Debian 7 Wheezy Dedicated Web Server Setup Step by Step
Even more info <a href="http://www.debian.org/releases/stable/amd64/release-notes/ch-whats-new.html"

target= “_ space “rel=”noopener noreferrer” > below. In this message I define a devoted web server arrangement, making use of Debian Wheezy. I picked a very little Debian amd64 web server (standard Debian system and also SSH).
mv/ robot.sh/ robot.sh.bak.
insserv: caution: manuscript’S 99Zrobot’ missing out on LSB overrides as well as tags.

Do a complete system upgrade

apt-get upgrade && & & apt-get- V upgrade

. Update submits data source

As an option: To include shade to typical customer timely: cd/ home/pontikis.
...
force_color_prompt= yes.
...

To include red shade to root timely:

cd/ origin.
nano.bashrc.
nano/ etc/nanorc.
# established const.
established const.

Set up systemd

apt-get set up systemd.
nano/ etc/default/grub.

Change GRUB_CMDLINE_LINUX_DEFAULT including init=/ bin/systemd

GRUB_CMDLINE_LINUX_DEFAULT="nomodeset init=/ bin/systemd".
( Network Time Protocol) apt-get mount ntp. After the zoneinfo data are upgraded, you might require to reboot daemons as well as various other long-running programs to obtain them to make use of the brand-new area details. An usual sign of this trouble is seeing wrong timestamps blended in with the right timestamps in your log documents (e.g./ var/log/syslog).
Include the complying with lines to/ etc/apt/sources.

Retype brand-new UNIX password:. Transforming the customer info for pontikis.
Get in the brand-new worth, or press ENTER for the default.: Christos Pontikis.
Various other []:.
Is the details deal with? [ ... PermitRootLogin no. ... AllowUsers pontikis ...
... systemctl restart
reboot.
To link from workstation to web server maker, include your public secret to web server. # sysctl config. # ipv6 setups( no autoconfiguration ).
net.ipv6.conf.all.accept _ daddy= 0.
net.ipv6.conf.all.accept _ ra= 0.
net.ipv6.conf.all.accept _ ra_defrtr=
0. net.ipv6.conf.all.accept _
ra_rtr_pref= 0. net.ipv6.conf.all.accept _ ra_pinfo= 0.
net.ipv6.conf.all.accept _ source_route
= 0. net.ipv6.conf.all.accept _ reroutes= 0. net.ipv6.conf.all.forwarding= 0.
net.ipv4.tcp _ syncookies= 1.
Simply in instance, default Debian/ etc/sysctl.
See below.: produce a data/ etc/sysctl. # overlook resemble program demands to protect against being component of smurf assaults.
# Uncomment the following line to make it possible for TCP/IP
SYN cookies. # Note: This might influence IPv6 TCP sessions as well.
net.ipv4.tcp _ syncookies= 1.

# ipv6 setups( no autoconfiguration ).

net.ipv6.conf.default.accept _ ra_rtr_pref= 0. net.ipv6.conf.default.accept _
ra_pinfo= 0. net.ipv6.conf.default.accept _ source_route= 0.
net.ipv6.conf.default.accept _ reroutes= 0.
net.ipv6.conf.default.forwarding= 0.
net.ipv6.conf.all.autoconf= 0.
net.ipv6.conf.all.accept _ daddy= 0.
net.ipv6.conf.all.accept _ ra= 0.
net.ipv6.conf.all.accept _ ra_defrtr=
0. net.ipv6.conf.all.accept _
ra_rtr_pref= 0. net.ipv6.conf.all.accept _ ra_pinfo= 0.
net.ipv6.conf.all.accept _ source_route
= 0. net.ipv6.conf.all.accept _ reroutes= 0. net.ipv6.conf.all.forwarding= 0.
... root:[email protected]

- A INPUT!- i eth0-
j ACCEPT.- A INPUT- p tcp- m tcp-- tcp-flags ACK -j ACCEPT.
- A INPUT -p udp -m udp-- sporting activity 53-- dport 1024:65535 -j ACCEPT. -A INPUT -p icmp -m icmp-- icmp-type 0 -j ACCEPT.
- A INPUT -p icmp -m icmp-- icmp-type 3- j ACCEPT. -A INPUT- p icmp -m icmp-- icmp-type 4 -j ACCEPT.
- A INPUT -p icmp -m icmp-- icmp-type 11 -j ACCEPT.
- A INPUT -p icmp -m icmp-- icmp-type 12 -j ACCEPT.
- A INPUT -p tcp -m tcp-- dport 22 -j ACCEPT.
- A INPUT -p tcp -m tcp-- dport 113 -j ACCEPT.
- A INPUT -p icmp -m icmp-- icmp-type 8 -j ACCEPT.
- A INPUT -p tcp -m tcp-- dport 80 -j ACCEPT.
- A INPUT -p tcp -m tcp-- dport 443 -j ACCEPT.
- A INPUT -p tcp -m tcp -m multiport-- dports 25,587 -j ACCEPT. -A INPUT -p tcp -m tcp-- dport 10000:10010- j ACCEPT. -A INPUT -j LOG.
# Generated by iptables-save v1.4.14 on
Fri May 17 20:09:12 2013. * mangle. 48931:39133213]
: POSTROUTING ACCEPT [48931:39133213] DEVOTE. # Completed on Fri May 17 20:09:12 2013. # Generated by iptables-save
v1.4.14 on Fri May 17 20:09:12 2013.
* nat.: PREROUTING ACCEPT [4223:278291]: INPUT ACCEPT [1650:94585]: OUTPUT ACCEPT [2836:192019]: POSTROUTING ACCEPT [2836:192019] DEVOTE. # Completed on Fri May 17 20:09:12 2013.
Develop digital hosts. ServerName www.pontikis.net.< Directory/ var/www/pontikis.
AllowOverride All. Order
<permit, refute. permit from all.. ErrorLog$ AllowOverride All..
APACHE_LOG_DIR
/ pontikis.net _ error.log.

LogLevel advise. CustomLog$ 
/ pontikis.net _ access.log integrated. ErrorDocument 404/ 404/.

SetOutputFilter DEFLATE.

SetEnvIfNoCase Request_URI .
SetEnvIfNoCase Request_URI .
SetEnvIfNoCase Request_URI . pdf$ no-gzip dont-vary.

BrowserMatch ^ Mozilla/4 gzip-only-text/html.
BrowserMatch ^ Mozilla/4 .0 [678] no-gzip.
BrowserMatch  bMSIE!

a2ensite www.pontikis.net.
systemctl reactivate apache2.service.

Awstats log analyzer

Log data should be writable from Apache.: mkdir/ var/log/php.
/ var/log/php/ php_errors. log apt-get mount php5-gd.
nano/ etc/php5/conf.
Harden PHP configuration( setups might differ according to your demands) nano/ etc/php5/conf.

disable_functions = escapeshellarg, escapeshellcmd, passthru, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate.
systemctl reactivate apache2.service.

Set up memcached

apt-get set up memcached php5-memcached.
systemctl reboot apache2.service.
mkdir/ var/www/phpMemcachedAdmin.
cd/ var/www/phpMemcachedAdmin.
wget http://phpmemcacheadmin.googlecode.com/files/phpMemcachedAdmin-1.2.2-r262.tar.gz.
tar -xvzf phpMemcachedAdmin-1.2.2- r262.tar.gz.
chmod +r *.
, include the following (customize them according to your demands)

extensionExpansion apc.so.

apc.enabled= 1.
apc.shm _ dimension= 128M.
apc.ttl= 3600.
apc.user _ ttl= 7200.
apc.gc _ ttl= 3600.
apc.max _ file_size= 1M.
systemctl reboot apache2.service.

Install data source supervisor

mkdir/ var/www/adminer.
to deploy release blog site the new brand-newWeb server chown- R pontikis: pontikis/ var/www.
Information right here. Logwatch analyzes with your system's logs as well as develops a record assessing locations that you define.
#Output= stdout. Result
= mail.
: apt-get mount lynis.

Update submits data source (once more) updatedb.

Even more details <a href="http://www.debian.org/releases/stable/amd64/release-notes/ch-whats-new.html"

target= "_ space "rel="noopener noreferrer" > below. See right here. Information right here. #Output= stdout. Result

= mail.