Japanatron Logo

I re-built my LEMP web-server fresh on Ubuntu 24.04 and learned some things along the way. This is my base build outline mostly created for my own notes.

INSTALL PACKAGES
nginx nginx-extras
mysql-server
php php-curl php-fpm php-gd php-mysql php-xmlrpc php-memcache php-uploadprogress php-cli php-intl

sendmail (for local mailing services)
unzip zip (was already installed)

ffmpeg (for video-based sites)
imagemagick (to generate thumbnails for video-driven sites)

REMOVE UFW
Ubuntu came with ufw pre-installed and blocking all inbound web traffic.  As this doesn't work for a web-server, I simply removed it entirely:
apt purge ufw

Why not just set it up properly?  Because I use my cloud host's network-based firewall instead.

REMOVE APACHE2
Apache was installed by default, and it conflicts with NGINX, causing it not to start properly.  Let's get rid of it.
apt purge apache2

CHECK HOSTS / HOSTNAME
Check /etc/hosts and /etc/hostname to make sure you have a proper FQDN.  If not, set it with

hostnamectl set-hostname myhostname.example.com

SETUP SENDMAIL
I. To enable sendmail to use STARTTLS, you need to:
1) Add this line to /etc/mail/sendmail.mc and optionally to /etc/mail/submit.mc:
include(`/etc/mail/tls/starttls.m4')dnl

2) Run
sendmailconfig

3) Restart sendmail

SETUP MYSQL
I. MySQL Secure Installation
* Do not use the validation plugin because it doesn't work with PHPMYADMIN.

mysql_secure_installation

II. Set MySQL root password

mysql -u root

ALTER USER 'root'@'localhost' IDENTIFIED BY 'Password-Goes-Here'

exit

systemctl restart mysql.service

SETUP PHP.INI
After looking at various sample PHP configs, I found just a few key variables in php.ini that are most often tweaked:

I. Data Handling / File Uploads
post_max_size = 512 (as you like)
upload_max_filesize= 512 (as you like)
register_argc_argv = Off default / On for video-driven sites

II. Resource Limits
max_execution_time = 30 default / 7200 for video-driven sites
max_input_time = 60 default / 7200 for video-driven sites
max_input_vars = 1000 default / 5000 for video-driven sites
memory_limit = 128 default / uploadsize+1MB for video-driven sites

III. Language Options
output_buffering = Off (Joomla wants this)

INSTALL / SETUP PHPMYADMIN
apt install phpmyadmin

NGINX
I. Setup Self-Signed SSL Certs
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/selfssl.key -out /etc/nginx/ssl/selfssl.crt

SETUP CRONTAB
Reconfigure any cron jobs from the old server:
crontab -e -u www-data

MIGRATE JOOMLA
I used Akeeba Backup's SSH post-processing option (non-CURL) to migrate Joomla to the new server.  The package PHP SSH2 was required on the source server...
apt install php-ssh2

Related Articles

Zimbra - How to Stop Automatic...

By default Zimbra automatically discards inbound mail that receives a high spam score (aka "super spam").  Although the score is configurable up to 100, this de...

Joomla Running on Nginx and Ub...

What follows is an outline I compiled while researching how to tighten security on a Nginx web server. NOTE 1: Ubuntu 14.04 LTS was used for this. NOTE 2: This ...

Ubuntu 22.04 Nginx Build Outli...

I re-built my LEMP web-server fresh on Ubuntu 22.04 and learned some things along the way. This is my base build outline mostly created for my own notes. INS...

Setting Up SPF on Zimbra Runni...

SPF is awesome for stopping delivery of spoofed spam and junk back-scatter, but many of the articles on how to set up SPF in Zimbra are old and out-of-date.  It...