (jpg) and audio file (mp3) into a video file (mov) using the free media converter tool ...

Setting Up SPF on Zimbra Runni...

SPF is awesome for stopping delivery of spoofed spam and junk back-scatter, but many of the articles on how to set up SPF in Zimbra are old and out-of-date.  It...