If you're an owner of a virtual or dedicated Linux server, you know the hassle with third party tools. They need to be maintained, could break after any upgrade and there is no such thing as "full control". What are you doing next, after you upgraded a heavy software toolchain, leaving you with error 500?
There are several web server management solutions. Well known panels include Plesk (in present) and Confixx (in past). These are all easy to use and include lots of statistics and information as well. Additionally, administrators can create resellers who can create users and so on. But if you just own a dedicated server by yourself, you may prefer control over features, especially if most features are not much of interest.
In this setup, I have used Apache MPM. For this, we:
apt-get install apache2 libapache2-mpm-itk vsftpd php libapache2-mod-wsgi mysql-server a2enmod rewrite ssl macro
In /etc/apache2/apache2.conf, we need to change the following:
<Directory /var/www/> Options -Indexes +FollowSymLinks AllowOverride All Require all granted </Directory>
For vsftp, we need to add / modify following lines to /etc/vsftpd.conf:
write_enable=YES chroot_local_user=YES user_sub_token=$USER local_root=/home/$USER allow_writeable_chroot=YES
Now, web users are jailed into their home directory without shell access and traversal attacks from malicious PHP payloads are prohibited as well.
This is the 000-default.conf in /etc/apache2/sites-available. You should usually leave it exactly how it is, including the line with "www.example.com" (this is because ServerName is mandatory).
ServerSignature Off <Directory /home> Options -Indexes +FollowSymLinks AllowOverride All Require all granted </Directory> <VirtualHost *:80> ServerName www.example.com ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory /usr/lib/cgi-bin> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4" </VirtualHost> </IfModule> <Macro Host $name $domain> <VirtualHost *:80> ServerName $domain DocumentRoot /home/$name/html AssignUserID $name $name CustomLog /home/$name/logs/access.log vhost_combined ErrorLog /home/$name/logs/error.log <Directory /home/$name/html> php_admin_value open_basedir /home/$name/html </Directory> </VirtualHost> </Macro> <Macro SSLHost $name $domain> <VirtualHost *:443> ServerName $domain DocumentRoot /home/$name/html AssignUserID $name $name CustomLog /home/$name/logs/access.log vhost_combined ErrorLog /home/$name/logs/error.log <Directory /home/$name/html> php_admin_value open_basedir /home/$name/html </Directory> SSLCertificateFile /home/$name/cfg/$name.crt SSLCertificateKeyFile /home/$name/cfg/$name.key SSLCertificateChainFile /home/$name/cfg/ca.crt </VirtualHost> </Macro>
001-mydomain.com.conf: For each domain, you can utilize the macros to create vHosts. Have a look at 000-default.conf to understand the path logic and how to set up SSL certificates. For common vHost entries, the macros used here should be sufficient.
Use SSLHost myuser mydomain.com Use Host myuser2 subdomain.mydomain.com
Read more about vHost configuration.
Place the script in /root/webserver.sh. Define $MYSQLROOTPASSWORD in webserver.conf to the password of the MySQL root user (not to be confused with the Linux root user). You should leave it blank if you are running Debian 9 where the root user automatically is authenticated.
Add users with "./webserver.sh useradd <USER>" and then set the password and MySQL password. Both passwords are undefined by default, so you have to change them first. Next, log into this user account via FTP. You probably also want to install phpMyAdmin on your server if you want a web based database administration tool.
Recommended: Use separate passwords for each user and especially separate MySQL and Unix user's passwords. Otherwise, cross access is given once any web application has been breached.
|./webserver.sh||Summary of commandline options|
|./webserver.sh useradd <USER>||
Adds a Unix user and a MySQL user with the name <USER>. The password for both users is undefined and therefore must be changed prior to login.
Note: Four new directories are created in /home/<USER>. "html" is where your website goes. You need to configure your vHosts to point there, "files" usually is a location for files that are not directly accessed by the web server and the "cfg" folder can be used to place files, such as certificates. The folder "logs" can be used to store logs as configured in vHosts.
|./webserver.sh userdel <USER>||Deletes the user with the name <USER>.|
|./webserver.sh userpasswd <USER>||Prompts for password change of <USER>.|
|./webserver.sh dbadd <USER> <DATABASE>||Creates a database called <USER> UNDERSCORE <DATABASE> (e.g. user1_database1) and assigns it to <USER>.|
|./webserver.sh dbdel <USER> <DATABASE>||Deletes the database <USER> UNDERSCORE <DATABASE>.|
|./webserver.sh dbpasswd <USER> <PASSWORD>||
Prompts for password change of MySQL user <USER>.
Note: This is not to be confused with the user password; The MySQL user is separate from the Unix user.
|./webserver.sh reload <apache2|mysql|ftp>||Gracefully restarts either apache2, mysql or ftp. If no parameter is specified, all three services are reloaded.|
|./webserver.sh restart <apache2|mysql|ftp>||Restarts either apache2, mysql or ftp. If no parameter is specified, all three services are restarted.|
|./webserver.sh userlist||Displays all web users.|
|./webserver.sh dblist||Displays all MySQL databases.|
BSD License Agreement
Copyright © , bytecode77
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
CC0 1.0 Universal
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.
For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.
Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related
Rights include, but are not limited to, the following:
- the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;
- moral rights retained by the original author(s) and/or performer(s);
- publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;
- rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;
- rights protecting the extraction, dissemination, use and reuse of data in a Work;
- database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and
- other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.
- Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.
- Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.
Limitations and Disclaimers.
- No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.
- Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
- Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.
- Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.
For more information, please see https://creativecommons.org/publicdomain/zero/1.0/