https://www.netcup-wiki.de
https://www.digitalocean.com/community/tutorials/ersteinrichtung-des-servers-mit-ubuntu-18-04-de

-----
!Update
{{
sudo apt update
sudo apt upgrade
}}

-----
!Installation

0. Ubuntu 18.04.3 LTS (Bionic Beaver) (minimal, alles in eine Partition) per DVD installieren
GNU/Linux 4.15.0-70-generic x86_64

0a. Einloggen: ssh root@<IP>

1. Firewall einrichten:
{{
ufw default deny
ufw allow ssh
ufw allow http
ufw allow https
ufw enable
}}

2. User einrichten und zu Gruppe sudo hinzu
{{
adduser <USER>
usermod -aG sudo <USER>
# Login als User
# su - <USER>
}}

{{
sudo apt install mc
}}

3. SSH einrichten
{{
sudo nano /etc/ssh/sshd_config
# PermitRootLogin yes -> PermitRootLogin no
# AllowUsers <USER>

# https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1804
# https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/using-ssh-keys
# wenn SSH-Key hinterlegt
# PasswordAuthentication no

service ssh restart
}}

3a. fail2ban ??

4. Einloggen: ssh <USER>@<IP>

5. nginx ( https://www.digitalocean.com/community/tutorials/so-installieren-sie-nginx-auf-ubuntu-18-04-de )
{{
sudo apt update
sudo apt install nginx
}}

6. Datenbank MariaDB
{{
sudo apt install mariadb-server

sudo mysql_secure_installation
# ENTER
# ENTER
# Root-Passwort für die Datenbank
# wiederholen
# ENTER
# ENTER
# ENTER
# ENTER

sudo mariadb -u root
create user admin@localhost identified by 'PASSWORT';
grant all privileges on *.* to admin@localhost with grant option;
flush privileges;
exit;
}}

7. PHP
{{
sudo apt install php-fpm php-mysql
}}

8. Test-nginx-Serverblock erstellen:
( https://www.digitalocean.com/community/tutorials/so-installieren-sie-nginx-auf-ubuntu-18-04-de )
{{
sudo mkdir -p /var/www/example.com/html
sudo chown -R $USER:$USER /var/www/example.com/html
sudo chmod -R 755 /var/www/example.com
}}

8a. /var/www/example.com/html/index.html
{{
sudo mcedit /var/www/example.com/html/index.html
}}
{{
<html>
    <head>
        <title>Welcome to Example.com!</title>
    </head>
    <body>
        <h1>Success!  The example.com server block is working!</h1>
    </body>
</html>
}}

8b. /etc/nginx/sites-available/example.com
{{
sudo mcedit /etc/nginx/sites-available/example.com
}}
{{
server {
        listen 80;
        listen [::]:80;

        root /var/www/example.com/html;
        index index.html index.htm index.nginx-debian.html;

        server_name example.com www.example.com;

        location / {
                try_files $uri $uri/ =404;
        }
}
}}
{{
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
# in /etc/nginx/nginx.conf reinnehmen:
# server_names_hash_bucket_size 64;
sudo nginx -t
sudo systemctl restart nginx
}}

9. Test-PHP-nginx-Serverblock erstellen:
( https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-ubuntu-18-04 )
( https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mariadb-php-lemp-stack-on-debian-10 )
( https://www.thomas-krenn.com/de/wiki/NGINX_-_LEMP_Server_-_Installation_Ubuntu_18.04 )
{{
sudo mkdir -p /var/www/php-example.com/html
sudo chown -R $USER:$USER /var/www/php-example.com/html
sudo chmod -R 755 /var/www/php-example.com
}}

9a. /var/www/php-example.com/html/info.php
{{
sudo mcedit /var/www/php-example.com/html/info.php
}}
{{
<?php
phpinfo();
}}

9b. /etc/nginx/sites-available/php-example.com
{{
sudo mcedit /etc/nginx/sites-available/php-example.com
}}
{{
server {
        listen 80;
        listen [::]:80;

        root /var/www/php-example.com/html;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name php-example.com www.php-example.com;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }
}
}}
{{
sudo ln -s /etc/nginx/sites-available/php-example.com /etc/nginx/sites-enabled/
sudo systemctl restart nginx
}}

10. nginx-Serverblock erstellen:
{{
sudo mkdir -p /var/www/5x-e.de/html
sudo chown -R $USER:$USER /var/www/5x-e.de/html
sudo chmod -R 755 /var/www/5x-e.de
}}

10a. /var/www/5x-e.de/html/index.html
{{
sudo mcedit /var/www/5x-e.de/html/index.html
}}
{{
<html>
    <head>
        <title>5 x - e . de</title>
    </head>
    <body>
        ... leer ...
    </body>
</html>
}}

10b. /etc/nginx/sites-available/5x-e.de
{{
sudo mcedit /etc/nginx/sites-available/5x-e.de
}}
{{
server {
        listen 80;
        listen [::]:80;

        root /var/www/5x-e.de/html;
        index index.html index.htm index.nginx-debian.html;

        server_name 5x-e.de www.5x-e.de;

        location / {
                try_files $uri $uri/ =404;
        }
}
}}
{{
sudo ln -s /etc/nginx/sites-available/5x-e.de /etc/nginx/sites-enabled/
sudo systemctl restart nginx
}}

11. Certbot für Let's Encrypt:
( https://certbot.eff.org/ | https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx.html )
( https://www.webhosterwissen.de/know-how/eigener-webserver/tutorial-apache-lets-encrypt-fuer-ssl-schutz/ )
( https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-10 )
{{
sudo apt install certbot python-certbot-nginx
sudo certbot --nginx
}}

11a. /etc/nginx/sites-available/5x-e.de nach der Änderung durch certbot:
{{
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
server {
	root /var/www/5x-e.de/html;
	index index.html index.htm index.nginx-debian.html;

	server_name 5x-e.de www.5x-e.de;

	location / {
		try_files $uri $uri/ =404;
	}

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/5x-e.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/5x-e.de/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.5x-e.de) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = 5x-e.de) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name 5x-e.de www.5x-e.de;
    return 404; # managed by Certbot
}
}}

12. phpproxy
{{
# in config.php app_key mit einem Wert versehen: $config['app_key'] = '1c59319bf54f30b76ab5e5eddae5b263';
sudo apt install php-curl
sudo certbot --nginx
# pp. ... anwählen, "Redirect"
}}

13. LionWiki:
{{
# nach dem Einspielen:
sudo chown -R $USER:$USER /var/www/5x-e.de/html
sudo chmod -R 755 /var/www/5x-e.de
# plus
chmod -R 777 ./html/var
}}

14. Wordpress
{{
# Requirements installieren
sudo apt install php-xml
sudo apt install php-gd

# installer.php & x_archive.zip nach /var/www/blog.5x-e.de kopieren
sudo chown -R $USER:$USER /var/www/blog.5x-e.de
sudo chmod -R 777 /var/www/blog.5x-e.de

# alles vorbereiten
sudo mysql -u root -p
CREATE DATABASE blog;
CREATE USER blog_user@localhost IDENTIFIED by 'pw'
GRANT ALL PRIVILEGES ON blog . * TO blog_user@localhost;

# blog.5x-e.de/installer.php aufrufen
sudo chown -R $USER:$USER /var/www/blog.5x-e.de
sudo chmod -R 755 /var/www/blog.5x-e.de

?? sudo chmod -R 777 /var/www/blog.5x-e.de	ALLES - SCHLECHT - besser !!
}}

-----

Courier Imap, alternativ dovecote
sendmail + Versand über ?? oder 1&1
Squirrelmail
fetchmail