Building A Droplet LAMP Server

First lesson learned about Digital Ocean; for temporary Droplets using public / private key authentication in SSH for ‘root’ login is not worth it! In fact its a real PITA! But as turning off root access by SSH is strongly recommended there’s really no point anyway. Better to do steps 2 to 7 as a matter of routine.

Once I know that I will keep a Droplet longer term then I will set up an RSA key to authenticate to it using my ‘normal’ account, at least from Braeburn, using the method of configuring public / private key authentication here by running the command ssh-copy-id {remote_host} to install the local machine public key on the remote server.

My build method basically follows this page and this page.

  1. Select the lowest configuration option, nearest available datacentre (London or Amsterdam) and Debian 7.0 x32 as the O/S giving it an appropriate hostname. The root password is emailed, which for a temporary Droplet is fine.
  2. Log in using SSH and use passwd to immediately change the root password to the usual long Rob Roy
  3. Add garrathe as a normal user by running adduser
  4. Configure garrathe as a sudo capable user following the above build page and running visudo and adding the line:

    garrathe ALL=(ALL:ALL) ALL

    in the section

    # User privilege specification
    root ALL=(ALL:ALL) ALL
  5. Log out the root account and log in as me
  6. To make the server more secure open the configuration file

    sudo nano /etc/ssh/sshd_config

    Find the following sections and change the information where applicable:

    Port yyyymmdd
    (use a memorable date e.g. birthday or wedding anniversary)
    Protocol 2
    PermitRootLogin no
    (changing this from yes to no prevents future root login)

    Add these lines to the bottom of the document. AllowUsers will limit login to only the users on that line.

    UseDNS no
    (at this time I’m not sure what this line does?)
    AllowUsers garrathe

  7. Patch using sudo apt-get update to freshen the database of ‘stuff’ followed by an sudo apt-get upgrade to get things patched up to date.
  8. Confirm the name of the packages using apt-cache search {package name}.
  9. Install the AMP using sudo apt-get install apache2 mysql-server php-pear php5-mysql php5 libapache2-mod-php5.
    Info: The last one might be installed by one of the preceding ones and so may be redundante, update when sure.
  10. Confirm that Apache is working by http://{IP address}.
  11. Enter mysql -p in the shell to confirm MySQL is working.
  12. To check whether php is installed and running properly, use sudo nano /var/www/test.php to create a test.php in the /var/www folder with the phpinfo() function exactly as shown:

    # test.php

    Point a browser to http://ip.address/test.php and this should show all your php configuration and default settings.
  13. Optional: To install phpMyAdmin just execute sudo apt-get install phpmyadmin.

2 Replies to “Building A Droplet LAMP Server”

  1. DebLAMP Built On Digital Ocean Droplet
    With the exception of the UseDNS no that I added but commented out until I know what it really does this works a charm!

    So shutdown the server with sudo shutdown -hP now and take a snapshot. 1 cent well spent!

  2. Use DNS Directive in sshd_config
    So now I’ve found out this This directive tells sshd process to check resolved host name for the connected client’s ip address maps back to the very same ip address or not. and that tells me that ssh is double-checking that the connecting host is not being spoofed. Sounds like a good idea to me, so its staying commented out for now. (Which leaves it at the default state of UseDNS yes rather than explicit yes or no.)

Comments are closed.