Linux Server Configuration

Deep dive into Linux server basic configuration, web servers, database servers, mail servers, and file server configuration

Back to Tutorial List

1. Server Configuration Overview

Linux server configuration is an important part of system administration, involving multiple aspects such as server basic settings, network configuration, service installation, and optimization. Correct server configuration ensures stable operation, security, and performance optimization of the server.

1.1 Server Types

  • Web Server: Provides HTTP/HTTPS services, such as Apache, Nginx.
  • Database Server: Provides database services, such as MySQL, PostgreSQL.
  • Mail Server: Provides email sending and receiving services, such as Postfix, Dovecot.
  • File Server: Provides file sharing services, such as NFS, Samba.
  • DNS Server: Provides domain name resolution services, such as BIND.
  • FTP Server: Provides file transfer services, such as vsftpd.
  • SSH Server: Provides remote login services, such as OpenSSH.
  • Proxy Server: Provides proxy services, such as Squid.
  • Application Server: Provides specific application services, such as Tomcat, Node.js.

1.2 Server Configuration Principles

  • Security: configuration firewalls, restrict access, use encryption, etc.
  • Stability: Reasonably configure system parameters, monitor service status.
  • Performance: optimization service configuration, reasonably allocate resources.
  • Maintainability: Use version control, automated configuration, documentation.
  • Scalability: Consider future growth, use modular design.

2. Server Basic Configuration

Server basic configuration is the first step in server deployment, including system installation, network configuration, user management, and basic service configuration.

2.1 System Installation

  • Choose appropriate distribution: Select a suitable Linux distribution based on server using, such as Ubuntu Server, CentOS, Debian, etc.
  • Partition scheme: Reasonably plan disk partitions, such as /boot, /, /home, /var, etc.
  • Minimal installation: Only install necessary software packages to reduce security risks.
  • Update system: Immediately update system patches after installation.

2.2 Network Configuration

# configuration static IP address (Debian/Ubuntu)
sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
    address 192.168.1.100
    netmask 255.255.255.0
    gateway 192.168.1.1
    dns-nameservers 8.8.8.8 8.8.4.4

# configuration static IP address (CentOS/RHEL)
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4

# Restart network service
sudo systemctl restart networking  # Debian/Ubuntu
sudo systemctl restart network  # CentOS/RHEL

# configuration hostname
sudo hostnamectl set-hostname server.example.com

# Edit /etc/hosts file
sudo nano /etc/hosts
127.0.0.1       localhost
192.168.1.100   server.example.com server

2.3 User managementment

# Create admin user
sudo useradd -m -s /bin/bash admin

# Set password
sudo passwd admin

# Add to sudo group
sudo usermod -aG sudo admin  # Debian/Ubuntu
sudo usermod -aG wheel admin  # CentOS/RHEL

# Disable root remote login
sudo nano /etc/ssh/sshd_config
# Change to: PermitRootLogin no

# Restart SSH service
sudo systemctl restart sshd

# configuration sudo passwordless (optional, not recommended)
sudo nano /etc/sudoers
# Add: admin ALL=(ALL) NOPASSWD: ALL

2.4 Basic Service Configuration

# Install necessary tools
sudo apt install vim wget curl htop net-tools  # Debian/Ubuntu
sudo yum install vim wget curl htop net-tools  # CentOS/RHEL

# configuration firewall
sudo ufw enable  # Debian/Ubuntu
sudo systemctl start firewalld && sudo systemctl enable firewalld  # CentOS/RHEL

# configuration time synchronization
sudo apt install ntp  # Debian/Ubuntu
sudo yum install chrony  # CentOS/RHEL
sudo systemctl start ntp && sudo systemctl enable ntp  # Debian/Ubuntu
sudo systemctl start chronyd && sudo systemctl enable chronyd  # CentOS/RHEL

# configuration log management
sudo nano /etc/rsyslog.conf
# configuration log forwarding and store

# configuration scheduled tasks
sudo crontab -e
# Add scheduled tasks, such as backup, update, etc.

3. Web Server Configuration

Web server is one of the most commonly used server types, providing HTTP/HTTPS services for hosting websites and web applications.

3.1 Nginx Configuration

# Install Nginx
sudo apt install nginx  # Debian/Ubuntu
sudo yum install nginx  # CentOS/RHEL

# Start and enable Nginx
sudo systemctl start nginx
sudo systemctl enable nginx

# Check Nginx status
sudo systemctl status nginx

# configuration Nginx virtual host
sudo nano /etc/nginx/sites-available/example.com
server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com;
    index index.html index.php;
    
    location / {
        try_files $uri $uri/ =404;
    }
    
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    }
}

# Enable virtual host
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

# Test Nginx configuration
sudo nginx -t

# Restart Nginx
sudo systemctl restart nginx

# configuration HTTPS (using Let's Encrypt)
sudo apt install certbot python3-certbot-nginx  # Debian/Ubuntu
sudo yum install certbot python3-certbot-nginx  # CentOS/RHEL
sudo certbot --nginx -d example.com -d www.example.com

3.2 Apache Configuration

# Install Apache
sudo apt install apache2  # Debian/Ubuntu
sudo yum install httpd  # CentOS/RHEL

# Start and enable Apache
sudo systemctl start apache2  # Debian/Ubuntu
sudo systemctl start httpd  # CentOS/RHEL
sudo systemctl enable apache2  # Debian/Ubuntu
sudo systemctl enable httpd  # CentOS/RHEL

# Check Apache status
sudo systemctl status apache2  # Debian/Ubuntu
sudo systemctl status httpd  # CentOS/RHEL

# configuration Apache virtual host (Debian/Ubuntu)
sudo nano /etc/apache2/sites-available/example.com.conf

    ServerAdmin admin@example.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    
    
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    


# Enable virtual host
sudo a2ensite example.com.conf
sudo a2enmod rewrite

# Test Apache configuration
sudo apache2ctl configtest  # Debian/Ubuntu
sudo httpd -t  # CentOS/RHEL

# Restart Apache
sudo systemctl restart apache2  # Debian/Ubuntu
sudo systemctl restart httpd  # CentOS/RHEL

# configuration HTTPS (using Let's Encrypt)
sudo certbot --apache -d example.com -d www.example.com

3.3 Web Server Optimization

# Nginx optimization configuration
sudo nano /etc/nginx/nginx.conf
# Add the following configuration in http block
http {
    # Enable gzip compression
    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    
    # configuration cache
    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=cache:10m max_size=10g inactive=60m use_temp_path=off;
    
    # configuration connections
    worker_processes auto;
    worker_connections 1024;
    
    # configuration timeout
    keepalive_timeout 65;
}

# Apache optimization configuration
sudo nano /etc/apache2/mods-available/mpm_prefork.conf  # Debian/Ubuntu
sudo nano /etc/httpd/conf.modules.d/00-mpm.conf  # CentOS/RHEL

    StartServers             5
    MinSpareServers          5
    MaxSpareServers         10
    MaxRequestWorkers      150
    MaxConnectionsPerChild   0


# Enable compression module
sudo a2enmod deflate  # Debian/Ubuntu
sudo nano /etc/httpd/conf/httpd.conf  # CentOS/RHEL
# Add: LoadModule deflate_module modules/mod_deflate.so

# Restart services
sudo systemctl restart nginx  # Nginx
sudo systemctl restart apache2  # Apache (Debian/Ubuntu)
sudo systemctl restart httpd  # Apache (CentOS/RHEL)

4. Database Server Configuration

Database server is an important server type for storing and managing data, providing database services for application data store and retrieval.

4.1 MySQL/MariaDB Configuration

# Install MySQL/MariaDB
sudo apt install mysql-server  # Debian/Ubuntu
sudo yum install mariadb-server  # CentOS/RHEL

# Start and enable service
sudo systemctl start mysql  # Debian/Ubuntu
sudo systemctl start mariadb  # CentOS/RHEL
sudo systemctl enable mysql  # Debian/Ubuntu
sudo systemctl enable mariadb  # CentOS/RHEL

# Security configuration
sudo mysql_secure_installation

# Login to MySQL/MariaDB
mysql -u root -p

# Create database and user
CREATE DATABASE example_db;
CREATE USER 'example_user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON example_db.* TO 'example_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

# configuration remote access
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf  # Debian/Ubuntu
sudo nano /etc/my.cnf  # CentOS/RHEL
# Change to: bind-address = 0.0.0.0

# Allow remote user access
mysql -u root -p
CREATE USER 'example_user'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON example_db.* TO 'example_user'@'%';
FLUSH PRIVILEGES;
EXIT;

# Restart service
sudo systemctl restart mysql  # Debian/Ubuntu
sudo systemctl restart mariadb  # CentOS/RHEL

# configuration firewall
sudo ufw allow 3306  # Debian/Ubuntu
sudo firewall-cmd --permanent --add-port=3306/tcp && sudo firewall-cmd --reload  # CentOS/RHEL

4.2 PostgreSQL Configuration

# Install PostgreSQL
sudo apt install postgresql postgresql-contrib  # Debian/Ubuntu
sudo yum install postgresql-server postgresql-contrib  # CentOS/RHEL

# Initialize database (CentOS/RHEL)
sudo postgresql-setup --initdb

# Start and enable service
sudo systemctl start postgresql
sudo systemctl enable postgresql

# Check PostgreSQL status
sudo systemctl status postgresql

# Switch to postgres user
sudo -u postgres psql

# Create database and user
CREATE DATABASE example_db;
CREATE USER example_user WITH PASSWORD 'password';
GRANT ALL PRIVILEGES ON DATABASE example_db TO example_user;
ALTER USER example_user WITH SUPERUSER;
\q

# configuration remote access
sudo nano /etc/postgresql/12/main/postgresql.conf  # Debian/Ubuntu
sudo nano /var/lib/pgsql/data/postgresql.conf  # CentOS/RHEL
# Change to: listen_addresses = '*'

# configuration access control
sudo nano /etc/postgresql/12/main/pg_hba.conf  # Debian/Ubuntu
sudo nano /var/lib/pgsql/data/pg_hba.conf  # CentOS/RHEL
# Add: host    all             all             0.0.0.0/0               md5

# Restart service
sudo systemctl restart postgresql

# configuration firewall
sudo ufw allow 5432  # Debian/Ubuntu
sudo firewall-cmd --permanent --add-port=5432/tcp && sudo firewall-cmd --reload  # CentOS/RHEL

4.3 Database Optimization

# MySQL/MariaDB optimization configuration
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf  # Debian/Ubuntu
sudo nano /etc/my.cnf  # CentOS/RHEL
[mysqld]
# Basic configuration
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
basedir = /usr
datadir = /var/lib/mysql

# Performance optimization
key_buffer_size = 256M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
query_cache_limit = 1M
query_cache_size = 16M
max_connections = 100

# Restart service
sudo systemctl restart mysql  # Debian/Ubuntu
sudo systemctl restart mariadb  # CentOS/RHEL

# PostgreSQL optimization configuration
sudo nano /etc/postgresql/12/main/postgresql.conf  # Debian/Ubuntu
sudo nano /var/lib/pgsql/data/postgresql.conf  # CentOS/RHEL
# Performance optimization
shared_buffers = 256MB
work_mem = 16MB
maintenance_work_mem = 128MB
effective_cache_size = 768MB
random_page_cost = 4.0
effective_io_concurrency = 2

# Restart service
sudo systemctl restart postgresql

5. Mail Server Configuration

Mail server is a server type that provides email sending and receiving services, used for enterprise and personal email communication.

5.1 Postfix + Dovecot Configuration

# Install Postfix and Dovecot
sudo apt install postfix dovecot-core dovecot-imapd dovecot-pop3d  # Debian/Ubuntu
sudo yum install postfix dovecot  # CentOS/RHEL

# configuration Postfix
sudo nano /etc/postfix/main.cf
# Basic configuration
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8
relay_domains = 

# configuration Dovecot
sudo nano /etc/dovecot/dovecot.conf
# Basic configuration
protocols = imap pop3 lmtp
listen = *

# configuration mailbox location
sudo nano /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir

# configuration authentication
sudo nano /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login

# Restart services
sudo systemctl restart postfix
sudo systemctl restart dovecot

# configuration firewall
sudo ufw allow 25/tcp  # SMTP
sudo ufw allow 143/tcp  # IMAP
sudo ufw allow 993/tcp  # IMAPS
sudo ufw allow 110/tcp  # POP3
sudo ufw allow 995/tcp  # POP3S

# Create mail user
sudo useradd -m -s /bin/bash user1
sudo passwd user1

5.2 Mail Server Security

# configuration SPF record (in DNS)
example.com. IN TXT "v=spf1 mx ~all"

# configuration DKIM
sudo apt install opendkim opendkim-tools  # Debian/Ubuntu
sudo yum install opendkim  # CentOS/RHEL

# configuration OpenDKIM
sudo nano /etc/opendkim.conf
# Basic configuration
Domain                  example.com
KeyFile                 /etc/opendkim/keys/example.com/mail.private
Selector                mail
SOCKET                  inet:8891@localhost

# Create DKIM keys
sudo mkdir -p /etc/opendkim/keys/example.com
sudo opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s mail
sudo chown opendkim:opendkim /etc/opendkim/keys/example.com/*

# configuration Postfix to use DKIM
sudo nano /etc/postfix/main.cf
# Add the following configuration
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

# Restart services
sudo systemctl restart opendkim
sudo systemctl restart postfix

# configuration DMARC record (in DNS)
_dmarc.example.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@example.com"

# Test mail server
telnet mail.example.com 25
EHLO example.com
MAIL FROM:
RCPT TO:
DATA
Subject: Test Email

This is a test email.
.
QUIT

6. File Server Configuration

File server is a server type that provides file sharing services, used for sharing files and resources in a network.

6.1 NFS Configuration

# Install NFS server
sudo apt install nfs-kernel-server  # Debian/Ubuntu
sudo yum install nfs-utils  # CentOS/RHEL

# Create shared directory
sudo mkdir -p /srv/nfs/share

# Set permissions
sudo chown nobody:nogroup /srv/nfs/share
sudo chmod 777 /srv/nfs/share

# configuration NFS shares
sudo nano /etc/exports
/srv/nfs/share 192.168.1.0/24(rw,sync,no_subtree_check)

# Export shares
sudo exportfs -a

# Start and enable service
sudo systemctl start nfs-kernel-server  # Debian/Ubuntu
sudo systemctl start nfs-server  # CentOS/RHEL
sudo systemctl enable nfs-kernel-server  # Debian/Ubuntu
sudo systemctl enable nfs-server  # CentOS/RHEL

# configuration firewall
sudo ufw allow nfs  # Debian/Ubuntu
sudo firewall-cmd --permanent --add-service=nfs && sudo firewall-cmd --reload  # CentOS/RHEL

# Client mounting
sudo apt install nfs-common  # Debian/Ubuntu client
sudo yum install nfs-utils  # CentOS/RHEL client
sudo mkdir -p /mnt/nfs/share
sudo mount server_ip:/srv/nfs/share /mnt/nfs/share

# Permanent mount (client)
sudo nano /etc/fstab
server_ip:/srv/nfs/share /mnt/nfs/share nfs defaults 0 0

6.2 Samba Configuration

# Install Samba
sudo apt install samba  # Debian/Ubuntu
sudo yum install samba  # CentOS/RHEL

# Create shared directory
sudo mkdir -p /srv/samba/share

# Set permissions
sudo chown nobody:nogroup /srv/samba/share
sudo chmod 777 /srv/samba/share

# configuration Samba
sudo nano /etc/samba/smb.conf
# Add the following configuration
[share]
    comment = Samba Share
    path = /srv/samba/share
    browseable = yes
    writable = yes
    guest ok = yes
    read only = no

# Restart Samba service
sudo systemctl restart smbd  # Debian/Ubuntu
sudo systemctl restart smb  # CentOS/RHEL
sudo systemctl enable smbd  # Debian/Ubuntu
sudo systemctl enable smb  # CentOS/RHEL

# configuration firewall
sudo ufw allow samba  # Debian/Ubuntu
sudo firewall-cmd --permanent --add-service=samba && sudo firewall-cmd --reload  # CentOS/RHEL

# Add Samba user
sudo smbpasswd -a user1

# Test Samba configuration
sudo testparm

7. Server Monitoring

Server monitoring is an important part of server management, helping administrators discover server anomalies, performance bottlenecks, and security issuess in a timely manner.

7.1 Basic Monitoring Tools

# Install basic monitoring tools
sudo apt install htop iotop nethogs sysstat  # Debian/Ubuntu
sudo yum install htop iotop nethogs sysstat  # CentOS/RHEL

# Use htop to monitor system status
top
htop

# Use iotop to monitor disk I/O

# Use nethogs to monitor network traffic

# Use sar to view system historical data
sar -u 1 5  # CPU using
sar -r 1 5  # Memory using
sar -b 1 5  # Disk I/O status
sar -n DEV 1 5  # Network traffic status

# configuration sysstat (CentOS/RHEL)
sudo nano /etc/sysconfig/sysstat
# Change to: ENABLED="true"

# Restart sysstat service
sudo systemctl restart sysstat
sudo systemctl enable sysstat

7.2 advanced Monitoring Tools

# Install Netdata (real-time monitoring)
bash <(curl -Ss https://my-netdata.io/kickstart.sh)

# Access Netdata
# http://server_ip:19999

# Install Prometheus and Grafana
sudo apt install prometheus grafana  # Debian/Ubuntu
sudo yum install prometheus grafana  # CentOS/RHEL

# Start and enable services
sudo systemctl start prometheus grafana-server
sudo systemctl enable prometheus grafana-server

# Access Grafana
# http://server_ip:3000

# Install Zabbix
sudo apt install zabbix-server-mysql zabbix-frontend-php zabbix-agent  # Debian/Ubuntu
sudo yum install zabbix-server-mysql zabbix-web-mysql zabbix-agent  # CentOS/RHEL

# configuration Zabbix database
mysql -u root -p
CREATE DATABASE zabbix character set utf8 collate utf8_bin;
CREATE USER 'zabbix'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost';
FLUSH PRIVILEGES;
EXIT;

# Import Zabbix database schema
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql -u zabbix -p zabbix

# configuration Zabbix server
sudo nano /etc/zabbix/zabbix_server.conf
# Change to: DBPassword=password

# Start and enable services
sudo systemctl start zabbix-server zabbix-agent
sudo systemctl enable zabbix-server zabbix-agent

# Access Zabbix
# http://server_ip/zabbix

8. Server Automated Configuration

Server automated configuration is an important means to improve server management efficiency, reducing manual operations and improving configuration consistency and reliability.

8.1 Shell Script Automation

# Create automated script
sudo nano /root/server-setup.sh
#!/bin/bash

# Variable definitions
SERVER_NAME="server.example.com"
ADMIN_USER="admin"

# Update system
echo "Updating system..."
sudo apt update && sudo apt upgrade -y

# Install necessary tools
echo "Installing necessary tools..."
sudo apt install -y vim wget curl htop net-tools ufw fail2ban

# configuration firewall
echo "Configuring firewall..."
sudo ufw enable
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

# Create admin user
echo "Creating admin user..."
sudo useradd -m -s /bin/bash $ADMIN_USER
echo "$ADMIN_USER:password" | sudo chpasswd
sudo usermod -aG sudo $ADMIN_USER

# configuration SSH
echo "Configuring SSH..."
sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sudo systemctl restart sshd

# configuration hostname
echo "Configuring hostname..."
sudo hostnamectl set-hostname $SERVER_NAME

echo "Server initialization completed!"

# Set script execution permission
chmod +x /root/server-setup.sh

# Execute script
./server-setup.sh

8.2 Ansible Automation

# Install Ansible
sudo apt install ansible  # Debian/Ubuntu
sudo yum install ansible  # CentOS/RHEL

# Create Ansible configuration
sudo nano /etc/ansible/hosts
# Add hosts
[servers]
server1 ansible_host=192.168.1.100
server2 ansible_host=192.168.1.101

# Create Ansible playbook
sudo nano server-setup.yml
---
- hosts: servers
  become: yes
  tasks:
    - name: Update system
      apt:
        update_cache: yes
        upgrade: dist
      when: ansible_os_family == "Debian"

    - name: Install necessary tools
      apt:
        name:
          - vim
          - wget
          - curl
          - htop
          - net-tools
          - ufw
          - fail2ban
        state: present
      when: ansible_os_family == "Debian"

    - name: configuration firewall
      ufw:
        state: enabled
        rule: allow
        port: "{{ item }}"
      with_items:
        - ssh
        - http
        - https

    - name: Create admin user
      user:
        name: admin
        shell: /bin/bash
        groups: sudo
        append: yes
        state: present

    - name: configuration SSH
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin'
        line: 'PermitRootLogin no'
      notify: Restart SSH

  handlers:
    - name: Restart SSH
      service:
        name: sshd
        state: restarted

# Execute Ansible playbook
ansible-playbook -k server-setup.yml

9. Server Configuration Practice

9.1 Case Objective

configuration a complete web server environment, including Nginx, MySQL, and PHP, for hosting websites.

9.2 Implementation Steps

9.2.1 System Preparation

# Update system
sudo apt update && sudo apt upgrade -y

# Install necessary tools
sudo apt install -y vim wget curl htop net-tools ufw fail2ban

# configuration firewall
sudo ufw enable
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

# configuration time synchronization
sudo apt install -y ntp
sudo systemctl start ntp
sudo systemctl enable ntp

9.2.2 Install Nginx

# Install Nginx
sudo apt install -y nginx

# Start and enable Nginx
sudo systemctl start nginx
sudo systemctl enable nginx

# Check Nginx status
sudo systemctl status nginx

9.2.3 Install MySQL

# Install MySQL
sudo apt install -y mysql-server

# Start and enable MySQL
sudo systemctl start mysql
sudo systemctl enable mysql

# Security configuration
sudo mysql_secure_installation

# Login to MySQL
mysql -u root -p

# Create database and user
CREATE DATABASE website_db;
CREATE USER 'website_user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON website_db.* TO 'website_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

9.2.4 Install PHP

# Install PHP and related extensions
sudo apt install -y php-fpm php-mysql php-cli php-mbstring php-gd php-xml php-curl

# Check PHP version
php -v

# configuration PHP
sudo nano /etc/php/7.4/fpm/php.ini
# Modify the following configuration
# upload_max_filesize = 2M → upload_max_filesize = 10M
# post_max_size = 8M → post_max_size = 12M
# memory_limit = 128M → memory_limit = 256M

# Restart PHP-FPM
sudo systemctl restart php7.4-fpm

9.2.5 configuration Nginx Virtual Host

# Create website directory
sudo mkdir -p /var/www/example.com/public_html

# Set permissions
sudo chown -R www-data:www-data /var/www/example.com/
sudo chmod -R 755 /var/www/example.com/

# Create test page
sudo nano /var/www/example.com/public_html/index.php


# configuration Nginx virtual host
sudo nano /etc/nginx/sites-available/example.com
server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com/public_html;
    index index.php index.html index.htm;
    
    location / {
        try_files $uri $uri/ =404;
    }
    
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    }
    
    location ~ /\.ht {
        deny all;
    }
}

# Enable virtual host
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

# Test Nginx configuration
sudo nginx -t

# Restart Nginx
sudo systemctl restart nginx

9.2.6 configuration HTTPS

# Install Certbot
sudo apt install -y certbot python3-certbot-nginx

# configuration HTTPS
sudo certbot --nginx -d example.com -d www.example.com

# configuration automatic renewal
sudo crontab -e
# Add the following line
0 12 * * * /usr/bin/certbot renew --quiet

10. Interactive Exercises

Exercise 1: Web Server Configuration

Perform the following operations:

  • 1. Install and configure Nginx server.
  • 2. Create a virtual host with domain name example.com.
  • 3. configuration HTTPS using Let's Encrypt certificate.
  • 4. optimization Nginx configuration, enable gzip compression and cache.
  • 5. Test if the web server is run normally.

Exercise 2: Database Server Configuration

Perform the following operations:

  • 1. Install and configure MySQL/MariaDB server.
  • 2. Create a database and user for web application.
  • 3. configuration MySQL/MariaDB remote access.
  • 4. optimization MySQL/MariaDB configuration for better performance.
  • 5. Test if the database connection is normal.

Exercise 3: File Server Configuration

Perform the following operations:

  • 1. Install and configure NFS server.
  • 2. Create a shared directory allowing specific network access.
  • 3. Mount NFS share on client.
  • 4. Install and configure Samba server.
  • 5. Create a Samba share allowing Windows client access.

Exercise 4: Server Monitoring Configuration

Perform the following operations:

  • 1. Install and configure basic monitoring tools (htop, iotop, nethogs).
  • 2. Install and configure Netdata real-time monitoring.
  • 3. Install and configure Prometheus and Grafana.
  • 4. Create Grafana dashboard to monitor server status.
  • 5. Test if the monitoring system is run normally.

Recommended Tutorials

Linux Basics Linux File System Linux Command Line Linux Users and Permissions Linux Process managementment Linux Network Configuration Linux System Administration Linux Security Linux advanced topics View complete Tutorial List