Answer the question
In order to leave comments, you need to log in
How to set up a web server from scratch?
Hello.
There is a dedicated server (Core i7/64Gb/1Tb) with Debian 7.8 64 minimal image installed. I need to raise a PHP web server based on this server.
For many years I used ISPmanager to configure the server, which installed and configured all the software for me. Those who have used ISPmanager know that it installs classic software in classic bundles (classic = time-tested). In addition, it drags along software that you may not use.
I have a desire to learn how to install and configure all the software myself. I spent a lot of time looking for a HowTo that would answer all my questions, but I did not find anything of value. All HowTos on "setting up a web server from scratch" (from bloggers and big companies like DigitalOcean) come down to a simple "apt-get install apache php mysql". But this is not enough for a production server. I need a HowTo that tells me which php/nginx/apache/fastcgi/php-fpm bundle to use; I would say that it is better to install redis instead of memcache; I would talk about protection against possible attacks. Based on this HowTo, I would like to configure the server to be as productive and secure as possible.
Here ISPmanager installs the php+apache bundle, or maybe the php+php-fpm+nginx bundle is much better and safer? At the same time, the ISP does not install fail2ban, and I looked at iptables - it is empty. I do not need to receive mail on the server, but only need to send, and ISP installs dovecot, and I only need exim. But since I don't know what an ISP does besides installing packages, I get the feeling that it does a lot of things. And if I refuse it and install packages manually, then my server will be full of holes.
I described everything rather chaotically. Maybe I should learn debian first so I don't have to ask questions like this. But still, is there such a HowTo or someone can make such a HowTo to get an extremely modern and reliable server?
Thank you.
UPDATE 30.01.2014 08:13
Судя по ответам, некоторые подумали, что я задал вопрос в стиле "как сделать сайт" или "какой редактор кода лучше", то есть вопрос не имеющий единственно верного ответа и каждый ответ будет субъективен. Так же я не ищу "волшебной кнопки" (волшебная кнопка уже есть - ISPmanager) и не ищу тонкой настройки сервисов (о чем написано на ruhighload.com).
Для такого, чтобы было понятно какую информацию я хочу получить, я задам несколько прямых вопросов:
1. Я скачал с официального сайта образ и установил на сервер debian 7.8 64. На сколько мой сервер безопасен? Моих знаний хватает только на, чтобы видеть 2 уязвимости:
- уязвимость в debian (ошибки в коде, закладки) - от этого я защититься никак не могу, да и никто не может;
- the vulnerability of obtaining a root password by brute force - I can protect myself from this by closing all ports for entry in iptables, opening only port 22 (ssh) for my IP.
That is, in my understanding, "bare" debian becomes bulletproof after closing it from the world with iptables, is that so?
2. So I read the article, and I realized that apache mod_php is best suited for my background PHP server (better than nginx + php_fpm bundles), that is, on bare debian I need to run the command "apt-get install apache2 php5". Then I can use the default php config and add my domain information in the apache config. Next, I supplement the iptables settings from the first question by opening port 80 for input. After which I get a bulletproof web server, is that right?
Answer the question
In order to leave comments, you need to log in
As for the performance, I advise ruhighload.com
Everything is short and concise, but the main thing is the direction vector.
And so, there is no single resource where it is written inside and out about everything that you need to know. If you need to learn about exim - google it and read about it, if you want to learn more about xtrabackup - go to the percona website, download the manual and read, etc.
I don't think such a guide exists. In your situation, I would recommend "dancing" from the task.
1) Determine for what tasks\application(s) we are preparing the server.
2) Determine the system requirements of these applications.
3) Based on the system requirements, we select the optimal set of software.
4) We break the software configuration into categories-functions (fail2ban, MTA, web, firewall)
5) Go to Habr or not to Habr and look for guides and manuals for your software.
6) ...
7) PROFIT!
PS: If you are used to ISP-manager, then I would recommend that you first practice with setting up bundles on a virtual machine, at least you will overcome the basic "rake" and understand if you need it at all.
The request is similar to "I want a button "do (star) then!"".
In this case, collect information, analyze, try. From the first time, I'm sure you won't be able to achieve the desired effect.
A counter question: why do you think there are so many options for implementing one task?
E no.
There is no such manual and never will be.
It simply doesn't make sense. Search in parts.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question