Japanatron Logo

I re-built my LEMP web-server fresh on Ubuntu 24.04 and learned some things along the way. This is my base build outline mostly created for my own notes.

INSTALL PACKAGES
nginx nginx-extras
mysql-server
php php-curl php-fpm php-gd php-mysql php-xmlrpc php-memcache php-uploadprogress php-cli php-intl

sendmail (for local mailing services)
unzip zip (was already installed)

ffmpeg (for video-based sites)
imagemagick (to generate thumbnails for video-driven sites)

REMOVE UFW
Ubuntu came with ufw pre-installed and blocking all inbound web traffic.  As this doesn't work for a web-server, I simply removed it entirely:
apt purge ufw

Why not just set it up properly?  Because I use my cloud host's network-based firewall instead.

REMOVE APACHE2
Apache was installed by default, and it conflicts with NGINX, causing it not to start properly.  Let's get rid of it.
apt purge apache2

CHECK HOSTS / HOSTNAME
Check /etc/hosts and /etc/hostname to make sure you have a proper FQDN.  If not, set it with

hostnamectl set-hostname myhostname.example.com

SETUP SENDMAIL
I. To enable sendmail to use STARTTLS, you need to:
1) Add this line to /etc/mail/sendmail.mc and optionally to /etc/mail/submit.mc:
include(`/etc/mail/tls/starttls.m4')dnl

2) Run
sendmailconfig

3) Restart sendmail

SETUP MYSQL
I. MySQL Secure Installation
* Do not use the validation plugin because it doesn't work with PHPMYADMIN.

mysql_secure_installation

II. Set MySQL root password

mysql -u root

ALTER USER 'root'@'localhost' IDENTIFIED BY 'Password-Goes-Here'

exit

systemctl restart mysql.service

SETUP PHP.INI
After looking at various sample PHP configs, I found just a few key variables in php.ini that are most often tweaked:

I. Data Handling / File Uploads
post_max_size = 512 (as you like)
upload_max_filesize= 512 (as you like)
register_argc_argv = Off default / On for video-driven sites

II. Resource Limits
max_execution_time = 30 default / 7200 for video-driven sites
max_input_time = 60 default / 7200 for video-driven sites
max_input_vars = 1000 default / 5000 for video-driven sites
memory_limit = 128 default / uploadsize+1MB for video-driven sites

III. Language Options
output_buffering = Off (Joomla wants this)

INSTALL / SETUP PHPMYADMIN
apt install phpmyadmin

NGINX
I. Setup Self-Signed SSL Certs
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/selfssl.key -out /etc/nginx/ssl/selfssl.crt

SETUP CRONTAB
Reconfigure any cron jobs from the old server:
crontab -e -u www-data

MIGRATE JOOMLA
I used Akeeba Backup's SSH post-processing option (non-CURL) to migrate Joomla to the new server.  The package PHP SSH2 was required on the source server...
apt install php-ssh2

Related Articles

Setting Up SPF on Zimbra Runni...

SPF is awesome for stopping delivery of spoofed spam and junk back-scatter, but many of the articles on how to set up SPF in Zimbra are old and out-of-date.  It...

Nginx - Blocking Access to Joo...

I propose blocking all access to Joomla's administrator login page and front-end user login (if you don't use it) because I constantly see a-hole bots in my log...

Building the Ultimate Media Ce...

Also known as a "home theater PC" (HTPC), a media center PC is connected to a TV and is built and configured for streaming / downloading media available on the ...

Nginx - How to Block or Redire...

I've been figuring out how to block or redirect web traffic in Nginx based on the country geoIP. NOTES* You need the package nginx-extras for this because this...