Written for a 512MB/1GB Ubuntu VPS. I realize this isn't exactly "low end", but this script is made for high traffic sites on a budget. Tip: This is perfect for Digital Ocean's $5/month SSD server.
--
Remove excess packages (apache2, sendmail, bind9, samba, nscd, etc) and install the basic components needed for a light-weight HTTP(S) web server:
- ufw (firewall)
- dash (replaces bash)
- syslogd
- MariaDB (v10, based on MySQL 5.6)
- PHP-FPM (v5.3+ with APC installed and configured)
- nginx (configured for lowend VPS. Change worker_processes in nginx.conf according to number of CPUs)
- git, vim, nano, mc, htop, iftop & iotop
Note: When running the UFW command you must specify a SSH port. Remember, port 22 is the default. It's recommended that you change this from 22 just to save server load from attacks on that port.
cd ~; wget --no-check-certificate https://raw.github.com/marshallford/lowendubuntu/master/setup-ubuntu.sh; chmod +x setup-ubuntu.sh
./setup-ubuntu.sh system
./setup-ubuntu.sh ufw [port]
./setup-ubuntu.sh mariadb
./setup-ubuntu.sh nginx
./setup-ubuntu.sh php
The lowendubuntu scipt includes a sample nginx config files for PHP sites. You can create a basic site shell (complete with nginx vhost) like this:
./setup-ubuntu.sh site example-domain.tld
The script also includes a basic WordPress setup function, just remember to setup and connect a database afterwords.
./setup-ubuntu.sh wordpress example-domain.tld
Hardens openSSH with PermitRoot and PasswordAuthentication
./setup-ubuntu.sh harden_ssh [option #]
1 = All users including root can only login via SSH-keys.
2 = Normal users can login via SSH-keys, root can't login at all.
3 = Root can't login, normal users can use SSH-keys or plain passwords.
4 = Normal users can login with SSH-keys or plain passwords, root can only login via SSH-keys.
Uses git hooks and checkout, supports WordPress installs. (Script Source)
./setup-ubuntu.sh gitdeploy [domain.tld]
Supported only on OpenVZ only, vzfree reports correct memory usage
./setup-ubuntu.sh vzfree
Installs a firewall to protect against bruteforce attacks on ssh and http(s) ports.
./setup-ubuntu.sh fail2ban
Run the classic Disk IO (dd) & Classic Network (cachefly) Test
./setup-ubuntu.sh test
Neat python script to report memory usage per app
./setup-ubuntu.sh ps_mem
Updates Ubuntu/Debian /etc/apt/sources.list to default based on whatever version you are running (Debian is always stable)
./setup-ubuntu.sh apt
./setup-ubuntu.sh info
./setup-ubuntu.sh locale
./setup-ubuntu.sh motd
- Use
ufw statusto get information on your firewall status. - Run
htopto see RAM and CPU usage - By default PHP is configured to max at 156MB
- By default APC is configured to use 48MB for caching.
- To reduce ram usage, you may disable APC by moving or deleting the following file - /etc/php5/conf.d/apc.ini
- Reboot to test that everything is working ok after a boot cycle.
- Delta/Fran
- The_Hatta
- DigitalOcean