Here's a little cheat sheet to get you started on creating and managing your own web server. Its basically a LEMP stack, which is Linux, Nginx, MySQL, and PHP. We will not be covering the mysql part, though its easy to integrate. We will call this a LEP stack..lol. Assuming your on ubuntu (im on LTS 20, but this should work on down) lets get started.
-Where ever you purchased your domain, you need to add an A and CNAME record. This can be done in the DNS settings.
-Create a new line/entry and choose,A record. you will use an, @ in the name field, and point it at your servers IP address. This will make sense as you start to do it.
-Create another line/entry and choose CNAME, and set the name to www and the value to @(which is anything)
If you have troulbe with this, hit me up or google the corrct procedure for your domain service.
Once done with the above, you can SSH into your box, if its a new box follow the guide below to secure it if your unfamiliar.
Unless specified, run all following commands as root.
We will use ufw for simplicity, but this can be carried over to iptables, just look up the parallel commands
If it's the first time enabling its important to set everything AND THEN RELOAD the firewall, once you enable the firewall it wont let you back in except for what you have set below. This is especially concerning for things like SSH. Like everything, I learned this the hard way. You might as well, but don't let it discourage you.
-or if you want to/should set a port other than the default 22
We are going to copy the default config file and name it the same as our domain(don't include top level domain or .com). This will preserve the default as well if you need to revert to try again.
Now we will edit our config file
Now check and see if your config file is working correctly with a test. If this fails check to make sure the comments in your sites available config file are correct. Any changes will be live because of the symlink
At this point your web server will dish you out and error but all you need to do now is give it your web site files. You can copy the default nginx welcome screen over into your working directory to show your self it works, but any index file will do. You will need to move your web files over to /var/www/html/ and put them in a directory named after your domain, we do this below. If your files are on your current server skip this step.
Now get your files from your dev environment to this folder, with this as your head directory and index directly inside. The easiest way i found to do this is scp from a windows box
Now for the fancy part. We will symlink our main webpage directory with our /var/www/html/ so all we have to do is push the updated files with the command above and our changes are live to the site. Or if your files were already local, you wont need to move them from where they are
You will simply create a symlink pointing to /var/www/html/yourDomainName. Whether your push the updates or make them locally, you will only need to make the change in one place
Now run the below command to symlink the directory. This will now make your site have content if you didnt add anything in the earlier step. FYI - If you add files in the future, say another webpage, you will need to run this command again to update the symlinked directory so the /var/www/html/yourDomain directory can see the new file or else it wont show up live.
Once done your site should show up when browsed by IP address. If DNS propagation hasn't finished (24 - 48 hours) you will need to wait to reach your box by domain name.
From here I recommend visiting the certBot site and getting instructions to set it up on your box. It is incredibly easy and gives your site HTTPS for free and takes 10 minutes of your time. They have tutorials for all types of configs. We set the box up to accept https when your ready to enable it
EXTRAS
-If you want to remove ufw rules created above
-Then remove the rules you want with
-Where ever you purchased your domain, you need to add an A and CNAME record. This can be done in the DNS settings.
-Create a new line/entry and choose,A record. you will use an, @ in the name field, and point it at your servers IP address. This will make sense as you start to do it.
-Create another line/entry and choose CNAME, and set the name to www and the value to @(which is anything)
If you have troulbe with this, hit me up or google the corrct procedure for your domain service.
Once done with the above, you can SSH into your box, if its a new box follow the guide below to secure it if your unfamiliar.
- First we need to update our repos
sudo apt-get update && apt-get upgrade -y
- Then install nginx
sudo apt install nginx -y
Unless specified, run all following commands as root.
We will use ufw for simplicity, but this can be carried over to iptables, just look up the parallel commands
If it's the first time enabling its important to set everything AND THEN RELOAD the firewall, once you enable the firewall it wont let you back in except for what you have set below. This is especially concerning for things like SSH. Like everything, I learned this the hard way. You might as well, but don't let it discourage you.
- Run this to anble the ufw firewall
ufw enable
- Now add ssh rule to ufw
ufw allow ssh
-or if you want to/should set a port other than the default 22
ufw allow ####/tcp
- Then add http rule
ufw allow http
- Now add https rule
ufw allow https
- show the status of the firewall(What you have set so far, double check)
ufw status
- reload ufw
ufw reload
- install php
sudo apt install php-fpm -y
- Here is where it can get a little in the weeds, but nothing to worry about, you can always wipe and restart
cd /etc/nginx/sites-available/
- List here to see what you have
ls -l
We are going to copy the default config file and name it the same as our domain(don't include top level domain or .com). This will preserve the default as well if you need to revert to try again.
- Go ahead and list the directory again like before and compare
cp default yourDomainNameHere
- Now lets change directory and have a look inside the sites-enabeled directory before we proceed
cd /etc/nginx/sites-enabled/
- List this directory as well and youll see the default config there, we are going to unlink this in the next step
ls -l
- We are now going to unlink the default config's symlink to we can replace it with ours in a couple steps
sudo unlink /etc/nginx/sites-enabled/default
- After running that command list the directory once more and verify its gone
ls -l
Now we will edit our config file
- -You only need to add in the root directory for your site files if you change it
- -You will also need to change the server_name field to include your full domain name. Ex: www.be.com
- -We also uncommeneted the correct portion of the php block, make sure to only choose one
- -We also uncommented the ht access block
- These are the 4 things you need to edit or uncomment to get you going. Here is the command the actually make the edits. (See picture)
nano /etc/nginx/sites-available/yourDomainName
- Once this is finished we will symlink our domain's config to the enabled directory to make our connection live
ln -s /etc/nginx/sites-available/yourDomainNameHere /etc/nginx/sites-enabled/
- We are going to change directory again now to verify our config is in the right place
cd /etc/nginx/sites-enabled/
- And list, you should see it
ls -l
Now check and see if your config file is working correctly with a test. If this fails check to make sure the comments in your sites available config file are correct. Any changes will be live because of the symlink
- Check with this
sudo nginx -t
- If you get success here run a reload of nginx
systemctl reload nginx
At this point your web server will dish you out and error but all you need to do now is give it your web site files. You can copy the default nginx welcome screen over into your working directory to show your self it works, but any index file will do. You will need to move your web files over to /var/www/html/ and put them in a directory named after your domain, we do this below. If your files are on your current server skip this step.
Now get your files from your dev environment to this folder, with this as your head directory and index directly inside. The easiest way i found to do this is scp from a windows box
- On windows machine run this command from cmd(command prompt), administrator permissions not required. It will create the folder on your server machine so don't add it to the end
scp -P #### -r C:\Users\User\Desktop\Your\Shit\yourDomainName [email protected]:/home/user/
Now for the fancy part. We will symlink our main webpage directory with our /var/www/html/ so all we have to do is push the updated files with the command above and our changes are live to the site. Or if your files were already local, you wont need to move them from where they are
You will simply create a symlink pointing to /var/www/html/yourDomainName. Whether your push the updates or make them locally, you will only need to make the change in one place
- create a directory in the www directory
mkdir /var/www/html/yourDomainName
Now run the below command to symlink the directory. This will now make your site have content if you didnt add anything in the earlier step. FYI - If you add files in the future, say another webpage, you will need to run this command again to update the symlinked directory so the /var/www/html/yourDomain directory can see the new file or else it wont show up live.
- symlink your files
ln -s /home/user/yourDomainName/* /var/www/html/yourDomainName
Once done your site should show up when browsed by IP address. If DNS propagation hasn't finished (24 - 48 hours) you will need to wait to reach your box by domain name.
From here I recommend visiting the certBot site and getting instructions to set it up on your box. It is incredibly easy and gives your site HTTPS for free and takes 10 minutes of your time. They have tutorials for all types of configs. We set the box up to accept https when your ready to enable it
EXTRAS
-If you want to remove ufw rules created above
ufw status numbered
-Then remove the rules you want with
ufw delete #
Last edited: