https://www.vultr.com/docs/use-php5-fpm-with-apache-2-on-ubuntu-14-04
https://www.linode.com/docs/websites/apache-tips-and-tricks/redirect-urls-with-the-apache-web-server
https://www.linode.com/docs/websites/apache/apache-web-server-on-ubuntu-14-04
Ubuntu 14.04
Use root Account
The root Account in Ubuntu is disabled by default because his password is not set. But if you'd like to use root Account by some reason, it's possible to use like follows.
- The user account added during installation is set an administrative account with Sudo, so it's easy to get root account's shell like follows.
trusty@dlp:~$ sudo -s [sudo] password for trusty: # own password root@dlp:~# # switched
- Or it's possible to switch to root account with su command to set root account's password.
trusty@dlp:~$ sudo passwd root [sudo] password for trusty: # own password Enter new UNIX password: # set root password Retype new UNIX password: # confirm passwd: password updated successfully trusty@dlp:~$ su - Password: # input root password root@dlp:~# # switched
* The examples on this site shows as a root account. If you use Sudo, add "sudo" on the head of commands.It had better to limit user if you enable root account.
For using by Sudo, it's possible to limit to prohibit shells in sudoers config, refer to details about Sudo Settings. - For limit to do su command, set like follows.
root@dlp:~# vi /etc/pam.d/su # line 15: uncomment and add a group which is allow to do su command auth required pam_wheel.so group=adm root@dlp:~# usermod -G adm ubuntu
Add User
- Create the user, replacing example_user with your desired username. You’ll then be asked to assign the user a password:
adduser example_user
- Add the user to the sudo group so you’ll have administrative privileges:
adduser example_user sudo
Use Fail2Ban for SSH Login Protection
Config a Firewall with UFW
Install UFW
sudo apt-get install ufw
Use UFW to Manage Firewall Rules
Set Default Rules
sudo ufw default allow outgoing sudo ufw default deny incoming
Add Rules
To allow both incoming and outgoing connection on port 22 for SSH
sudo ufw allow ssh # or sudo ufw allow 22
To allow TCP packages on Port 80
sudo ufw allow 80/tcp sudo ufw allow http/tcp
Advanced Rules
To allow connection from an IP address
sudo ufw allow from 106.187.102.114 # TW sudo ufw allow from 23.92.27.183 # US sudo ufw allow from 106.184.5.81 # DEMO sudo ufw allow from 139.162.73.178 # MYSQL sudo ufw allow from 172.104.124.38 # TW2 sudo ufw allow from 107.131.49.180 # LA sudo ufw allow from 122.116.10.56 # ChungLi
Enable the Firewall
sudo ufw enable
Disable the Firewall
sudo ufw disable
Check Status
user@localhost:/# sudo ufw status Status: active To Action From -- ------ ---- Anywhere ALLOW 106.187.102.114 Anywhere ALLOW 23.92.27.183 Anywhere ALLOW 106.184.5.81 Anywhere ALLOW 139.162.73.178 Anywhere ALLOW 107.131.49.180 Anywhere ALLOW 122.116.10.56 80/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere 22 ALLOW Anywhere 80/tcp (v6) ALLOW Anywhere (v6) 22/tcp (v6) ALLOW Anywhere (v6) 22 (v6) ALLOW Anywhere (v6)
Enable Logging
sudo ufw logging on
To Select the Log Levels [Default setting is low]
sudo ufw logging low|medium|high
A normal log entry will resemble the following, and will be located at
/var/logs/ufw
:
Setting the Timezone
dpkg-reconfigure tzdata
Checking the Time
View the current date and time according to your server.
date
Installing Software Updates
sudo apt-get update && apt-get upgrade
Web Server Installation
Installing Apache
Install Apache 2.4, its documentation, and a collection of utilities
sudo apt-get install apache2 apache2-doc apache2-utils
Edit the main Apache configuration file and turn off the KeepAlive setting:
File exerpt: /etc/apache2/apache2.conf
KeepAlive Off
Configure the Multi-Processing Module
Apache 2.4 offers various multi-processing modules (MPMs) to handle connections. The default MPM is the event module, although the prefork module is still recommended if you're using standard PHP.
The Prefork Module
- Open /etc/apache2/mods-available/mpm_prefork.conf in your text editor and edit the values as needed. The following is optimized for a 1GB Linode:
File: /etc/apache2/mods-available/mpm_prefork.conf
# prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxRequestWorkers: maximum number of server processes allowed to start # MaxConnectionsPerChild: maximum number of requests a server process serves <IfModule mpm_prefork_module> StartServers 2 MinSpareServers 6 MaxSpareServers 12 MaxRequestWorkers 30 MaxConnectionsPerChild 3000 </IfModule> - On Ubuntu 14.04, the event module is enabled by default. Disable it, and enable the prefork module :
sudo a2dismod mpm_event sudo a2enmod mpm_prefork
- Restart Apache:
sudo service apache2 restart
The Event Module
If you choose to keep the event module enabled, these settings are suggested for a 1GB Linode.
- Open /etc/apache2/mods-available/mpm_event.conf in your text editor and edit the values as needed:
File: /etc/apache2/mods-available/mpm_event.comf
# event MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestWorkers: maximum number of worker threads # MaxConnectionsPerChild: maximum number of requests a server process serves <IfModule mpm_event_module> StartServers 2 MinSpareThreads 15 MaxSpareThreads 50 ThreadLimit 64 ThreadsPerChild 25 MaxRequestWorkers 30 MaxConnectionsPerChild 3000 </IfModule> - Restart Apache:
sudo service apache2 restart
Disable the default Apache virtual host by entering the following command:
sudo a2dissite *default
Navigate to your web site HMTL directory, and create a folder to hold your website by entering the following command, replacing 「example.com」 with your domain name:
sudo mkdir example.com
Create a set of folders inside the folder you've just created to store your website's files, logs, and backups. Enter the following command, replacing example.com with your domain name:
sudo mkdir -p example.com/public_html sudo mkdir -p example.com/logs sudo mkdir -p example.com/backups
Create the virtual host file for your website by entering the following command. Replace the example.com in example.com.conf with your domain name:
sudo nano /etc/apache2/sites-available/example.com.conf sudo a2ensite beclass.tw.conf
Installing MySQL
1. Install MySQL
# sudo apt-get install mysql-server
You will be prompted to enter a password for the MySQL root user. Enter a password.
2. Secure MySQL by entering the following command to open mysql_secure_installation utility:
# sudo mysql_secure_installation
The mysql_secure_installation utility appears. Follow the instructions to remove anonymous user accounts, disable remote root login, and remove the test database
3. 要求 MySQL 需以 Unicode 方式建立資料庫
MySQL 資料庫的預設編碼格式是拉丁語系 (latin1),在儲存中文雙位元編碼的內容資料時會發生問題。為了避免上述問題發生,可以修改 MySQL 的運作設定,以 Unicode (UTF-8) 作為資料預設編碼及排序規則。
- Ubuntu: /etc/mysql/my.cnf
- or /etc/mysql/mysql.conf.d/mysqld.cnf
以文字編輯器開啟檔案後,找到 「[mysqld]" 字串,加入以下三行:
[mysqld] # # * Basic Settings # skip-character-set-client-handshake character-set-server = utf8 collation_server = utf8_unicode_ci
utf8_general_ci VS utf8_unicode_ci
- utf8_general_ci 在轉換時速度比較快
- utf8_unicode_ci 在轉換時比較精準
轉換?怎麼講呢?
簡單說就是當資料要從一個編碼換成另外一個編碼時,mysql 要在兩個 codepage 裡面找出來相對應的字元位置在哪裡。
對 utf8_general_ci 來說,來源 codepage 裡面的一個字元只能對應到目標 codepage 裡面的一個字元,而 utf8_unicode_ci 則可以把來源 codepage 裡的一個字元對應到目標 codepage 裡的多個字元(或反過來)。
例如德文裡的 ß 要轉換成英文的時候如果是用 utf8_unicode_ci 轉換會變成正確的 ss ,但是如果用 utf8_general_ci 的話則會變成單一的 s 而已。
所以如果可以的話請儘量用 utf8_unicode_ci 而不要用 utf8_general_ci ,雖然對 multibyte 字元來說這兩個都沒差,但是 utf8 的網頁誰也不知道哪天會不會有這種字元出現在你的網頁上,所以如果設成 utf8_unicode_ci 你就不需要擔心貼上去之後資料在轉換間遺失了。
看完後各位應該知道差異了吧^^utf8mb4_unicode_ci 的異同
這兩種 collations 所對應的字符都是 UTF-8 編碼的一個子集。utf8_unicode_ci 最多能找到 3 個字節的 Unicode 編碼,而 utf8mb4_unicode_ci 則能找到 4 個字節的編碼。由於調整後的 UTF-8 編碼格式規定最多使用 4 字節(原來是 6 字節)編碼,所以 utf8mb4 系列可以說是覆蓋了整個 Unicode 編碼。
Apache 2.4:
Error Message: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
# echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/servername.conf # sudo a2enconf servername
After this reload the server and the above message will no longer bug you.
# sudo service apache2 reload or # sudo apache2ctl graceful
Disable SSLv3
Testing for SSLv3
openssl s_client -connect example.com:443 -ssl3
If you see: 「routines:SSL3_READ_BYTES:sslv3 alert handshake failure」, the service you have tested does not support SSLv3. It is safe from the vulnerability.
Disabling SSLv3
Apache
1. Edit the Apache configuration.
sudo nano /etc/apache2/mods-available/ssl.conf
2. Add the following line to your Apache configuration with other SSL directives.
SSLProtocol All -SSLv2 -SSLv3
3. This will allow all protocols except SSLv2 and SSLv3. You can test your configuration change with the command:
apachectl configtest
4. Then need to restart your Apache instance
sudo service apache2 restart
Installing PHP 7.0 on Ubuntu 17.04
For PHP 7.0:
sudo apt-get install php7.0
To install related PHP packages for Apache2 webserver:
sudo apt-get install php7.0 libapache2-mod-php7.0 php7.0-cli php7.0-common php7.0-mbstring php7.0-gd php7.0-intl php7.0-xml php7.0-mysql php7.0-mcrypt php7.0-zip
After the installation, confirm PHP version by running the commands below.
php -v
Check modules:
apt-get install php5-curl
Install PHP5 Encryption
It is not possible to run PHP5 alongside previous versions of PHP.
There is a PHP5 bug where non-core extensions were moved from /php5/conf.d to /php5/mods-available and mcrypt was left behind.
see: https://bugs.LaunchPad.net/ubuntu/+source/php-mcrypt/+bug/1241286
Solution:
#to check if mcrypt is running in php:
php -m
#if mcrypt is not listed then
sudo apt-get install php5-mcrypt
#insert sym-link from new location:
sudo ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available
#Enable the extension:
sudo php5enmod mcrypt
#Restart your service
sudo service apache2 restart
PHP 暫存資料夾
修改php.ini,設定檔案上傳暫存目錄與檔案大小:
nano /etc/php5/apache2/php.ini
file_uploads = On
upload_tmp_dir = \tmp\upload
upload_max_filesize = 20M
post_max_size = 96M
Joomla!
包含子目錄/檔案的權限要設定成 755 或以上
chmod -R 755 {Joomla安裝目錄}
變更檔案 Owner
sudo chown www-data {Joomla安裝目錄}
將下例資料夾權限設定成 777
tmp
logs
cache
administrator/cache
administrator/backups
administrator/components
administrator/language
administrator/modules
componets
media
language
plugins/system
plugins/content
chmod -R 777 tmp chmod -R 777 logs chmod -R 777 cache chmod -R 777 administrator/cache chmod -R 777 administrator/components chmod -R 777 administrator/language chmod -R 777 administrator/modules chmod -R 777 components chmod -R 777 media chmod -R 777 language chmod -R 777 plugins/system chmod -R 777 plugins/content
安裝完 Joomla! 之後確認「configuration.php」權限為「644」。
IMAP for PHP
Ubuntu
How to install php IMAP for php5-fpm?
* install imap package
apt-get install php5-imap
* Enable it
cd /etc/php5
php5enmod imap
* restart Apache2
service apache2 restart
Google Cloud Platform 下,部署 VM 環境 Ubuntu16.04 + LAMP: https://izo.tw/gcp-ubuntu/
Google Cloud Platform 下,部署 VM 環境 Ubuntu16.04 + LAMP: https://izo.tw/gcp-ubuntu/
* Done