Last year I purchased a CX20 virtual server from Hetzner.com, for some of my other online projects. If you are from Europe, there is a chance that you already heard about Hetzner. If not, you can pay them a visit and see what they offer.
Now, I must tell you that, before deciding my online provider, I have created a short list that consisted of DigitalOcean, Linode, Vultr and Hetzner. I ended up going with Hetzner, as their offers get you more processing power/space/memory for the buck, compared to the others from the list. But, tutorials and how to’s for virtual server setup is where they fall short compared to the other players. Therefore, I decided to write a short how to article on setting up a virtual server based on Debian.
First, you have a large list of choices when it comes to the operating system installed on your virtual server. You can choose from CentOS 6.9 and 7.4, Debian 9.3, Ubuntu 16.04.3 and 17.10 and openSUSE 42.3 and, surprise surprise, Arch Linux.
As you may already know, I am an avid Fedora/openSUSE and Debian user, but I decided to go with Debian 9.1 LAMP (at the time of my purcase) pre-configured on the server, as there was no option, yet, for the latest version of openSUSE 42.3, and the support period for 42.2 is limited. Therefore, Debian all the way, as 9.1 will be supported until 2022, similar to an LTS release. Note that you can change your option afterwards, so you could install whatever system you want from the list above.
Now, after you get all the “paper work” done, and received your confirmation e-mail with your server setup and the team at Hetzner gives you the root login and password, you are good to go, somehow… You will log in into your account with their (very nicely named) robot, and you will have your first interaction with your new virtual server. To get everything working well from the start, you will need to get the Nameserver Robot (which is free for the vServer clients). After your request is processed, you will see that a new "DNS entries" option will be available under the "Main functions" menu. This is the place where you will create new DNS entries and nameservers for your future websites. Now, you will notice that a new DNS entry will cost you 0.59 Euros per year, which is a total bargain. Go for it.
First remote console, first issue: the keyboard layout
After accessing the "Server" entry in the "Main functions" menu, you will select your CX20 server and then you can select the “vServer” tab. There you will have controls over starting, stopping and rebooting your server, and down below you will see a link that says "Start remote console". This will be your first contact with the command line console on your server, and you should use the user and password credentials that you received in your e-mail from the Hetzner team. In my case, after logging in, I have noticed a very unusual problem - the keyboard layout was different than my actual keyboard: it was German. In order to overcome all the problems that this could bring, you will have to reconfigure your keyboard layout. In Debian, in order to do this, you will have to run the following command:
This worked in my case, and an on-screen menu appeared, with very self explanatory options available to set a new layout, which in my case was US. After you do this, you will be good to go and confident that what you type is what you will see on the screen. If it doesn’t work in your case, which I doubt, you should run the command:
Setting up and securing SSH
First, connect remotely to your server using ssh, like:
You will use your credentials and once in, you should perhaps change the root password that was provided by Hetzner and use one that is secure enough and also easy to remember. For this you should use:
Now run a full update on the system with the commands:
Create a new regular user using the command:
Add the new user "alex" to the sudoers using the command, as root:
After that, check to see if alex is a member of sudo group using the command:
By default, the Debian installation on the system does not have sudo installed, so you will have to install in (as root) using the command:
For the changes to take effect and “alex” to be add to the sudo group, you will need to log out and than log back in into the server. For this, issue the command, as root:
Edit the SSH configuration file using:
and make the following changes:
Save the file and then restart the sshd service:
Now, in order for the new ssh port to be allowed by the Firewall, create a new iptables rule, as follows (as root):
These rules just given, are resident in memory, have not been saved into the netfilter configuration file. For this, we could install netfilter-persistent package, with the command:
After installation, the new package asks if you would like to same the current iptables rules to a file called /etc/iptables/rules.v4, giving you some more info on how you could do this with the rules given after the installation of the package. Now, to test the configuration, exit the ssh connection and start a new one, using the new port and the new user name you just created. As a result, you will see that everything is just working fine:
Set up Apache virtual hosts
As LAMP is already installed on the system, I will not discuss the process of installing Apache or MariaDB or PHP, assuming that you already know how to do that, and did it already. Therefore, lets get right to setting up virtual hosts for Apache. I will create two virtual hosts, for two domains that I own: dummy1.ro and dummy2.ro (those are fictive names, I don’t really own these domains, as you could already guess).
Create directory structure
Connect to your server through ssh first, using the example from above. Once you are connected, explore the filesystem and go to the default document root which is in /var/www/html:
Now go back to /var/www as your present working directory and in there, create two directories, for your two domains, as follows:
The new directories created are owned by the root user, and thus we should change and grant permissions for the apache user, in order for it to be able to change content of those directories. For this we will use the following commands:
Right now, we can create demo pages for each virtual host, just until we will download and setup Drupal on each of them. For convenience, we will use the default index.html file in the /var/www/html directory. For this, we will copy that file in the respective directories.
Those files will have to be removed after Drupal 8 is installed. Here are just for exemplification.
Create new virtual hosts files
We will use the Apache’s default virtual host file called 000-default.conf and edit that for our needs. First, lets start with the dummy1.ro domain.
First domain: dummy1.ro
1. Copy the file for the first domain
2. Open the file in vim and start editing
3. Insert and edit the following in the file
Second domain: dummy2.ro
1. Copy the file used for the first domain and make it available for the second domain
2. Open the file in vim and start editing
3. Edit the following text
Enable the new virtual host files
Now that you created the virtual host files, all you have to do is to enable them, using apache commands.
Setting up mariaDB
As LAMP is already installed, it means that mariaDB is already installed on the system. Now, from the command line, I will run the script: mysql_secure_installation logged in as root. The only problem is that it asks for the root password. How can you find the root password for mysql? Well, remember first time you logged in via ssh, that you received a welcome message from the system? There is also a very short text that says:
This server is running LAMP
Thus, you can do a cat command on /passwords.txt to see the mysql root password. That password is quite difficult to remember, and thus you could change it. I did for mine.
In order to change the password, I first check the status of the service, then enter mysql as root user:
Create new mysql users and databases
The final purpose of this virtual sever setup is to host two websites that will be developed on Drupal 8, therefore, I will have to set up drupal databases for the two websites. Here is the output:
Download and setup Drupal 8
Now that all the important configurations have been made, it is time to download Drupal. We will use drupal to develop both websites, so I will show you for both cases.
You will do the same for the second domain, just change the names accordingly.
Test your Drupal installation
To test the drupal installation, into your browser go to:
This will start the drupal installation process. Drupal installation page.
Harden your Apache with SSL
A good thing is to add SSL encryption to your webservers, and I will show you how. First of all, make sure that your firewall will allow requests through ports 80 and 443. For this, execute the following commands:
After that, review the virtual hosts files and make sure that they make no reference to port 443, which in our case, do not (just see above for this matter). Now, we will use the instructions on the official website, using certbot for the job.
Then, run certbot as root:
Now, for information about renewal, see the following website.