I have to find the documentation for all of them every time because it's been long enough that I don't remember how to do them each time, so I figured I might as well document more or less what I have to do to set this up. I'm using Bitnami stacks for my virtual machines and these instructions are relevant to Ubuntu 14.04.
Set up a static ip
/etc/network/interfaces like so:
#iface eth0 inet dhcp
iface eth0 inet static
dns-nameservers 18.104.22.168 22.214.171.124
Make sure you choose an address outside the address space of the dhcp server then restart networking with
sudo service networking restart, except the networking restart like this isn't working on Ubuntu so I'm restarting the machine (the good ol' Windows reboot on a Linux box, smh.)
Source: Ask Ubuntu
Enable the SSH server
sudo mv /etc/init/ssh.conf.back /etc/init/ssh.conf
sudo start ssh
Source: Bitnami docs
Support key-based authentication
Generating public/private rsa key pair.
Enter file in which to save the key (/home/bitnami/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bitnami/.ssh/id_rsa.
Your public key has been saved in /home/bitnami/.ssh/id_rsa.pub.
The key fingerprint is:
This command should create two files named id_rsa and id_rsa.pub in the /home/bitnami/.ssh directory. Copy the private key file named id_rsa to a secure location. Do not share this private key file. Transfer the contents of the public key file to the /home/bitnami/.ssh/authorized_keys file:
cat id_rsa.pub >> /home/bitnami/.ssh/authorized_keys
Edit the /etc/ssh/sshd_config and uncomment (or add if not already present) the following lines:
In the same file, disable basic password authentication:
Restart the SSH server for the new configuration to take effect:
sudo /etc/init.d/ssh force-reload
Source: Bitnami docs
Reset the MySQL root password
/opt/bitnami/mysql/bin/mysqladmin -p -u root password NEW_PASSWORD
Source: Bitnami docs
At the end of the configuration file for Apache,
/opt/bitnami/apache2/conf/httpd.conf, add the following lines to deny spammers:
<Limit GET POST PUT>
allow from all
deny from xxx.xxx.xxx
Put the subnets you want to block in place of the xxx.xxx.xxx and you can repeat that line for as many subnets as you want. I manually add spammers to this list when I find them attacking my server, and the subnets that have been added are all in China and Russia. I don't get many visitors as it is, and Chinese and Russians really don't have a reason to have interest in my blog, so I don't feel bad about blocking entire subnets in those countries. I might think hard about it if the subnet was in a country where I might have readers.
Source: lost to the wind, but I copied the section off the bottom of my httpd.conf of my last server I spun up (which I've been using about 2 years now).
So, confession time: I've never really done too well at setting up a server. I'm sure this one is no exception. I have a tough time figuring out where to put things on servers, where and how to serve up additional sites. That said, I've learned a bit about multi-site configuration on a single server over the past year from work. I now have multiple vhosts setup so that I can hit the same server with multiple domains and get different websites, except I'm not pointing any other domains at my server yet. What I did do though was use subdomains so that I can have multiple rails projects running on the same server, permanently set up with Apache and Passenger. I'm still testing this out, so I'm not sure that it will work the way I want it to, but here's what I'm thinking.
I'm creating a
/home/bitnami/projects folder where I can stash all my projects. The bitnami stack that I chose is the Ruby stack, which gives me Apache setup already with Passenger integration, which allows me to server either Rails apps or PHP sites. I can create new projects in my projects folder, and then give each project it's own vhost entry so that I can hit each of them individually. I'm going to use the ServerAlias directive to give them each a subdomain, then add CNAME records to my DNS for each subdomain which point back to my server, that way Apache will decode the url and point to the right vhost.
I added a line to the end of the
I created the vhost file there so I don't have to deal with permissions issues (i.e. sudo/running as root) when I'm adding new vhosts.
I'm thinking about creating a project that's served by default (i.e. if someone hits the server with the IP or if they hit with the root domain, because apparently those can be different), and that project will essentially be a page of links to all the projects (subdomains) on the server. I can set up a php script to either read through the vhosts file in my home directory or go through the directory of projects and create a list of links and then write them out to a php file. I can use cron to run that php script every <interval of time> so that when I create new projects they'll show up automagically on my jump page (working title). I need to figure out what a sensible interval of time to run the script is. Often enough where I don't feel the need to run it manually every time I create a project, but not too often where it's needlessly chewing up CPU cycles.
Hope this helped you, but, more importantly, I hope it's still available next time I need to setup a new server!