How to Install, Configure and Secure Your Own Website Server From Scratch

If you’ve ever owned or run a website you’ll be familiar with one
important part of it: quality hosting, good servers. And whilst there’s a huge number of hosting companies available, finding the best option can
sometimes be tricky. This intermediate level tutorial will help you understand hosting with a VPS or dedicated server.

Who is This For?

If you are not a developer, Themeforest author, or have a basic understanding of managing servers, this post is not for you. I highly suggest you buy
a perfectly adequate, ready-to-use, professional solution with pre-made tools.

However, if your task requires more resources than the average
WordPress website, you’d be wise to consider switching from hosting to VPS or Dedicated
server. And don’t think you will have to pay $5,000 per month to get either of these options–prices are much lower than you’d think, and the positive impact is much higher.

When Should You Consider Upgrading Your Hosting?

At what point does it become clear that your hosting is becoming cramped? There is no absolute limit or perfectly correct answer to this. But you can make
the right decision if you answer these questions:

  • Does your website have heavy traffic?
  • Do you want more reliability and security?
  • Do you want better control and server root access?
  • Are you prepared to solve your server issues
    without help or support? A significant downside is that you probably won’t have any
    support, and you will have to do several things yourself: install web and
    database server software, keep everything updated and, of course, configure all
    of the applications in a (mostly) Linux-based environment, via a command line interface.

What to Choose?

At this point let’s assume you want something more than a Shared Hosting solution–but
what to choose? VPS or a dedicated server?

  • A VPS
    (Virtual Private Server)
    is an affordable way to get as much
    flexibility as you need, though you’ll still share the server with others via
    “virtualization”. It’s better than shared hosting, but not the best option
    available.
  • A Dedicated server
    is almost the same as a VPS, but instead of sharing hardware resources with
    others via virtualization, you get to use all of the computer for your website, exclusively.

The installation and configuration process is almost the
same for both the VPS and dedicated server.

What We’ll Cover in This Article

Let’s jump to
the core of this article. We’ll be covering quite a bit:

  • Preparation
  • Installation
  • Server access
  • Installing Apache with Let’s Encrypt (SSL HTTPS),
    PHP7, and MySQL server
  • Updating PHP
  • Installing phpMyadmin and securing it
  • Reviving the site
  • Updating the OS
  • SSL renewal
  • Troubleshooting
  • Conclusion

Preparation

As this article is about the installation and configuration of an already existing VPS/Dedicated server, at this point you should already have the
server (in its default state). I will not point to any particular server providers, my
personal choice is ovh.ie, but you are free to choose whichever server provider
you want. The only thing I recommend before making your decision is: ensure your server
provider has strong global Infrastructure, i.e. presence on at least five continents (sorry Antarctica). The more presence it has, the more value you’re likely to get from its resources and price range. 

Most server providers will let you
choose where you need your server’s physical presence. This is important, as the closer your server is to your targeted country or region, the faster your
site load and performance. 

Before
purchasing the server you should also think about CDN (content delivery network) availability. If
your website has many files which you’ll be serving to a broad global audience, a CDN is required to increase your website’s performance. You can always get the separate CDN solution, so this doesn’t necessarily impact your server choice.

Installation

After you have purchased a server you will receive it as a bare
server with the default operating system. There will be no cPanel, no Plesk panel, the only information you will get is:

  • VPS’s IPv4 address
  • VPS’s IPv6 address
  • VPS name
  • Username/ Password

No link, no admin panel: nothing! First let’s check what operating system is
installed by default, you can see it in your server provider user control panel
(not your server control panel). It will likely be one of the following:

  • Arch Linux (64 bits)
  • Centos 6
    (64 bits)
  • Centos 7
    (64 bits)
  • Cpanel on
    CentOS 6 (64 bits)
  • Debian 7
    (Wheezy) (64 bits)
  • Debian 8
    (Jessie) (64 bits)
    Debian 9
    (Stretch) (64 bits)
  • Docker on Ubuntu 14.04 Server
  • Docker on Ubuntu 16.04 Server
  • Drupal (64 bits)
  • Fedora 26 (64 bits)
  • Joomla! (64 bits)
  • Kubuntu 14.04 Desktop
  • LAMP 1.0 (64 bits)
  • OpenVPN on Debian 8
  • Parallels
    Plesk 12 on Centos 6
    Parallels
    Plesk 12 on Ubuntu 14.04
  • Plesk on Debian 8 (64 bits)
  • Prestashop (64 bits)
  • Ubuntu
    14.04 Server
  • Ubuntu
    16.04 Server
    Ubuntu
    18.04 Server
  • VestaCP on Debian 8
  • Virtualmin on Debian 8
  • WordPress
    (64 bits)

Wow! This is a big list of operating systems. I have personally tried those listed in bold. In general, the configuration process and instructions are the
same for all, though there may be some syntax differences for the OS commands. My personal choice
is Ubuntu 16.04 or Ubuntu 18.04, so I’ll demonstrate the full process for these two.

If your default OS is different, I recommend installing Ubuntu 16.04. You can do this from your VPS/Server provider admin
panel by selecting the OS you need from the list. The process shouldn’t take more
than ten minutes and, once done, you will be given new server access information.

You may ask why I recommend installing Ubuntu 16.04 if
the 18.04 version is already available. There are two main reasons for this:

  • At some point you will need to update your OS to a newer version, and here I want to show you how you can do it, even with existing websites.
  • If for some reason you can’t update the OS, I
    want to show you how you can update your PHP to the latest available version on Ubuntu 16.04.

Server Access

So how you can access your server? This depends on your
personal computer OS, and version.

For Windows 10, since 2015, you can connect to a
Secure Shell server
(SSH) without installing any
third-party software.

For Windows all versions there is very simple
tool for that: PuTTY. PuTTY is an SSH
and telnet client. PuTTY is open source software developed and supported by a group of volunteers.

If you are on Mac OS you have several options:

  • Using the built-in SSH client in Mac OS.
  • Running SSH from the terminal command line.
  • Cyberduck on
    Mac is a solid, well-known SSH client, that is quite popular.

I am running Windows 10, and my personal choice is PuTTY. So, begin by opening up your SSH client.

PuTTY

As you can see we need to enter our host name or IP address (make sure the connection type is SSH). After OS installation you
will receive, by email, the required information to access your server:

  • VPS’s IPv4 address
  • VPS’s IPv6 address
  • VPS name
  • Username/ Password

Copy the VPS name you received, paste it in the Host name field,
then press Open.

puTTY login

A black modal window will open with the prompt “Login as:”. Type your username and press Enter.

You will be asked to type your password (when typing
password you will not see the typing process itself, for security
reasons) then press Enter.

If you’ve done everything correctly, you should login and
see a screen similar to this:

login screen

This article isn’t about how to use Linux with all its various commands, so I won’t explain each one we use here. Here is a list of common Linux commands that you can
explore further. But by following the instructions I outline here you will complete
the following tasks: installation, configuration, securing and updating the dedicated server.

Install Apache with Let’s Encrypt (SSL HTTPS), PHP7, and MySQL server

Type clear and press Enter. It will clear the screen. To check which OS version we have right now type lsb_release –a and press Enter. If you followed all the steps in the installation
part of this article you will see that you have the Ubuntu 16.04 version installed

At this point we have two options: continue with the existing OS
version or update it to the most current version. Right now let us
continue with the existing version.

Now we will install the Apache server
with PHP7 and MySQL server, but first let’s update the current system (not the
OS version).

Type sudo apt-get update and press Enter

Then sudo apt-get upgrade and press Enter.

You may be asked to confirm usage of additional disk space
for updates, so press Y and Enter.

Next you may be asked to take action on a configuration file–choose the default action and continue. After that, type sudo apt-get install apache2 mysql-server php and press Enter. Lastly, again confirm disk space usage with
Y and Enter.

MySQL Password

Enter a password for your MySQL user (make sure it is strong enough),
and repeat it in the next step. When the process finishes you will be the proud owner of a fresh Apache
server + Mysql server and PHP version 7.

If you already have a domain linked with your current server, go to your domain. If not, enter in the browser window your VPS’s IPv4 address and you will see something similar to this:

New Apache server

SSL

Look at the browser window address field. You’ll notice your site uses the http protocol, not https. We need to install and
activate the SSL certificate, so let’s use the Let’s
Encrypt
 free, automated, and open Certificate Authority. We’ll take it from the repo at https://github.com/letsencrypt, but first we will need to install the Git app.

Open again your command line client and type sudo apt-get install git and press Enter.

Now type git clone https://github.com/letsencrypt/letsencrypt. With Letsencrypt installed, now let us navigate to the
letsencrypt folder by typing cd letsencrypt/ and pressing Enter.

Then type ./letsencrypt-auto Let the process do the rest, it can take a couple of minutes until a dialog box appears with text:

Here I want to
make a note: if you are using the VPS domain placeholder, i.e. your hostname or
IPv4 address you may have issues with letsencrypt. You might see:

To solve this issue enter your final domains.

Assuming no more issues continue on by entering your email address, then agree with letsencrypt terms.

A new dialog box will open asking you to choose
if the https access is required or optional (i.e. can users still access your
links with http, or should all links be redirected to the https) I highly recommend choosing the second option. If you’ve done everything correctly you will see
a new dialog box with a success message. Press Enter and restart
the Apache server by typing sudo systemctl restart apache2. Now if you visit your page you should see that the https is active:

we have https

Later on I will show you how you can renew your
certificate, because a letsencrypt certificate is, by default, valid for just 90 days.

Update PHP

According to WordPress requirements the minimum PHP version we need is 7.2 at the
time of writing. If you check the PHP version on Ubuntu 16.04 you will see that
it is 7.0, 7.0.30 or 7.1. To run that check type in the SSH client: php -v

Before we update our PHP we will need to check the PHP modules installed. To do that type: sudo dpkg --get-selections | grep -v deinstall
| grep php

Make a screenshot or save the content in a text file: you’ll need to install these modules again after upgrading to PHP 7.2.

Next, we need to update the packages list. Run the following commands to update your packages and
install PHP 7.2 on your server:

Run a check again, to see that you’ve installed PHP 7.2 correctly.

With that done we need to disable the old version and
tell Apache to use PHP 7.2. Type the following:

PHP 7.2 should now be active on your website. The only
thing remaining is to install all the modules we checked before the update.
Check the list you saved before and with the appropriate corrections type the following:

Restart the apache server with sudo systemctl restart apache2

Install phpMyAdmin and Secure it

Great progress! Now you may ask: where do you put your
site, and how do you create databases? Let’s kick things off by installing and securing the phpMyadmin application for better database management.

Note: if you are doing this separately, without having followed all
the previous steps, first update the system: sudo apt-get update

  • To install phpMyAdmin type the following: apt-get install phpmyadmin php-mbstring
    php-gettext
  • For server selection choose apache2
  • Select yes when asked to use dbconfig-common.
  • Set the mysql application password for phpMyAdmin.

And now, if you are using PHP 7.0, not the 7.2, enable the
PHP mcrypt and mbstring extensions (if your PHP is 7.2 mcrypt is no
longer needed).

sudo phpenmod mcrypt

sudo phpenmod mbstring

Restart the apache server: sudo systemctl restart apache2

Now you can access the web interface by visiting your
server’s domain name or public IP address followed by /phpmyadmin.

phpmyadmin

Securing phpMyAdmin

At this stage everyone can type the phpmyadmin address and get
here, so we will need to secure it. How? By adding an additional gateway in
front of the entire application. We will do this by using apache’s built-in .htaccess
authentication and authorization functionalities.

First we will need to enable the use of .htaccess file
overrides, so type the following: nano /etc/apache2/conf-available/phpmyadmin.conf

Place the cursor right after the DirectoryIndex index.php like this, adding Allowoverride All:

Press CTRL + X, press Y, the press Enter.

Restart the apache server: sudo systemctl restart apache2

Now create the .htaccess file by typing: sudo nano /usr/share/phpmyadmin/.htaccess

Enter the following information:

Press CTRL + X, press Y, then press Enter.

Create the .htpasswd file for Authentication

sudo apt-get install apache2-utils

htpasswd -c /etc/phpmyadmin/.htpasswd root

Set the password, and restart the apache server: sudo systemctl restart apache2

Now if you try to access phpmyadmin you will see a
modal box with login and password required:

password for phpmyadmin

Once you enter the login and password (remember this is not
the MySQL user and password) you will be redirected to the usual phpMyAdmin login
page. Enter your MySQL user and password and you have access to all of
your databases.

Revive the Site

Now it is time to put your site onto the server. With the phpMyAdmin
application you can create or import your database through a regular browser. But to
put your site files to the server you will need an FTP client, as there’s no web-based
file manager available to us. 

Choose whichever FTP client you like, I prefer
Filezilla. Using the server root
user access that you were given right at the beginning of the server installation, connect
to your server via FTP using the SFTP protocol. 

Once logged in you will be
directed to the root folder. Here you have no area restrictions, so you can
leave the root folder and get to the root of the server file system. Navigate
to var/www/html; this is the public folder for your website and where you
should upload all your website files. To speed things up you can upload a single zipped file and uncompress it using an SSH command. To do that first let us
install the unzip app by typing in our SSH client: apt-get install unzip. After that type the command unzip archive.zip where “archive” is the exact name of your file.

Now your site files will be unzipped.

Update the OS

I did not specifically update the OS before we placed the
site on the server to show how to update the OS without data loss. Of course,
anything can go wrong, so before updating the OS we will need to make backup of our
website. To do that first we will need to backup the database via phpMyadmin, and backup all the files of the site. The easiest way
is to create an archive of our website files and download it using FTP.

To archive the site first we will need to install the zip app by
typing: apt-get install zip

After this we can run the command: zip -r myarchive.zip myfolder where “myfolder” is the exact name of the site folder.

Download your zip file and your database file–now we are ready to update
the OS. You will need about twenty minutes. If your site is live and you
have visitors do the OS update in a low traffic time.

To update the OS type the following:

That’s it. Once the update has finished you can check your OS version by
typing: lsb_release –a

SSL Renewal

As I already mentioned letsencrypt sets its certificate
expiration date to 90 days, so after that period you will need to update your
certificate. To do so open your SSH client, login and navigate to root: cd root/letsencrypt

  • Stop the apache server with: sudo systemctl stop apache2.service
  • Then type ./letsencrypt-auto certonly
  • Choose 2
  • Enter your domain name
  • And restart the apache server with: sudo systemctl restart apache2

Troubleshooting

Server installation and configuration is complex task–tons
of things can go wrong, and you will need to invest time and patience to solve
issues. During my personal experience I have experienced several issues that I want to
highlight for you:

Limited permissions for the root user. The first time I installed a website on my server
I was given a message that WordPress can’t create the wp-config.php file and images
can’t be displayed. hMy first thought was to change the folder/files
permissions. This was not correct, the issue in fact comes from the root user. You will need to change the owner of the html folder (your public folder). To do
that open your SSH client, login and type: sudo chown -R www-data html

The second issue I had that took a lot of time to solve was that PHP was not parsing on the website, it just displayed
as plain text. If you experience this type the following in the SSH client:

Change the php7.0-fpm to your version.

Conclusion

When I first encountered the server configuration task, I
really missed a tutorial like this. I had to collect information bit by bit, which took a long time and was pretty difficult. I really hope this article helps you.