One place for hosting & domains

      Install

      How To Install WordPress with a Managed Database on Ubuntu 18.04


      A previous version of this tutorial was written by Justin Ellingwood

      Introduction

      WordPress is the most popular CMS (content management system) on the internet. It’s a great choice for getting a website up and running quickly, and after the initial setup, almost all administration can be done through the web frontend.

      WordPress is designed to pull content – including posts, comments, user profiles, and other data – from a database backend. As a website grows and must satisfy more and more traffic, it can eventually outgrow its initial database. To resolve this, one can scale up their database by migrating their data to a machine with more RAM or CPU, but this is a tedious process that runs the risk of data loss or corruption. This is why some WordPress developers choose to build their websites on managed databases, which allow users to scale their database automatically with a far lower risk of data loss.

      In this guide, we’ll focus on setting up a WordPress instance with a managed MySQL database and an Ubuntu 18.04 server. This will require you to install PHP and Apache to serve the content over the web.

      Prerequisites

      In order to complete this tutorial, you will need:

      • Access to an Ubuntu 18.04 server: This server should have a non-root sudo-enabled user and a firewall configured. You can set this up by following our Ubuntu 18.04 initial server setup guide.
      • A managed MySQL database: To provision a Managed MySQL Database from DigitalOcean, see our Managed Databases product documentation. Note that this guide will refer to DigitalOcean Managed Databases in examples, but the instructions provided here should also generally work for managed MySQL databases from other cloud providers.
      • A LAMP stack installed on your server: In addition to a database, WordPress requires a web server and PHP to function correctly. Setting up a complete LAMP stack (Linux, Apache, MySQL, and PHP) fulfills all of these requirements. Follow this guide to install and configure this software. As you follow this guide, make sure that you set up a virtual host to point to a domain name that you own. Additionally, be sure to skip Step 2, as installing mysql-server on your machine will make your managed database instance redundant.
      • TLS/SSL security implemented for your site: If you have a domain name, the easiest way to secure your site is with Let’s Encrypt, which provides free, trusted certificates. Follow our Let’s Encrypt guide for Apache to set this up. Note that this will also require you to obtain a domain name and set up DNS records on your server. Follow this introduction to DigitalOcean DNS for details on how to configure this. Altneratively, if you don’t have a domain name, you use a self-signed certificate for your site.

      When you are finished with the setup steps, log into your server as your non-root user and continue below.

      Step 1 – Adding the MySQL Software Repository and Installing mysql-client

      In order to configure your managed MySQL instance, you will need to install a client that will allow you to access the database from your server. This step will walk you through the process of installing the mysql-client package.

      In many cases, you can just install mysql-client with the apt command, but if you’re using the default Ubuntu repositories this will install version 5.7 of the program. In order to access a DigitalOcean Managed MySQL database, you will need to install version 8.0 or above. To do so, you must first add the MySQL software repository before installing the package.

      Begin by navigating to the MySQL APT Repository page in your web browser. Find the Download button in the lower-right corner and click through to the next page. This page will prompt you to log in or sign up for an Oracle web account. You can skip that and instead look for the link that says No thanks, just start my download. Right-click the link and select Copy Link Address (this option may be worded differently, depending on your browser).

      Now you’re ready to download the file. On your server, move to a directory you can write to:

      Download the file using curl, remembering to paste the address you just copied in place of the highlighted portion of the following command. You also need to pass two command line flags to curl. -O instructs curl to output to a file instead of standard output. The L flag makes curl follow HTTP redirects, which is necessary in this case because the address you copied actually redirects to another location before the file downloads:

      • curl -OL https://dev.mysql.com/get/mysql-apt-config_0.8.13-1_all.deb

      The file should now be downloaded in your current directory. List the files to make sure:

      You will see the filename listed in the output:

      Output

      mysql-apt-config_0.8.13-1_all.deb . . .

      Now you can add the MySQL APT repository to your system's repository list. The dpkg command is used to install, remove, and inspect .deb software packages. The following command includes the -i flag, indicating that you'd like to install from the specified file:

      • sudo dpkg -i mysql-apt-config*

      During the installation, you'll be presented with a configuration screen where you can specify which version of MySQL you'd prefer, along with an option to install repositories for other MySQL-related tools. The defaults will add the repository information for the latest stable version of MySQL and nothing else. This is what we want, so use the down arrow to navigate to the Ok menu option and hit ENTER.

      Selecting mysql-apt-config configuration options

      Following that, the package will finish adding the repository. Refresh your apt package cache to make the new software packages available:

      Next, you can clean up your system a bit and delete the file you downloaded, as you won't need it in the future:

      Note: If you ever need to update the configuration of these repositories, just run the following command to select your new options:

      • sudo dpkg-reconfigure mysql-apt-config

      After selecting your new options, run the following command to refresh your package cache:

      Now that you've added the MySQL repositories, you're ready to install the actual MySQL client software. Do so with the following apt command:

      • sudo apt install mysql-client

      Once that command finishes, check the software version number to ensure that you have the latest release:

      Output

      mysql Ver 8.0.17-cluster for Linux on x86_64 (MySQL Community Server - GPL)

      You're now able to connect to your managed database and begin preparing it to function with WordPress.

      Step 2 – Creating a MySQL Database and User for WordPress

      WordPress uses MySQL to manage and store site and user information. Assuming you have completed all the prerequisite tutorials, you will have already provisioned a managed MySQL instance. Here, we'll take the preparatory step of creating a database and a user for WordPress to use.

      Most managed database providers provide a uniform resource identifier (URI) used for connecting to the database instance. If you're using a DigitalOcean Managed Database, you can find the relevant connection information in your Cloud Control Panel.

      First, click Databases in the left-hand sidebar menu and select the MySQL database you want to use for your WordPress installation. Scroll down to the Connection Details section and copy the link in the host field. Then paste this link into the following command, replacing host_uri with the information you just copied. Likewise, copy the port number in the port field – which will be 25060 on a DigitalOcean Managed Database – and replace port with that number. Additionally, if this is your first time connecting to your managed database and you've not created your own administrative MySQL user, copy the value in the username field and paste it into the command, replacing user:

      • mysql -u user -p -h host_uri -P port

      This command includes the -p flag, which will prompt you for the password of the MySQL user you specified. For a DigitalOcean Managed Database's default doadmin user, you can find this by clicking the show link in the Connection Details section to reveal the password. Copy and paste it into your terminal when prompted.

      Note: If you are not using a DigitalOcean Managed Database, your connection options may differ. If that's the case, you should consult your provider's documentation for instructions on connecting third party applications to your database.

      From the MySQL prompt, create a new database that WordPress will control. You can call this whatever you would like, but we will use the name wordpress in this guide to keep it simple. Create the database for WordPress by typing:

      • CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

      Note: Every MySQL statement must end in a semi-colon (;). Check to make sure this is present if you are running into any issues.

      Next, create a new MySQL user account that you will use exclusively to operate on the new database. Creating single-purpose databases and accounts is a good idea from a management and security standpoint. We will use the name wordpressuser in this guide, but feel free to change this if you'd like.

      Run the following command, but replace your_server_ip with your Ubuntu server's IP address. Be aware, though, that this will limit wordpressuser to only be able to connect from your LAMP server; if you plan to manage WordPress from your local computer, you should enter that machine's IP address instead. Additionally, choose a strong password for your database user:

      • CREATE USER 'wordpressuser'@your_server_ip IDENTIFIED WITH mysql_native_password BY 'password';

      Note: If you do not know what your server's public IP address is, there are a number of ways you can find it. Usually, this is the address you use to connect to your server through SSH.

      One method is to use the curl utility to contact an outside party to tell you how it sees your server. For example, you can use curl to contact an IP-checking tool like ICanHazIP:

      • curl http://icanhazip.com

      This command will return your server's public IP address in your output.

      Then grant this user access to the database you just created. Do so by running the following command:

      • GRANT ALL ON wordpress.* TO 'wordpressuser'@your_server_ip;

      You now have a database and user account, each made specifically for WordPress. Next, you need to flush the privileges so that the current MySQL session recognizes the changes you've made:

      Following that, exit out of MySQL by typing:

      That takes care of configuring your managed MySQL database to function with WordPress. In the next step, you will install a few PHP extensions in order to get more functionality out of the CMS.

      Step 3 – Installing Additional PHP Extensions

      Assuming you followed the prerequisite LAMP stack tutorial, you will have installed a few extensions intended to get PHP to properly communicate with MySQL. WordPress and many of its plugins leverage additional PHP extensions to add additional functionalities.

      To download and install some of the more popular PHP extensions for use with WordPress, run the following command:

      • sudo apt install php-curl php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip

      Note: Each WordPress plugin has its own set of requirements. Some may require you to install additional PHP packages. Check your plugin documentation to see which extensions it requires. If they are available, they can be installed with apt as demonstrated above.

      You will restart Apache to load these new extensions in the next section. If you're returning here to install additional plugins, though, you can restart Apache now by typing:

      • sudo systemctl restart apache2

      Otherwise, continue on to Step 4.

      Step 4 – Adjusting Apache's Configuration to Allow for .htaccess Overrides and Rewrites

      In order for Apache to be able to properly serve your WordPress installation, you must make a few minor adjustments to your Apache configuration.

      If you followed the prerequisite tutorials, you should already have a configuration file for your site in the /etc/apache2/sites-available/ directory. We'll use /etc/apache2/sites-available/your_domain.conf as an example here, but you should substitute the path to your configuration file where appropriate.

      Additionally, we will use /var/www/your_domain as the root directory in this example WordPress install. You should use the web root specified in your own configuration.

      Note: It's possible you are using the 000-default.conf default configuration (with /var/www/html as your web root). This is fine to use if you're only going to host one website on this server. If not, it's best to split the necessary configuration into logical chunks, one file per site.

      Currently, the use of .htaccess files is disabled. WordPress and many WordPress plugins use these files extensively for in-directory tweaks to the web server's behavior.

      Open the Apache configuration file for your website:

      • sudo nano /etc/apache2/sites-available/your_domain.conf

      To allow .htaccess files, you need to set the AllowOverride directive within a Directory block pointing to your document root. Add the following block of text inside the VirtualHost block in your configuration file, being sure to use the correct web root directory:

      /etc/apache2/sites-available/your_domain.conf

      <Directory /var/www/your_domain>
          AllowOverride All
      </Directory>
      

      When you are finished, save and close the file.

      Next, enable mod_rewrite so that you can employ the WordPress permalink feature:

      Before implementing the changes you've just made, check to make sure there aren't any syntax errors in your configuration file:

      • sudo apache2ctl configtest

      The output might have a message that looks like this:

      Output

      AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message Syntax OK

      If you wish to suppress the top line, just add a ServerName directive to your main (global) Apache configuration file at /etc/apache2/apache2.conf. The ServerName can be your server's domain or IP address. However, this is just a message; it doesn't affect the functionality of your site and as long as the output contains Syntax OK, you're all set to continue.

      Restart Apache to implement the changes:

      • sudo systemctl restart apache2

      With that, you're ready to download and set up WordPress itself.

      Step 5 – Downloading WordPress

      Now that your server software is configured, you can install and configure WordPress. For security reasons, it is always recommended to get the latest version of WordPress from their site.

      First, navigate to into a writable directory. /tmp will work for the purposes of this step:

      Then download the compressed release by typing:

      • curl -O https://wordpress.org/latest.tar.gz

      Extract the compressed file to create the WordPress directory structure:

      You will move these files into your document root momentarily. Before doing so, add a dummy .htaccess file so that this will be available for WordPress to use later.

      Create the file by typing:

      • touch /tmp/wordpress/.htaccess

      Also, copy over the sample configuration file to the filename that WordPress actually reads:

      • cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php

      Create an upgrade directory, so that WordPress won't run into permissions issues when trying to do this on its own following an update to its software:

      • mkdir /tmp/wordpress/wp-content/upgrade

      Then copy the entire contents of the directory into your document root. The following command uses a period at the end of the source directory to indicate that everything within the directory should be copied, including hidden files (like the .htaccess file you just created):

      • sudo cp -a /tmp/wordpress/. /var/www/your_domain

      That takes care of downloading WordPress onto your server. At this point, though, you still won't be able to access the WordPress setup interface in your browser. To fix that, you'll need to make a few changes to your server's WordPress configuration.

      Step 6 – Configuring the WordPress Directory

      Before going through the web-based WordPress setup, you need to adjust some items in your WordPress directory. One important configuration change involves setting up reasonable file permissions and ownership.

      Start by giving ownership of all the files to the www-data user and group. This is the user that the Apache web server runs as on Debian and Ubuntu systems, and Apache will need to be able to read and write WordPress files in order to serve the website and perform automatic updates.

      Update the ownership of your web root directory with chown:

      • sudo chown -R www-data:www-data /var/www/your_domain

      Next run the following two find commands to set the correct permissions on the WordPress directories and files:

      • sudo find /var/www/your_domain/ -type d -exec chmod 750 {} ;
      • sudo find /var/www/your_domain/ -type f -exec chmod 640 {} ;

      These should be a reasonable permissions set to start with. Be aware, though, that some plugins and procedures might require additional updates.

      Now, you need to make some changes to the main WordPress configuration file.

      When you open the file, the first order of business will be to replace some secret keys to provide security for your installation. WordPress provides a secure generator for these values so that you do not have to try to come up with good values on your own. These are only used internally, so it won't hurt usability to have complex, secure values here.

      To grab secure values from the WordPress secret key generator, run the following command:

      • curl -s https://api.wordpress.org/secret-key/1.1/salt/

      You will get back unique values that look something like this:

      Warning! It is important that you request unique values each time. Do NOT copy the values shown here!

      Output

      define('AUTH_KEY', '1jl/vqfs<XhdXoAPz9 DO NOT COPY THESE VALUES c_j{iwqD^<+c9.k<J@4H'); define('SECURE_AUTH_KEY', 'E2N-h2]Dcvp+aS/p7X DO NOT COPY THESE VALUES {Ka(f;rv?Pxf})CgLi-3'); define('LOGGED_IN_KEY', 'W(50,{W^,OPB%PB<JF DO NOT COPY THESE VALUES 2;y&,2m%3]R6DUth[;88'); define('NONCE_KEY', 'll,4UC)7ua+8<!4VM+ DO NOT COPY THESE VALUES #`DXF+[$atzM7 o^-C7g'); define('AUTH_SALT', 'koMrurzOA+|L_lG}kf DO NOT COPY THESE VALUES 07VC*Lj*lD&?3w!BT#-'); define('SECURE_AUTH_SALT', 'p32*p,]z%LZ+pAu:VY DO NOT COPY THESE VALUES C-?y+K0DK_+F|0h{!_xY'); define('LOGGED_IN_SALT', 'i^/G2W7!-1H2OQ+t$3 DO NOT COPY THESE VALUES t6**bRVFSD[Hi])-qS`|'); define('NONCE_SALT', 'Q6]U:K?j4L%Z]}h^q7 DO NOT COPY THESE VALUES 1% ^qUswWgn+6&xqHN&%');

      These are configuration lines that you can paste directly into your configuration file to set secure keys. Copy the output you received now.

      Then, open the WordPress configuration file:

      • sudo nano /var/www/your_domain/wp-config.php

      Find the section that contains the dummy values for those settings. It will look something like this:

      /var/www/your_domain/wp-config.php

      . . .
      
      define('AUTH_KEY',         'put your unique phrase here');
      define('SECURE_AUTH_KEY',  'put your unique phrase here');
      define('LOGGED_IN_KEY',    'put your unique phrase here');
      define('NONCE_KEY',        'put your unique phrase here');
      define('AUTH_SALT',        'put your unique phrase here');
      define('SECURE_AUTH_SALT', 'put your unique phrase here');
      define('LOGGED_IN_SALT',   'put your unique phrase here');
      define('NONCE_SALT',       'put your unique phrase here');
      
      . . .
      

      Delete those lines and paste in the values you copied from the command line:

      /var/www/your_domain/wp-config.php

      . . .
      
      define('AUTH_KEY',         'VALUES COPIED FROM THE COMMAND LINE');
      define('SECURE_AUTH_KEY',  'VALUES COPIED FROM THE COMMAND LINE');
      define('LOGGED_IN_KEY',    'VALUES COPIED FROM THE COMMAND LINE');
      define('NONCE_KEY',        'VALUES COPIED FROM THE COMMAND LINE');
      define('AUTH_SALT',        'VALUES COPIED FROM THE COMMAND LINE');
      define('SECURE_AUTH_SALT', 'VALUES COPIED FROM THE COMMAND LINE');
      define('LOGGED_IN_SALT',   'VALUES COPIED FROM THE COMMAND LINE');
      define('NONCE_SALT',       'VALUES COPIED FROM THE COMMAND LINE');
      
      . . .
      

      Next you need to modify some of the database connection settings at the beginning of the file. First, update the 'DB_NAME', 'DB_USER', and 'DB_PASSWORD' fields to point to the database name, database user, and the associated password that you configured within MySQL:

      /var/www/your_domain/wp-config.php

      . . .
      /** The name of the database for WordPress */
      define('DB_NAME', 'wordpress');
      
      /** MySQL database username */
      define('DB_USER', 'wordpressuser');
      
      /** MySQL database password */
      define('DB_PASSWORD', 'password');
      
      . . .
      

      You will also need to replace localhost in the 'DB_HOST' field with your managed database's host. Additionally, append a colon (:) and your database's port number to the host:

      /var/www/wordpress/wp-config.php

      . . .
      
      /** MySQL hostname */
      define( 'DB_HOST', 'managed_database_host:managed_database_port' );
      
      . . .
      

      The last change you need to make is to set the method that WordPress will use to write to the filesystem. Since you've already given the web server permission to write where it needs to, you can explicitly set the filesystem method to direct port. Failure to set this with your current settings would result in WordPress prompting for FTP credentials when you perform certain actions.

      This setting can be added below the database connection settings, or anywhere else in the file:

      /var/www/your_domain/wp-config.php

      . . .
      
      define('FS_METHOD', 'direct');
      . . .
      

      Save and close the file when you are finished.

      After making those changes, you're all set to finish the process of installing WordPress in your web browser. However, there's one more step that we recommend you complete to add an extra layer of security to your configuration.

      At this point, your WordPress installation is communicating with your managed MySQL database. However, there's no guarantee that data transfers between the two machines are secure. In this step, we will configure WordPress to communicate with your MySQL instance over a TLS/SSL connection to ensure secure communications between the two machines.

      To do so, you'll need your managed database's CA certificate. For a DigitalOcean Managed Database, you can find this by once again navigating to the Databases tab in your Control Panel. Click on your database, and find the Connection Details section. There will be a button there that reads Download the CA certificate. Click this button to download the certificate to your local machine.

      Then transfer this file to your WordPress server. If your local machine is running Linux or macOS, you can use a tool like scp:

      • scp /path/to/file/ca-certificate.crt sammy@your_server_ip:/tmp

      If your local machine is running Windows, you can use an alternative tool like WinSCP.

      Once the CA certificate is on your server, move it to the /user/local/share/ca-certificates/ directory, Ubuntu's trusted certificate store:

      • sudo mv /tmp/ca-certificate.crt /usr/local/share/ca-certificates/

      Following this, run the update-ca-certificates command. This program looks for certificates within /usr/local/share/ca-certificates, adds any new ones to the /etc/ssl/certs/ directory, and generates a list of trusted SSL certificates based on its contents:

      • sudo update-ca-certificates

      Then, reopen your wp-config.php file:

      • nano /var/www/your_domain/wp-config.php

      Somewhere in the file, add the following line:

      /var/www/your_domain/wp-config.php

      . . .
      define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);
      . . .
      

      Save and close the file.

      Following that, WordPress will securely communicate with your managed MySQL database.

      Step 8 – Completing the Installation Through the Web Interface

      Now that the server configuration is complete, you can complete the installation through the WordPress web interface.

      In your web browser, navigate to your server's domain name or public IP address:

      https://server_domain_or_IP
      

      Assuming there aren't any errors in your WordPress or Apache configurations, you'll see the WordPress language selection splash page. Select the language you would like to use:

      WordPress language selection

      After selecting your language, you will see the main setup page.

      Select a name for your WordPress site and choose a username (it is recommended not to choose something like "admin" for security purposes). A strong password is generated automatically. Save this password or enter an alternative strong password.

      Enter your email address and select whether you want to discourage search engines from indexing your site:

      WordPress setup installation

      When you click ahead, you will be taken to a page that prompts you to log in:

      WordPress login prompt

      Once you log in, you will be taken to the WordPress administration dashboard:

      WordPress login prompt

      From here, you can begin customizing your new WordPress site and start publishing content. If this is your first time using WordPress, we encourage you to explore the interface a bit to get acquainted with your new CMS.

      Conclusion

      By completing this guide, you will have WordPress installed and ready to use on your server. Additionally, your WordPress installation is dynamically pulling posts, pages, and other content from your managed MySQL database.

      Some common next steps are to choose the permalinks setting for your posts. This setting can be found under Settings > Permalinks. You could also select a new theme in Appearance > Themes. Once you start loading some content into your site, you could also configure a CDN to speed up your site's asset delivery.



      Source link

      How To Install Webmin on Debian 10


      Introduction

      Webmin is a modern web control panel that allows you to administer your Linux server through a browser-based interface. With Webmin, you can manage user accounts, configure DNS settings, and change settings for common packages on the fly.

      In this tutorial, you’ll install and configure Webmin on your server and secure access to the interface with a valid certificate from Let’s Encrypt. You’ll then use Webmin to add new user accounts, and update all packages on your server from the dashboard.

      Prerequisites

      To complete this tutorial, you will need:

      Step 1 — Installing Webmin

      First, we need to add the Webmin repository so that we can install and update Webmin using our package manager. We do this by adding the repository to the /etc/apt/sources.list file.

      Open the file in your preferred editor. Here, we’ll use nano:

      • sudo nano /etc/apt/sources.list

      Then add this line to the bottom of the file to add the new repository:

      /etc/apt/sources.list

       . . . 
      deb http://download.webmin.com/download/repository sarge contrib
      

      Save the file and exit the editor. If you used nano, do so by pressing CTRL+X, Y, then ENTER.

      Next, you’ll add the Webmin PGP key so that your system will trust the new repository. In order to do that, though, you must install the gnupg1 package, which is GNU’s tool for secure communication and data storage.

      Update your server’s package index if you’ve not done so recently:

      Then install gnupg1:

      Following that, download the Webmin PGP key with wget:

      • wget http://www.webmin.com/jcameron-key.asc

      Then add the package key:

      • sudo apt-key add jcameron-key.asc

      Next, update the list of packages again in order to include the now-trusted Webmin repository:

      Then install Webmin:

      Once the installation finishes, you'll be presented with the following output:

      Output

      . . . Webmin install complete. You can now login to https://your_server:10000 as root with your root password, or as any user who can use sudo.

      Note: If you installed and enabled ufw during the prerequisite step, you will need to run the following command in order to allow Webmin through the firewall:

      For extra security, you may want to configure your firewall to only allow access to this port from certain IP ranges.

      Let's secure access to Webmin by adding a valid certificate.

      Step 2 — Adding a Valid Certificate with Let's Encrypt

      Webmin is already configured to use HTTPS, but it uses a self-signed, untrusted certificate. Let's replace it with a valid certificate from Let's Encrypt.

      Navigate to https://your_domain:10000 in your web browser, replacing your_domain with the domain name pointing to your server's IP address.

      Note: When logging in for the first time, you will see an "Invalid SSL" warning. This warning may say something different depending on your browser, but the reason for it is that the server has generated a self-signed certificate. Allow the exception and proceed to your domain so you can replace the self-signed certificate with one from Let's Encrypt.

      You'll be presented with a login screen. Sign in with the non-root user you created while fulfilling the prerequisites for this tutorial.

      Once you log in, the first screen you will see is the Webmin dashboard. Before you can apply a valid certificate, you have to set the server's hostname. Look for the System hostname field and click on the link to the right, as shown in the following figure:

      Image showing where the link is on the Webmin dashboard

      This will take you to the Hostname and DNS Client page. Locate the Hostname field, and enter your Fully-Qualified Domain Name into the field. Then click the Save button at the bottom of the page to apply the setting.

      After you've set your hostname, click on the Webmin dropdown menu in the left-hand navigation bar, and then click on Webmin Configuration.

      From the Webmin Configuration page, select SSL Encryption from the list of icons, and then click on the Let's Encrypt tab. You'll see a screen like the following figure:

      Image showing the Let's Encrypt tab of the SSL Encryption section

      On this page, you'll tell Webmin how to obtain and renew your certificate. Let's Encrypt certificates expire after 3 months, but you can instruct Webmin to automatically attempt to renew the Let's Encrypt certificate every month. Let's Encrypt looks for a verification file on the server, so we'll configure Webmin to place the verification file inside the folder /var/www/your_domain, which is the folder that the Apache web server you configured in the prerequisites uses. Follow these steps to set up your certificate:

      1. Fill in Hostnames for certificate with your FQDN.
      2. For Website root directory for validation file, select the Other Directory button and enter your website's document root. Assuming you followed the prerequisite Apache tutorial this will be /var/www/your_domain.
      3. For Months between automatic renewal section, deselect the Only renew manually option by typing 1 into the input box, and select the radio button to the left of the input box.

      Click the Request Certificate button. After a few seconds, you will see a confirmation screen.

      To use the new certificate, click the Return to Webmin configuration button on the confirmation screen. From that page, scroll down and click the Restart Webmin button. Wait around 30 seconds, and then reload the page and log in again. Your browser should now indicate that the certificate is valid.

      Step 3 – Using Webmin

      You've now set up a secured working instance of Webmin. Let's look at how to use it.

      Webmin has many different modules that can control everything from the BIND DNS Server to something as simple as adding users to the system. Let's look at how to create a new user, and then explore how to update your system's packages using Webmin.

      Managing Users and Groups

      Let's explore how to manage the users and groups on your server.

      First, click the System dropdown menu in the left-hand sidebar, and then click the link for Users and Groups. From here, you can add and manage users and groups.

      Let's create a new user called deploy which you can use to host web applications. When creating a user, you can set options for password expiry, the user's shell, and whether or not they are allowed a home directory.

      To add a user, click Create a new user, which is located at the top of the users table. This displays the Create User screen, where you can supply the username, password, groups and other options. Follow these instructions to create the user:

      1. Fill in Username with deploy.
      2. Select Automatic for User ID.
      3. Fill in Real Name with a descriptive name like Deployment user.
      4. For Home Directory, select Automatic.
      5. For Shell, select /bin/bash from the dropdown list.
      6. For Password, select Normal Password and type in a password of your choice.
      7. Jump down to Primary Group and select New group with same name as user.
      8. For Secondary Group, select sudo from the All groups list. This should automatically be added to the In groups list, but if it isn't press the -> button to add it.

      After making those selections, press Create. This will create the deploy user in short order.

      Next, let's look at how to install updates to our system.

      Updating Packages

      Webmin lets you update all of your packages through its user interface. To update all of your packages, first, click the Dashboard button above the left-hand sidebar, and then locate the Package updates field. If there are updates available, you'll see a link that states the number of available updates.

      Click this link, and then press Update selected packages to start the update. You may be asked to reboot the server, which you can also do through the Webmin interface.

      Conclusion

      You now have a secured working instance of Webmin and you've used the interface to create a user and update packages. Webmin gives you access to many things you'd normally need to access through the console, and it organizes them in an intuitive way. For example, if you have Apache installed, you would find the configuration tab for it under Servers, and then Apache.

      Explore the interface, or read the Official Webmin wiki to learn more about managing your system with Webmin.



      Source link

      How To Install Nagios 4 and Monitor Your Servers on Ubuntu 18.04


      The author selected the Open Source Initiative to receive a donation as part of the Write for DOnations program.

      Introduction

      Nagios is a popular open-source monitoring system. It keeps an inventory of your servers and monitors them so you know your critical services are up and running. Using a monitoring system like Nagios is an essential tool for any production environment, because by monitoring uptime, CPU usage, or disk space, you can head off problems before they occur, or before your users call you.

      In this tutorial, you’ll install Nagios 4 and configure it so you can monitor host resources via Nagios’ web interface. You’ll also set up the Nagios Remote Plugin Executor (NRPE), which runs as an agent on remote hosts so you can monitor their resources.

      Prerequisites

      To follow this tutorial, you will need:

      • Two Ubuntu 18.04 servers set up by following our Initial Server Setup Guide for Ubuntu 18.04, including a non-root user with sudo privileges and a firewall configured with ufw. On one server, you will install Nagios; this tutorial will refer to this as the Nagios server. It will monitor your second server; this second server will be referred to as the second Ubuntu server.
      • The server that will run the Nagios server needs Apache and PHP installed. Follow this guide to configure those on one of your servers. You can skip the MySQL steps in that tutorial.

      Typically, Nagios runs behind a hardware firewall or VPN. If your Nagios server is exposed to the public internet, you should secure the Nagios web interface by installing a TLS/SSL certificate. This is optional but strongly encouraged. You can follow the Let’s Encrypt on Ubuntu 18.04 guide to obtain the free TLS/SSL certificate.

      This tutorial assumes that your servers have private networking enabled so that monitoring happens on the private network rather than the public network. If you don’t have private networking enabled, you can still follow this tutorial by replacing all the references to private IP addresses with public IP addresses.

      Step 1 — Installing Nagios 4

      There are multiple ways to install Nagios, but you’ll install Nagios and its components from source to ensure you get the latest features, security updates, and bug fixes.

      Log in to your server that runs Apache. In this tutorial, we’ll call this the Nagios server:

      • ssh sammy@your_nagios_server_ip

      Because you’re building Nagios and its components from source, you must install a few development libraries to complete the build, including compilers, development headers, and OpenSSL.

      Update your package lists to ensure you can download the latest versions of the prerequisites:

      Then install the required packages:

      • sudo apt install autoconf gcc make unzip libgd-dev libmcrypt-dev libssl-dev dc snmp libnet-snmp-perl gettext

      With the prerequisites installed, you can install Nagios itself. Download the source code for the latest stable release of Nagios Core. Go to the Nagios downloads page, and click the Skip to download link below the form. Copy the link address for the latest stable release so you can download it to your Nagios server.

      Download the release to your home directory with the curl command:

      • cd ~
      • curl -L -O https://github.com/NagiosEnterprises/nagioscore/archive/nagios-4.4.4.tar.gz

      Extract the Nagios archive:

      • tar zxf nagios-4.4.4.tar.gz

      Then change to the extracted directory:

      • cd nagioscore-nagios-4.4.4

      Before building Nagios, run the configure script and specify the Apache configs directory:

      • ./configure --with-httpd-conf=/etc/apache2/sites-enabled

      Note: If you want Nagios to send emails using Postfix, you must install Postfix and configure Nagios to use it by adding --with-mail=/usr/sbin/sendmail to the configure command. We won't cover Postfix in this tutorial, but if you choose to use Postfix and Nagios later, you'll need to reconfigure and reinstall Nagios to use Postfix support.

      You'll see the following output from the configure command:

      Output

      *** Configuration summary for nagios 4.4.4 2019-07-29 ***: General Options: ------------------------- Nagios executable: nagios Nagios user/group: nagios,nagios Command user/group: nagios,nagios Event Broker: yes Install ${prefix}: /usr/local/nagios Install ${includedir}: /usr/local/nagios/include/nagios Lock file: /run/nagios.lock Check result directory: /usr/local/nagios/var/spool/checkresults Init directory: /lib/systemd/system Apache conf.d directory: /etc/apache2/sites-enabled Mail program: /bin/mail Host OS: linux-gnu IOBroker Method: epoll Web Interface Options: ------------------------ HTML URL: http://localhost/nagios/ CGI URL: http://localhost/nagios/cgi-bin/ Traceroute (used by WAP): Review the options above for accuracy. If they look okay, type 'make all' to compile the main program and CGIs.

      Now compile Nagios with this command:

      Next create a nagios user and nagios group. They will be used to run the Nagios process:

      • sudo make install-groups-users

      Now run these make commands to install Nagios binary files, service files, and its sample configuration files:

      • sudo make install
      • sudo make install-daemoninit
      • sudo make install-commandmode
      • sudo make install-config

      You'll use Apache to serve Nagios' web interface, so run the following to install the Apache configuration files and configure its settings:

      • sudo make install-webconf

      Enable the Apache rewrite and cgi modules with the a2enmod command:

      • sudo a2enmod rewrite
      • sudo a2enmod cgi

      In order to issue external commands via the web interface to Nagios, add the web server user, www-data, to the nagios group:

      • sudo usermod -a -G nagios www-data

      Use the htpasswd command to create an admin user called nagiosadmin that can access the Nagios web interface:

      • sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

      Enter a password at the prompt. Remember this password, as you will need it to access the Nagios web interface.

      Warning: If you create a user with a name other than nagiosadmin, you will need to edit /usr/local/nagios/etc/cgi.cfg and change all the nagiosadmin references to the user you created.

      Restart Apache to load the new Apache configuration:

      • sudo systemctl restart apache2

      You've now installed Nagios. But for this to work, it is necessary to install the Nagios Plugins, which you'll cover in the next step.

      Step 2 — Installing the Nagios Plugins

      Nagios needs plugins to operate properly. The official Nagios Plugins package contains over 50 plugins that allow you to monitor basic services such as uptime, disk usage, swap usage, NTP, and others.

      Let's install the the plugins bundle.

      You can find the latest version of the Nagios Plugins on the official site.

      Download it to your home directory with curl:

      • cd ~
      • curl -L -O https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz

      Extract the NRPE archive and navigate into the extracted directory:

      • tar zxf nagios-plugins-<^>2.2.1<^.tar.gz
      • cd nagios-plugins-2.2.1

      Next configure their installation:

      Now build and install the plugins:

      Now the plugins are installed, but you need one more plugin for monitoring remote servers. Let's install it next.

      Step 3 — Installing the check_nrpe Plugin

      Nagios monitors remote hosts using the Nagios Remote Plugin Executor, or NRPE. It consists of two pieces:

      • The check_nrpe plugin that the Nagios server uses.
      • The NRPE daemon, which runs on the remote hosts and sends data to the Nagios server.

      Let's install the check_nrpe plugin on our Nagios server.

      Find the download URL for the latest stable release of NRPE at the GitHub page.

      Download it to your home directory with curl:

      • cd ~
      • curl -L -O https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-3.2.1/nrpe-3.2.1.tar.gz

      Extract the NRPE archive:

      • tar zxf nrpe-3.2.1.tar.gz

      Then change to the extracted directory:

      Configure the check_nrpe plugin:

      Now build and install check_nrpe plugin:

      • make check_nrpe
      • sudo make install-plugin

      Let's configure the Nagios server next.

      Step 4 — Configuring Nagios

      Now let's perform the initial Nagios configuration, which involves editing some configuration files. You only need to perform this section once on your Nagios server.

      Open the main Nagios configuration file in your preferred text editor. Here, you'll use nano:

      • sudo nano /usr/local/nagios/etc/nagios.cfg

      Find this line in the file:

      /usr/local/nagios/etc/nagios.cfg

      ...
      #cfg_dir=/usr/local/nagios/etc/servers
      ...
      

      Uncomment this line by deleting the # character from the front of the line:

      /usr/local/nagios/etc/nagios.cfg

      cfg_dir=/usr/local/nagios/etc/servers
      

      Save and close nagios.cfg by pressing CTRL+X, followed by Y, and then ENTER (if you're using nano).

      Now create the directory that will store the configuration file for each server that you will monitor:

      • sudo mkdir /usr/local/nagios/etc/servers

      Open the Nagios contacts configuration in your text editor:

      • sudo nano /usr/local/nagios/etc/objects/contacts.cfg

      Find the email directive and replace its value with your own email address:

      /usr/local/nagios/etc/objects/contacts.cfg

      ...
      define contact{
              contact_name                    nagiosadmin             ; Short name of user
              use                             generic-contact         ; Inherit default values from generic-contact template (defined above)
              alias                           Nagios Admin            ; Full name of user
              email                           your_email@your_domain.com        ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
      ...
      
      

      Save and exit the editor.

      Next, add a new command to your Nagios configuration that lets you use the check_nrpe command in Nagios service definitions. Open the file /usr/local/nagios/etc/objects/commands.cfg in your editor:

      • sudo nano /usr/local/nagios/etc/objects/commands.cfg

      Add the following to the end of the file to define a new command called check_nrpe:

      /usr/local/nagios/etc/objects/commands.cfg

      ...
      define command{
              command_name check_nrpe
              command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
      }
      

      This defines the name and specifies the command-line options to execute the plugin.

      Save and exit the editor.

      Then start Nagios and enable it to start when the server boots:

      • sudo systemctl start nagios

      Nagios is now running, so let's log in to its web interface.

      Step 5 — Accessing the Nagios Web Interface

      Open your favorite web browser, and go to your Nagios server by visiting http://nagios_server_public_ip/nagios.

      Enter the login credentials for the web interface in the popup that appears. Use nagiosadmin for the username, and the password you created for that user.

      After authenticating, you will see the default Nagios home page. Click on the Hosts link in the left navigation bar to see which hosts Nagios is monitoring:

      Nagios Hosts Page

      As you can see, Nagios is monitoring only "localhost", or itself.

      Let's monitor our other server with Nagios,

      Step 6 — Installing Nagios Plugins and NRPE Daemon on a Host

      Let's add a new host so Nagios can monitor it. You'll install the Nagios Remote Plugin Executor (NRPE) on the remote host, install some plugins, and then configure the Nagios server to monitor this host.

      Log in to the second server, which we'll call the second Ubuntu server:

      • ssh sammy@your_monitored_server_ip

      First create a nagios user which will run the NRPE agent:

      You'll install NRPE from source, which means you'll need the same development libraries you installed on the Nagios server in Step 1. Update your package sources and install the NRPE prerequisites:

      • sudo apt update
      • sudo apt install autoconf gcc libmcrypt-dev make libssl-dev wget dc build-essential gettext

      NRPE requires that Nagios Plugins is installed on the remote host. Let's install this package from source.

      Find the latest release of Nagios Plugins from the downloads page.

      Download Nagios Plugins to your home directory with curl:

      • cd ~
      • curl -L -O https://nagios-plugins.org/download/nagios-plugins-2.2.1.tar.gz

      Extract the Nagios Plugins archive and change to the extracted directory:

      • tar zxf nagios-plugins-2.2.1.tar.gz
      • cd nagios-plugins-2.2.1

      Before building Nagios Plugins, configure them with the following command:

      Now compile the plugins:

      Then install them by running:

      Next, install NRPE daemon. Find the download URL for the latest stable release of NRPE at the GitHub page just like you did in Step 3. Download the latest stable release of NRPE to your monitored server's home directory with curl:

      • cd ~
      • curl -L -O https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-3.2.1/nrpe-3.2.1.tar.gz

      Extract the NRPE archive with this command:

      • tar zxf nrpe-3.2.1.tar.gz

      Then change to the extracted directory:

      Configure NRPE:

      Now build and install NRPE and its startup script with these commands:

      • make nrpe
      • sudo make install-daemon
      • sudo make install-config
      • sudo make install-init

      Now, let's update the NRPE configuration file and add some basic checks that Nagios can monitor.

      First, let's monitor the disk usage of this server. Use the df -h command to look for the root filesystem. You'll use this filesystem name in the NRPE configuration:

      You'll see output similar to this:

      Output

      Filesystem Size Used Avail Use% Mounted on /dev/vda1 25G 1.4G 23G 6% /

      Now open /usr/local/nagios/etc/nrpe.cfg file in your editor:

      • sudo nano /usr/local/nagios/etc/nrpe.cfg

      The NRPE configuration file is very long and full of comments. There are a few lines that you will need to find and modify:

      • server_address: Set to the private IP address of the monitored server.
      • allowed_hosts: Add the private IP address of your Nagios server to the comma-delimited list.
      • command[check_hda1]: Change /dev/hda1 to whatever your root filesystem is called.

      Locate these settings and alter them appropriately:

      /usr/local/nagios/etc/nrpe.cfg

      ...
      server_address=second_ubuntu_server_private_ip
      ...
      allowed_hosts=127.0.0.1,::1,your_nagios_server_private_ip
      ...
      command[check_vda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/vda1
      ...
      

      Save and exit the editor. Now you can start NRPE:

      • sudo systemctl start nrpe.service

      Ensure that the service is running by checking its status:

      • sudo systemctl status nrpe.service

      You'll see the following output:

      Output

      ... Aug 01 06:28:31 client systemd[1]: Started Nagios Remote Plugin Executor. Aug 01 06:28:31 client nrpe[8021]: Starting up daemon Aug 01 06:28:31 client nrpe[8021]: Server listening on 0.0.0.0 port 5666. Aug 01 06:28:31 client nrpe[8021]: Server listening on :: port 5666. Aug 01 06:28:31 client nrpe[8021]: Listening for connections on port 5666 Aug 01 06:28:31 client nrpe[8021]: Allowing connections from: 127.0.0.1,::1,165.22.212.38

      Next, allow access to port 5666 through the firewall. If you are using UFW, configure it to allow TCP connections to port 5666 with the following command:

      You can learn more about UFW in How To Set Up a Firewall with UFW on Ubuntu 18.04.

      Now you can check the communication with the remote NRPE server. Run the following command on the Nagios server:

      • /usr/local/nagios/libexec/check_nrpe -H second_ubuntu_server_ip

      You'll see the following output:

      Output

      NRPE v3.2.1

      Repeat the steps in this section for each additional server you want to monitor.

      Once you are done installing and configuring NRPE on the hosts that you want to monitor, you will have to add these hosts to your Nagios server configuration before it will start monitoring them. Let's do that next.

      Step 7 — Monitoring Hosts with Nagios

      To monitor your hosts with Nagios, you'll add configuration files for each host specifying what you want to monitor. You can then view those hosts in the Nagios web interface.

      On your Nagios server, create a new configuration file for each of the remote hosts that you want to monitor in /usr/local/nagios/etc/servers/. Replace the highlighted word, monitored_server_host_name with the name of your host:

      • sudo nano /usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg

      Add the following host definition, replacing the host_name value with your remote hostname, the alias value with a description of the host, and the address value with the private IP address of the remote host:

      /usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg

      define host {
              use                             linux-server
              host_name                       your_monitored_server_host_name
              alias                           My client server
              address                         your_monitored_server_private_ip
              max_check_attempts              5
              check_period                    24x7
              notification_interval           30
              notification_period             24x7
      }
      

      With this configuration, Nagios will only tell you if the host is up or down. Let's add some services to monitor.

      First, add this block to monitor load average:

      /usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg

      define service {
              use                             generic-service
              host_name                       your_monitored_server_host_name
              service_description             Load average
              check_command                   check_nrpe!check_load
      }
      

      The use generic-service directive tells Nagios to inherit the values of a service template called generic-service, which is predefined by Nagios.

      Next, add this block to monitor disk usage:

      /usr/local/nagios/etc/servers/your_monitored_server_host_name.cfg

      define service {
              use                             generic-service
              host_name                       your_monitored_server_host_name
              service_description             /dev/vda1 free space
              check_command                   check_nrpe!check_vda1
      }
      

      Now save and quit. Restart the Nagios service to put any changes into effect:

      • sudo systemctl restart nagios

      After several minutes, Nagios will check the new hosts and you'll see them in the Nagios web interface. Click on the Services link in the left navigation bar to see all of your monitored hosts and services.

      Nagios Services Page

      Conclusion

      You've installed Nagios on a server and configured it to monitor load average and disk usage of at least one remote machine.

      Now that you're monitoring a host and some of its services, you can start using Nagios to monitor your mission-critical services. You can use Nagios to set up notifications for critical events. For example, you can receive an email when your disk utilization reaches a warning or critical threshold, or a notification when your main website is down. This way you can resolve the situation promptly, or even before a problem occurs.



      Source link