I re-built my LEMP web-server fresh on Ubuntu 24.04 and learned some things along the way. This is my base build outline mostly created for my own notes.
INSTALL PACKAGESnginx nginx-extrasmysql-serverphp php-curl php-fpm php-gd php-mysql php-xmlrpc php-memcache php-uploadprogress php-cli php-intlsendmail (for local mailing services)unzip zip (was already installed)ffmpeg (for video-based sites)imagemagick (to generate thumbnails for video-driven sites)
REMOVE UFW
Ubuntu came with ufw pre-installed and blocking all inbound web traffic. As this doesn't work for a web-server, I simply removed it entirely:apt purge ufw
Why not just set it up properly? Because I use my cloud host's network-based firewall instead.
REMOVE APACHE2
Apache was installed by default, and it conflicts with NGINX, causing it not to start properly. Let's get rid of it.apt purge apache2
CHECK HOSTS / HOSTNAME
Check /etc/hosts and /etc/hostname to make sure you have a proper FQDN. If not, set it with
hostnamectl set-hostname myhostname.example.comSETUP SENDMAIL
I. To enable sendmail to use STARTTLS, you need to:
1) Add this line to /etc/mail/sendmail.mc and optionally to /etc/mail/submit.mc:include(`/etc/mail/tls/starttls.m4')dnl
2) Runsendmailconfig
3) Restart sendmailsystemctl restart sendmail
Check Sendmail Status:systemctl status sendmail
If it's not set to start on boot, do this...systemctl enable sendmail
Check status again.
SETUP MYSQL
I. MySQL Secure Installation
* Do not use the validation plugin because it doesn't work with PHPMYADMIN.
mysql_secure_installation
II. Set MySQL root password
mysql -u root
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Password-Goes-Here'
exit
systemctl restart mysql.service
SETUP PHP.INI
After looking at various sample PHP configs, I found just a few key variables in php.ini that are most often tweaked:
I. Data Handling / File Uploads
post_max_size = 512 (as you like)
upload_max_filesize= 512 (as you like)
register_argc_argv = Off default / On for video-driven sites
II. Resource Limits
max_execution_time = 30 default / 7200 for video-driven sites
max_input_time = 60 default / 7200 for video-driven sites
max_input_vars = 1000 default / 5000 for video-driven sites
memory_limit = 128 default / uploadsize+1MB for video-driven sites
III. Language Options
output_buffering = Off (Joomla wants this)
PHP PM.MAX_CHILDREN
Open this config file:
/etc/php/8.3/fpm/pool.d/www.conf
Find pm.max_children and raise it to something like 10 or more.
Monitor the PHP logs for pm.max_children errors.
INSTALL / SETUP PHPMYADMINapt install phpmyadmin
NGINX
I. Setup Self-Signed SSL Certsopenssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/selfssl.key -out /etc/nginx/ssl/selfssl.crt
SETUP CRONTAB
Reconfigure any cron jobs from the old server:crontab -e -u www-dataMIGRATE JOOMLA
I used Akeeba Backup's SSH post-processing option (non-CURL) to migrate Joomla to the new server. The package PHP SSH2 was required on the source server...apt install php-ssh2
Related Articles
Building the Ultimate Media Ce...
Also known as a "home theater PC" (HTPC), a media center PC is connected to a TV and is built and configured for streaming / downloading media available on the ...
Joomla Running on Nginx and Ub...
What follows is an outline I compiled while researching how to tighten security on a Nginx web server. NOTE 1: Ubuntu 14.04 LTS was used for this. NOTE 2: This ...
Nginx - Blocking Access to Joo...
I propose blocking all access to Joomla's administrator login page and front-end user login (if you don't use it) because I constantly see a-hole bots in my log...
How To Build an Ubuntu Web Ser...
The following is a task outline for building an Ubuntu-based web-server to run Joomla and JomSocial. I created this for my own notes, so apologies if it's...