Change PHP memory_limit & PHP.ini Values in Ajenti

Ajenti V’s VPS web control panel has a nice, pretty interface, which attracts many users. It is easy to use, but certain settings may not always be intuitive for everyone. One such setting is changing PHP.ini settings. In this tutorial, we’ll PHP’s memory_limit. Let’s cut to the chase and begin the tutorial!

Step 1: Log in to Ajenti V Control Panel

Using your web browser, log in to your Ajenti V control panel. If you didn’t change the default port number of 8000, then you can log in to Ajenti V by going to https://123.123.123.123:8000 (substitute 123.123.123.123 with your VPS or Dedicated server’s IP address). If you did change Ajenti V’s default port number, then simply substitute 8000 with whatever port number you are using.

Ajenti Login Default Username & Password root admin

Ajenti V Default Dashboard

Step 2: Manage Website Configuration / Settings

Click MANAGE to the right of your newly created website.

Ajenti V Manage New PHP WordPress Website Configuration

Step 3: Content Settings Tab

Click on the Content tab. Select PHP. Then enter in memory_limit = 512M; in the PHP .ini values box. Scroll down and click APPLY CHANGES and then wait a moment for the changes to take effect.

Ajenti V Change PHP.ini Values Settings

Step 4: Reboot Server to Implement Change of PHP.ini Values

Click on the Dashboard. Then click the reboot button to reboot your web server. If you are prompted whether or not you want to reboot, click OK. Wait for your web server to reboot.

Ajenti V Dashboard Reboot Web Server

Create Email Address Mailbox on Ajenti V in Nginx & Ubuntu

Creating an email address / mailbox in Ajenti V is dead simple. There are only two quick steps for this tutorial. See below how to create an email address / mailbox in Ajenti V.

Step 1: Configure & Create Email Address Mailbox

After logging in to Ajenti V using your browser, click on the Mail tab to the left. Beneath where it says NEW MAILBOX, for Address, enter in the part of the email address before the @ sign that you’d like to create an email address mailbox on (e.g. example). If you have already added domain names to Ajenti V, you may choose the domain name you would like to do create an email mailbox for; otherwise, choose Custom Domain. In the Custom domain field, enter in the domain name of the email address mailbox you’d like to configure. For this example, I am using domain.com as my custom domain. Click the + MAILBOX button.

Ajenti V Create Email Address Mailbox

Step 2: Enter in Password for Email Address Mailbox

Click on the email address you just created. To the right of Password, click Change password. Enter in a strong password. Scroll down and click APPLY CHANGES.

Ajenti V Create Email Address Mailbox Password Change

Troubleshooting

Not Receiving Email

If you are not receiving the email of your newly configured email address mailbox, ensure you have opened up TCP ports 143 and 993 and that these ports are not blocked.

If these two ports are open, ensure you have added the domain name you have configured the email address mailbox for to your Ajenti websites.

If you have added the above domain name you’d like to configure the email address mailbox for, ensure your DNS settings at your domain name’s registrar are correctly pointed at your Ajenti V VPS / Dedicated server’s IP address.

Make sure your installation hasn’t been configured to use non-default ports. To check the ports used by exim, type in the following via SSH:

lsof -i -P | grep exim

Make sure your firewall is not blocking any of these ports.

Try debugging further by checking the delivery path by typing in the following:

exim -bt example@domain.com

If you have made sure of all the above points, try rebooting your server to see if that fixes it and allows you to receive email at your email address mailbox.

Create Forwarding Email Address on Ajenti V in Nginx & Ubuntu

It is very easy to create a forwarding email address in Ajenti V. There are two easy steps. Continue on to see how to create and configure a forwarding email address in Ajenti V.

Step 1: Configure & Create Forwarding Email Settings

After logging in to Ajenti V using your browser, click on the Mail tab to the left. Beneath where it says NEW MAILBOX, for Address, enter in the part of the email address before the @ sign that you’d like to enable email forwarding on (e.g. example). If you have already added domain names to Ajenti V, you may choose the domain name you would like to do email forwarding on; otherwise, choose Custom Domain. In the Custom domain field, enter in the domain name of the forwarding email address you’d like to configure. For this example, I am using domain.com as my custom domain. Click the + FORWARDING button.

Ajenti V Create Forwarding Email Address Custom Domain

Step 2: Enter in Target Email Address You Want to Forward Email to

Click on the forwarding email address you just created. Beneath Target address, click + ADD. Instead of someone@example.com, put in your actual email address that you would like to forward your forwarding email to. Scroll down and click APPLY CHANGES. In this example, I am forwarding all mail that comes in for example@domain.com to example@gmail.com.

Ajenti V Forwarding Email Address Target

Troubleshooting

Not Receiving Forwarding Email

If you are not receiving the email of your newly configured forwarding email address, ensure you have opened up TCP ports 143 and 993 and that these ports are not blocked.

If these two ports are open, ensure you have added the domain name you have configured the forwarding email address for to your Ajenti websites.

If you have added the above domain name you’d like to configure the forwarding email address for, ensure your DNS settings at your domain name’s registrar are correctly pointed at your Ajenti V VPS / Dedicated server’s IP address.

Ensure you have correctly entered in your target email address.

Make sure your installation hasn’t been configured to use non-default ports. To check the ports used by exim, type in the following via SSH:

lsof -i -P | grep exim

Make sure your firewall is not blocking any of these ports.

Try debugging further by checking the delivery path by typing in the following:

exim -bt example@domain.com

If you have made sure of all the above points, try rebooting your server to see if that fixes it and allows you to receive the forwarding email at your target address.

Create Catch-All Email Address on Ajenti V Nginx Ubuntu Linux

Creating a catch-all email address in Ajenti V is very easy. All it takes is two simple steps. Simply scroll down to see how to create and configure a catch-all email address in Ajenti V.

Step 1: Configure & Create Catch-All Email Settings

After logging in to Ajenti V using your browser, click on the Mail tab to the left. Beneath where it says NEW MAILBOX, for Address, enter only an asterisk–*. If you have already added domain names to Ajenti V, you may choose the domain name you would like to do forwarding on; otherwise, choose Custom Domain. In the Custom domain field, enter in the domain name of the catch-all email address you’d like to configure. For this example, I am using domain.com as my custom domain. Click the + FORWARDING button.

Ajenti V Create Catch-All Forwarding Email Address

If you would like to create a catch-all email account for all of your domains, enter in only an asterisk, *, for the Address, just as we have done above. Select Custom domain, and for the Custom domain field, enter in only two quotation marks–“”. Click the + Forwarding button.

Ajenti V Create Catch-All Mail Forwarding Email Address

Step 2: Enter in Target Email Address You Want to Forward Email to

Click on the catch-all email address you just created. Beneath Target address, click + ADD. Instead of someone@example.com, put in your actual email address that you would like to forward your catch-all email to. Scroll down and click APPLY CHANGES. In this example, I am forwarding all mail that comes in for any recipient @domain.com to example@gmail.com.

Ajenti V Catch-All Forwarding Email Target Address

Below is how it looks when you create a catch-all email account that forwards email for all of your domains to your designated target address.

Ajenti V Catch-All Mail Forwarding Target Email Address

Troubleshooting

Not Receiving Catch-All Email

If you are not receiving the email of your newly configured catch-all email address, ensure you have opened up TCP ports 143 and 993 and that these ports are not blocked.

If these two ports are open, ensure you have added the domain name you have configured the catch-all email address for to your Ajenti websites.

If you have added the above domain name you’d like to configure the catch-all email address for, ensure your DNS settings at your domain name’s registrar are correctly pointed at your Ajenti V VPS / Dedicated server’s IP address.

Ensure you have correctly entered in your target email address.

Make sure your installation hasn’t been configured to use non-default ports. To check the ports used by exim, type in the following via SSH:

lsof -i -P | grep exim

Make sure your firewall is not blocking any of these ports.

Try debugging further by checking the delivery path by typing in the following:

exim -bt example@domain.com

If you have made sure of all the above points, try rebooting your server to see if that fixes it and allows you to receive the catch-all email at your target address.

Add New PHP / WordPress Website in Ajenti V Tutorial

Adding a new PHP / WordPress website in Ajenti V couldn’t be easier. This VPS web control panel has a nice, pretty interface, which attracts many users. Nonetheless, if you are unsure about how to set up a new PHP / WordPress website in Ajenti V, simply follow this easy step by step tutorial.

Step 1: Log in to Ajenti V Control Panel

Using your web browser, log in to your Ajenti V control panel. If you didn’t change the default port number of 8000, then you can log in to Ajenti V by going to https://123.123.123.123:8000 (substitute 123.123.123.123 with your VPS or Dedicated server’s IP address). If you did change Ajenti V’s default port number, then simply substitute 8000 with whatever port number you are using.

Ajenti Login Default Username & Password root admin

Ajenti V Default Dashboard

Step 2: Create / Add New Website

Click on Websites. Enter a name for your website like Personal Website and click CREATE.

Ajenti V Add Create New PHP WordPress Website

Step 3: Manage Website Configuration / Settings

Click MANAGE to the right of your newly created website.

Ajenti V Manage New PHP WordPress Website Configuration

Step 4: General Website Settings Tab

Click on the General tab. Uncheck Maintenance mode and change the Path to /var/www/domain.com/web (replace domain.com with your domain name). Click CREATE DIRECTORY.

Ajenti V Website Path Maintenance Mode

Step 5: Domain Settings Tab

Click on the Domains tab. Click +ADD. Instead of example.com, put in a domain of yours with DNS settings already pointed at your web server’s IP address (e.g. domain.com).

Ajenti V Websites Domains

Ajenti V Domains Settings Tab Add Website

Step 6: Port Settings Tab

Click on the Ports tab. Click + Add to add a new port. Change the newly created port from 80 to 443. Enable SSL by clicking the box beneath where it says SSL (to the right of the 443 you just entered).

Ajenti V Port 443 SSL Website Certificate

Step 7: SSL Settings Tab

Click on the SSL tab. In the SSL certificate path, enter the following:

/etc/custom/ssl/nginx.crt

In the SSL key path, enter the following:

/etc/custom/ssl/nginx.key

Ajenti V SSL Nginx PHP Website Certificate

Step 8: Content Settings Tab

Click on the Content tab. Select PHP FastCGI and click +CREATE.

Ajenti V Content PHP FastCGI WordPress Website

Ajenti V Content PHP FastCGI WordPress Websites

Step 9: Advanced Settings Tab

Click on the Advanced tab. In the Custom configuration box, enter in the following:

# Uncomment the code below to use htpasswd authentication
#location ^~ (wp-login)\.php$ {
# auth_basic "Admin Login";
# auth_basic_user_file /etc/custom/pma_pass;
#}

location / {
try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

Ajenti V Advanced Custom Configuration WordPress PHP

If you uncommented the commented lines above (by removing the # symbols at the beginning of lines 2-5), this will secure your WordPress login page by requiring a user to enter in a valid username and password before even seeing the actual WordPress login page.

Authentication Required Ajenti Nginx htaccess

Step 10: MySQL Settings Tab

Click on the MySQL tab. In the DATABASES section, for the Name field, enter in a database name for your website’s MySQL database (e.g. personal-website). Then click + CREATE to create the the MySQL database.

Ajenti V Create MySQL Database Name

In the USERS section, for the Name field, enter in a user name for the user that will access your website’s newly created MySQL database (e.g. personal-website). For the Password field, enter in a secure password for the MySQL user of this MySQL database. Then click + CREATE to create the the MySQL database user. Then click GRANT ALL PERMISSIONS.

Ajenti V Create MySQL Database User Grant All Permissions

Step 11: FTP Settings Tab

Click on the FTP tab. For the Username field, enter in a user name for the FTP user that will access your newly created website (e.g. personal-website). For the Password field, enter in a secure password for the FTP user.

Ajenti V Create FTP User WordPress PHP Website

Step 12: Fix File Permissions

Click on the General tab. Click FIX FILE PERMISSIONS. Scroll down and click APPLY CHANGES and then wait a moment for the changes to take effect.

Ajenti V Fix PHP Website File Permissions

Step 13: Log in to FTP

You may now log in to FTP and upload your website files. To do so, simply use your domain name as the host in your FTP client (e.g. domain.com). For protocol, select FTP. If your FTP client gives you the option to choose the encryption type, choose Require explicit FTP over TLS. For username, enter in your FTP username you created earlier. For password, enter in your password you chose when you created the FTP user. When logging in for the first time, you may get a message from the FTP client regarding the security certificate. Go ahead and click OK and continue. Now you may upload your files normally.

Troubleshooting

Browser Downloads wp-login.php File

Try the following code for the custom configuration in the Advanced tab of Ajenti V instead of the code used above for the auth basic module:

location ~* (wp-login)\.php$ {
auth_basic "Admin Login";
auth_basic_user_file /etc/custom/pma_pass;
}

Further reading:

Web Server Setup Ubuntu, Ajenti, Nginx, PHP, MySQL, Mail

This tutorial will walk you through the steps of installing and setting up your own web server (VPS or dedicated server) from scratch. Within Ubuntu 14.04, we will be installing Ajenti, Nginx, MySQL, PHP, FTP, Mail, and Pop. We will also implement key security features and settings.

This has been tested with VPSDime and Linode.

Step 1: Install Ubuntu

From within your VPS control panel, install Ubuntu–in this case, Ubuntu 14.04 64-bit.

Rebuild Ubuntu 14 VPS Server

Step 2: Set Your Hostname & Fully Qualified Domain Name (FQDN)

Type in the following in terminal to connect to your VPS server (replace 123.123.123.123 with your server’s IP address):

ssh root@123.123.123.123

Ubuntu SSH Terminal Root Login

If you’re not sure whether or not you already have a hostname (depending on who is hosting your VPS / Dedicated server), you may type in the following to find out:

hostname -f

If it looks familiar, and like something you have already set such as host.mydomain.com, then you can omit this step. Otherwise, if it is something ugly like seemingly random numbers and/or letters, go ahead and do this step.

Type in the following to set your hostname (substitute nicename with the hostname you’d like):

echo "nicename" > /etc/hostname && hostname -F /etc/hostname

Now, type in the following to ensure the hostname was correctly set:

hostname

You should see nicename or whatever you used for your hostname.

Now, we must set the FQDN by typing in the following:

echo -e "ff02::1 ip6-allnodes\nff02::2 ip6-allrouters\n127.0.0.1 localhost.localdomain localhost\n123.123.123.123 nicename.example.com nicename\n::1 localhost ip6-localhost ip6-loopback" > /etc/hosts

Replace 123.123.123.123 with your server’s IP address. Replace both instances of nicename with your hostname we just set a moment ago. Replace example.com with your domain name you would like associated with your VPS/Dedicated server.

Step 3: Set the Server Timezone

Type the following to set the server timezone:

dpkg-reconfigure tzdata

Set Server Timezone Linux Ubuntu Command Line

Configure Server Timezone Linux Ubuntu Command Line

Step 4: Download Latest Package Files

Type the following to download latest package files:

apt-get update

Update Package Sources Linux Ubuntu Command Line

Update Packages Sources Linux Ubuntu Command Line

Step 5: Import Repository Key

Type the following to get the Ajenti repository key:

wget http://repo.ajenti.org/debian/key -O- | apt-key add -

Type the following to import the Ajenti, Nginx, and PHP repository keys:

echo -e "deb http://repo.ajenti.org/ng/debian main main ubuntu\ndeb http://nginx.org/packages/ubuntu/ trusty nginx\ndeb-src http://nginx.org/packages/ubuntu/ trusty nginx\ndeb http://ppa.launchpad.net/ondrej/php5-5.6/ubuntu trusty main" >> /etc/apt/sources.list

Import Ajenti Repository Ubuntu Linux Command Line

Importing Ajenti Repository Ubuntu Linux Command Line

Import Ajenti Update Repository Ubuntu Linux Command Line

Step 6: Update Package Sources

Type the following to update package sources:

apt-get update

Update Package Sources Linux Ubuntu Command Line

Update Packages Sources Linux Ubuntu Command Line

Step 7: Install Ajenti, Nginx, MySQL, PHP, FTP, Mail, Pop

Type the following to install Ajenti V, Nginx, MySQL, PHP, FTP, Courier Mail, Pop support, and CURL:

apt-get install ajenti-v ajenti-v-nginx ajenti-v-mysql ajenti-v-php-fpm php5-mysql php5-cli ajenti-v-ftp-pureftpd ajenti-v-mail courier-pop mailutils dbus php5-curl

When asked if you want to continue, type Y and hit Enter.

Install Ajenti, Nginx, MySQL, PHP, FTP, Mail, Pop

Installing Ajenti, Nginx, MySQL, PHP, FTP, Mail, Pop

When asked for a password for MySQL’s root user, enter in a secure password and then hit Tab and then Enter to accept the changes. When asked to confirm the MySQL root user password, re-enter it and then hit Tab and then Enter to accept the changes. You may have to wait a few seconds after hitting Enter, so be patient.

Configure New MySQL Server 5.5 Password Ubuntu Linux Command Line

When asked if you want to Create directories for web-based administration, make sure No is selected and hit Enter.

Configure Courier-Pop Mail Ubuntu Linux Command Line

When you get to the Configuring courier-ssl screen, hit Enter to accept.

Configure Courier-Pop Mail SSL Ubuntu Linux Command Line

Step 8: Restart Services

Type the following to restart PHP:

service php5-fpm restart

Type the following to restart nginx:

service nginx restart

Type the following to restart Ajenti:

service ajenti restart

service php5-fpm restart Ubuntu Linux Command Line

service nginx restart Ubuntu Linux Command Line

service ajenti restart Ubuntu Linux Command Line

Step 9: Create SSL Certificate

If you don’t already have the directory, /etc/custom, create it by typing in the following:

mkdir /etc/custom

mkdir Create Directory Folder Ubuntu Command Line

Type in the following to create a directory which will be used to store all SSL information:

mkdir /etc/custom/ssl

Create the SSL key and certificate files by typing in the following:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/custom/ssl/nginx.key -out /etc/custom/ssl/nginx.crt

When asked for a Country Name, put in the two-letter code for your country (e.g. US). For State or Province Name, enter in your state (e.g. DC). For Locality Name, enter in your city (e.g. Washington). For Organization Name, enter the name of your organization. For Organizational Unit Name, enter in anything. For the Common Name, enter in the domain name you want associated with your server (e.g. example.com or your IP address if you don’t have a domain name). For Email Address, enter in the administrator’s email address.

Create SSL Certificate and Key Files Nginx

Now type in the following:

cat /etc/custom/ssl/nginx.crt /etc/custom/ssl/nginx.key > /etc/custom/ssl/nginx.pem

Step 10: Log in to Ajenti Control Panel via Browser

Open up your Internet browser and enter in the URL/address for Ajenti on your server. This is https://123.123.123.123:8000 [where 123.123.123.123 is the IP address of your server]. Make sure you write https rather than merely http. Proceed despite the warning. The default username is root and the default password is admin.

Ajenti Privacy Error Connection Not Private SSL

Ajenti Privacy Error Connection Not Private SSL Proceed

Ajenti Login Default Username & Password root admin

Ajenti V Default Dashboard

Step 11: Change Default Ajenti Password

Click on Password. Then enter in your old password, admin, and your new password two times. Make sure it is a strong password that only you know. Then click Save.

Ajenti V Change Default root admin Password

Ajenti V Change Default root admin Password Save

Step 12: Change Ajenti V’s Default Port, 8000

Click Configure. In the Port field, change it from Ajenti’s default of 8000 to something else like 24371. Scroll down and click Save.

Ajenti V Configure Change Default Port 8000

Ajenti V Configure Change Default Port from 8000

Step 13: Change Ajenti V’s Security Certificate

Since we created our own security certificate, we can go ahead and use it instead of Ajenti V’s default security certificate. To do so, click Configure. Then change Path to certificate from /etc/ajenti/ajenti.pem to /etc/custom/ssl/nginx.pem. Scroll down and click Save.

Ajenti Configure SSL Custom Certificate Path

Step 14: Add Email Address for Ajenti V root User

Click Configure. Scroll down to the Users section. Click the root username. Enter in your email address. Scroll down and click Save.

Ajenti V root User Email Address

Step 15: Restart Ajenti

Restart Ajenti for the saved changes to take effect by clicking Restart at the bottom of the Configure screen.

Restart Ajenti for Saved Changes to take Effect

Restarting Ajenti for Saved Changes to take Effect

Step 16: Log in to Ajenti Control Panel Using New Port

Now that Ajenti V’s default port has changed, you can no longer log in to the default log in address of https://123.123.123.123:8000. Instead, go to the new log in URL, https://123.123.123.123:24371 and log in using the username root along with your new password.

Ajenti Login New Username & Password root

Step 17: Enable Websites

Click Websites. Then click ENABLE.

Ajenti V Control Panel Enable Websites

Step 18: Enable Mail

Click Mail. Then click ENABLE.

Ajenti V Control Panel Enable Mail

Step 19: Enable SFTP / Secure FTP – Explicit FTP over TLS

Via SSH, type the following to copy the security certificate we created earlier:

cp /etc/custom/ssl/nginx.pem /etc/ssl/private/pure-ftpd.pem

Then type the following to allow TLS sessions only (no FTP):

echo 2 > /etc/pure-ftpd/conf/TLS

Step 20: Install & Configure fail2ban to Prevent Repeated Login Attempts

Via SSH, type the following to install fail2ban:

apt-get install fail2ban

When asked Do you want to continue, type Y and hit Enter.

Install fail2ban Ajenti Ubuntu Linux SSH Command Line

Type the following to create and open fail2ban configuration settings that will override fail2ban’s default configuration settings:

nano /etc/fail2ban/jail.local

Edit fail2ban Configuration Settings Ubuntu Linux Command Line

Paste in the following code to enable fail2ban protection on ssh-ddos, php-url-fopen, Nginx http auth, FTP, Courier mail, and MySQL (as well as to ban repeat offenders for prolonged periods):

[ssh-ddos]
enabled = true

[php-url-fopen]
enabled = true
logpath = /var/log/nginx/*.access.log

[nginx-http-auth]
enabled = true

[pure-ftpd]
enabled = true

[courierauth]
enabled = true

[mysqld-auth]
enabled = true
logpath = /var/log/mysql/error.log

[recidive]
enabled = true

Type Ctrl + x to save the changes. Then type y. Then hit Enter on your keyboard.

nano save changes Ubuntu Linux SSH Terminal Command Line

nano file name Ubuntu Linux SSH Command Line

Restart fail2ban by typing in the following in SSH:

service fail2ban restart

service fail2ban restart Ubuntu Linux Command Line

Step 21: Add & Configure Firewall

Type the following in SSH to edit firewall rules:

nano /etc/custom/iptables.firewall.rules

Setup Firewall Rules Ubuntu Linux Command Line

Paste the following into this file (iptables.firewall.rules):

*filter

# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
 -A INPUT -i lo -j ACCEPT
 -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

# Accept all established inbound connections
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow all outbound traffic - you can modify this to only allow certain traffic
 -A OUTPUT -j ACCEPT

# Allow Ajenti connection
 -A INPUT -p tcp --dport 24371 -j ACCEPT

# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL)
 -A INPUT -p tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow FTP connection
 -A INPUT -p tcp --dport 21 -j ACCEPT

# Allow SSH connections
 # The -dport number should be the same port number you set in sshd_config
 -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

# Allow mail (IMAP) connection
 -A INPUT -p tcp --dport 143 -j ACCEPT
 -A INPUT -p tcp --dport 993 -j ACCEPT

# Allow ping
 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# Allow ports for testing
 #-A INPUT -p tcp --dport 8080:8090 -j ACCEPT

# Log iptables denied calls
 -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy
 -A INPUT -j REJECT
 -A FORWARD -j REJECT

# Block the following IP addresses
 #iptables -I INPUT -s 207.102.138.3 -j DROP

COMMIT

Firewall Rules Configuration Ubuntu Linux Command Line

Type Ctrl + x to save the changes. Then type y. Then hit Enter on your keyboard.

Save Firewall Rules Configuration Ubuntu Linux Command Line

Type the following to activate the firewall rules:

iptables-restore < /etc/custom/iptables.firewall.rules

Activate iptables Firewall Rules Ubuntu Linux Command Line

Then type the following to activate firewall rules on startup:

echo "/sbin/iptables-restore < /etc/custom/iptables.firewall.rules" >> /etc/network/if-pre-up.d/firewall

Activate iptables Firewall Rules Startup Ubuntu Linux

Type the following to set appropriate script permissions:

chmod +x /etc/network/if-pre-up.d/firewall

iptables Firewall Permissions Ubuntu Linux SSH

Step 22: Automatically Reboot Server on out-of-memory Condition

Type the following to automatically reboot the server in case it runs out of memory (automatically reboots 10 seconds after running out of memory)

echo -e "vm.panic_on_oom=1\nkernel.panic=10" >> /etc/sysctl.conf

Automatically Reboot Out of Memory Ubuntu Linux Server

Step 23: Check if sudo is Installed

Type in the following to see if sudo is installed:

dpkg -l sudo

If you get something like what is shown in this picture, then you already have sudo installed:

Command Checks if sudo Package is Installed

Otherwise, if you get the message, dpkg-query: no packages found matching sudo, then you must install sudo.

Command to Check if sudo Package is Installed

To install sudo, type in the following:

apt-get install sudo

Install sudo Package Ubuntu Linux Command Line

Step 24: Get an Email Anytime a User Uses sudo

To receive an email whenever the sudo command is used, type in the following which will create a file with the sudo settings:

echo -e "Defaults mail_always\nDefaults mailto="email@domain.com"" >> /etc/sudoers.d/my_sudoers

Receive Email on Sudo Command Use

Type the following to set appropriate permissions on the file:

chmod 0440 /etc/sudoers.d/my_sudoers

Set Permissions on Sudo File Ubuntu Linux

Step 25: Create new sudo User

Type the following to add a new user:

adduser john

Type in a strong password only you know and hit enter (you will not see the password as you type). Re-enter the password one more time and hit enter again. When you are asked for the user’s Full Name, simply hit enter. Do the same when it asks you for the user’s Room Number, Work Phone, Home Phone, and Other. Then, when you are asked “Is the information correct“, type Y. Then hit Enter on your keyboard.

adduser Ubuntu Linux Command Line New User

Now type the following to add the newly created user to the sudo group:

usermod -a -G sudo john

Add User to Sudo Group Ubuntu Linux

Step 26: Send an Email Upon Server Reboot or Shutdown/Halt

To have the server automatically send an email upon server reboot, cron must be used. Type in the following to implement this:

cat <(crontab -l) <(echo "MAILTO=email@domain.com\n@reboot mail -s \"Server Rebooted - \`hostname\` - \`date \"+\%Y-\%m-\%d \%H:\%M:\%S\"\`\" email@domain.com &> /dev/null") | crontab -

Email on Server Reboot or Shutdown Ubuntu Linux

If you get the message, “no crontab for root“, that is OK. To confirm, the cron job has been correctly created, type in the following:

crontab -l

You should see the following:

@reboot mail -s "Server Rebooted - `hostname` - `date "+\%Y-\%m-\%d \%H:\%M:\%S"`" email@domain.com &> /dev/null

crontab -l Check if Cron Job Created Ubuntu Command

Step 27: Send an Email Upon Server Boot/Startup

In the previous step, we configured the server to send an email upon server reboot; however, this does not mean the server has actually successfully started up again. To make sure of this, we need to configure the server to send a separate email upon booting or starting up. To do so, first type in the following to replace all existing instances of exit 0 with #exit 0 (this comments out existing instances of exit 0):

sed -i -e 's/exit 0/#exit 0/g' /etc/rc.local

Then type in the following which is the command that sends an email once the server boots up:

echo -e "\n\n#Email on server boot\necho | mail -s \"Server Booted - \`hostname\` - \`date \"+%Y-%m-%d %H:%M:%S\"\`\" email@domain.com && exit 0" >> /etc/rc.local

Email on Server Boot Up or Startup Ubuntu Linux

Now, run a test to make sure you are receiving both emails. To do so, reboot the server by typing in the following:

reboot

System Rebooting Command Line Ubuntu Linux

You should receive two emails to the email address you specified earlier.

Emails Upon System Boot and Reboot Ubuntu Linux

Step 28: MySQL InnoDB Infrastructure Cleanup

If this change is not made, the file, ibdata1, may get extremely large. As such, it is easiest to implement this solution from now. To do so, first shut down MySQL by typing in the following:

service mysql stop

service mysql stop Ubuntu Linux Command Line

Now, the my.cnf file (MySQL configuration file) must be edited. Some configuration lines must be added to it. If your my.cnf file is located at /etc/mysql/my.cnf, then type in the following to automatically add the configuration lines to my.cnf:

echo -e "\n[mysqld]\ninnodb_file_per_table\ninnodb_flush_method=O_DIRECT\ninnodb_log_file_size=64M\ninnodb_buffer_pool_size=256M" >> /etc/mysql/my.cnf

MySQL InnoDB ibdata1 Cleanup Ubuntu Linux

Notice above that innodb_buffer_pool_size is four times the size of innodb_log_file_size.

The next thing to do is to delete all ibdata and ib_logfile files from the /var/lib/mysql directory. To do so, type the following:

find /var/lib/mysql/ibdata* /var/lib/mysql/ib_logfile* -type f -exec rm {} \;

Find & Delete ibdata & ib_logfile MySQL InnoDB Files

Now start MySQL up again by typing the following:

service mysql start

service mysql start Ubuntu Linux Command Line

Step 29: Setting Up Web Server Authentication Gate

Via SSH, type in the following:

openssl passwd

Enter in a secure password that is eight characters in length. Re-enter the password to verify. In the above example, I used a very insecure password–password–merely for demonstration purposes.

The terminal will then output an encrypted CRYPT password similar to f3GYSBiVW/IiQ. Copy this, and paste it in notepad for the meantime.

openssl passwd CRYPT Encrypted Password Ubuntu Linux

If you don’t already have the directory, /etc/custom, create it by typing in the following:
mkdir /etc/custom

mkdir Create Directory Folder Ubuntu Command Line

Type in the following command to create a file called pma_pass in the directory /etc/custom/:

nano /etc/custom/pma_pass

Create CRYPT Password File for htaccess

Once the file is open, type in the username you’d like to use followed by a colon followed by the encrypted password you just pasted in notepad:

john:f3GYSBiVW/IiQ.

Custom htaccess Password Nginx Ubuntu Server

Type Ctrl + x to save the changes. Then type Y. Then hit Enter on your keyboard.

Now we have a file that will later allow us to secure designated websites by requiring the username of john and password of password before being granted access to the designated website. If you want to add additional users that may log in the same way, simply add them in the same way on a new line (a new line for each user:encryptedPassword).

Step 30: Install & Secure phpMyAdmin

Type in the following:

apt-get install phpmyadmin

Install phpMyAdmin Nginx LEMP Ubuntu VPS Server

When asked Do you want to continue, type Y. Then hit Enter on your keyboard.

If you are asked about the “web server to reconfigure automatically”, use the Tab key to navigate to OK and hit Enter (without choosing either of the two options).

phpMyAdmin Reconfigure Nginx LEMP Web Server

Next, when you are asked if you want to “configure database for phpmyadmin with dbconfig-common”, Select Yes by using the right/left arrows of your keyboard. Then hit Enter on your keyboard.

Configure phpMyAdmin Database dbconfig-common

Enter in the password for MySQL’s root user (previously configured in Step 7). Then use the Tab key to navigate to OK and hit Enter.

phpMyAdmin Configuration Root MySQL User Password

Enter in a new password for phpMyAdmin. Then use the Tab key to navigate to OK and hit Enter.

phpMyAdmin Password Installation Setup Linux LEMP

When asked about the “web server to reconfigure automatically”, use the Tab key to navigate to Cancel and hit Enter.

phpMyAdmin Reconfigure Nginx LEMP Web Server

Now, we must enable PHP’S mcrypt, which was installed by phpMyAdmin. To do so, type in the following:

php5enmod mcrypt

To increase the maximum file upload size from two megabytes to 128 megabytes and the maximum post size from eight megabytes to 128 megabytes, type in the following:

sed -i -e 's/upload_max_filesize = 2M/upload_max_filesize = 128M/g' /etc/php5/fpm/php.ini && sed -i -e 's/post_max_size = 8M/post_max_size = 128M/g' /etc/php5/fpm/php.ini

Now, restart your PHP processor by typing in the following:

service php5-fpm restart

php5enmod mcrypt service php5-fpm restart Nginx

Now, using your web browser, log in to your Ajenti control panel. Click on Websites. Enter a name like phpMyAdmin and click CREATE.

phpMyAdmin Ajenti V Nginx Ubuntu

Click MANAGE to the right of your newly created website.

Ajenti V Manage phpMyAdmin Website

Uncheck Maintenance mode and change the Path to /usr/share/phpmyadmin. Click FIX FILE PERMISSIONS.

Ajenti V Maintenance Mode Set Path Fix File Permissions

Click on the Domains tab. Click +ADD. Instead of example.com, put in a subdomain of yours with DNS settings already pointed at your web server’s IP address (e.g. php.mydomain.com).

Ajenti V Websites Domains

Ajenti V Websites Add Sub-Domain

Click on the Ports tab. Enable SSL by clicking the box beneath where it says SSL. Change the port from 80 to 443.

Ajenti V Websites Ports SSL phpMyAdmin

Click on the SSL tab. In the SSL certificate path, enter the following:

/etc/custom/ssl/nginx.crt

In the SSL key path, enter the following:

/etc/custom/ssl/nginx.key

Ajenti Websites SSL Certificate Key Paths

Click on the Content tab. Select PHP FastCGI and click +CREATE.

Ajenti V Websites Content PHP FastCGI phpMyAdmin

Click on the Advanced tab. In the Custom configuration box, enter in the following:

location / {
try_files $uri $uri/ =404;
auth_basic "Admin Login";
auth_basic_user_file /etc/custom/pma_pass;
}

Ajenti htaccess Advanced Custom Configuration Nginx

This will secure phpMyAdmin by requiring a user to enter in a valid username and password before even seeing the actual phpMyAdmin login page.

Authentication Required Ajenti Nginx htaccess

Scroll down and click APPLY CHANGES and then wait a moment for the changes to take effect.

Click on the Dashboard. Then click the reboot button to reboot your web server. If you are prompted whether or not you want to reboot, click OK. Wait for your web server to reboot.

Ajenti V Dashboard Reboot Web Server

Open a new tab/window in your browser and navigate to the subdomain address you specified earlier for phpMyAdmin. Make sure you enter the full address with https at the beginning instead of just http. Your browser will warn you that This Connection is Untrusted. Click I Understand the Risks and then click Add Exception….

This Connection is Untrusted SSL Certificate

Click Get Certificate. Make sure Permanently store this exception is checked. Click Confirm Security Exception.

Add Security Exception Permanently Store SSL Get Certificate

Log in to phpMyAdmin with the root MySQL credentials you created in step 7.

phpMyAdmin Login Screen Username Password

After logging in to phpMyAdmin, we need to make sure all of the user accounts have strong passwords. To do so, click on the mysql database on the left side of the screen.

phpMyAdmin Main Screen After Login

Then scroll down and click on user to open the user table.

phpMyAdmin MySQL User Table Passwords

You may see that some of users do not have passwords. If this is the case, you will need to assign passwords to each of these users.

phpMyAdmin MySQL User Table Change Passwords

Go ahead and copy the hashed password of user named root at with the localhost host. The hashed password will be something like *1744M2Q9Q9LJ7E2E5G5U7M8C4TH7UI3N6Y8UJ4R6. Copy your hashed password for the above mentioned user and paste it as a new password for all the users without passwords. Now, all the MySQL users should have good, strong passwords.

phpMyAdmin MySQL User Table Changed Passwords

Now, all you need to do is implement a backup solution and set up your websites.

Troubleshooting

Check Nginx Configuration

If, after this server setup walk through, your server is acting up, you may have to do some troubleshooting. It is always good to see if the Nginx configuration is working fine. Type in the following via SSH to check Nginx’s configuration:

nginx -t

If there are errors related to Nginx’s configuration, you should now see them.

Check Active Internet connections

Make sure different services are running by typing in the following via SSH to check the web server’s active internet connections:

netstat -tap

Find Out / Determine Your Hostname / FQDN

Type in the following:

hostname -f

Reset MySQL / phpMyAdmin Root Password

If you are unable to log in to phpMyAdmin, you must reset the MySQL root password. To do so, via command prompt/SSH, type in the following:

dpkg-reconfigure mysql-server-5.5

Simply enter in a new password for root and then hit Tab and then Enter to accept the changes. You may have to wait a few seconds after hitting Enter, so be patient.

Configure New MySQL Server 5.5 Password Ubuntu Linux Command Line

If you are still unable to log in to phpMyAdmin at this point, then you must do additional troubleshooting.

Further reading: