Web Dev Juice

Install Nginx+PHP+Mariadb on Debian 11

1. Introduction

I’m installing Debian 11 on a Hetzner server, a very reliable hosting (and they also have really good prices!). This server can be a good base for a laravel installation for example.

Previously I’ve been using OVH for many years, but last year when I needed to cancel one of my servers that I had for 3 years they denied the cancelation alleging I had signed a 1 year contract, that I didn’t remember at all, but even if that was true, 3 years already passed! 2 months and 200€ after a very painful process I was able to cancel the server and I also canceled and moved away all I had there and no longer recommend them to anyone.

After paying the server you can select the OS, I always use Debian, but it’s ok if you prefer Ubuntu (that is based on Debian), they are very very similar, or another Debian based distro.

2. Connect using SSH

After the installation process finishes, you can connect to the server using SSH, I start checking a couple things and installing the tools I’ll use on next steps, as nvim.

2.1. Check if the machine is what is supposed to be:

df -h
top

2.2. Install nvim

This is my preference, you can use anything else like vim or nano.

apt install neovim

2.2. Change the SSH port

I always change the default SSH port to anything else, this single change may save you from a big % of hacking attempts.

nvim /etc/ssh/sshd_config
/etc/init.d/ssh restart

Before continue and without closing your current session connect again through SSH to ensure port change is working.

2.3. Disable IPV6

I always do this to avoid a lot of headaches with further configurations.

nvim /etc/sysctl.conf

Add: “net.ipv6.conf.all.disable_ipv6 = 1

And next:

sysctl -p

2.4. Install CSF firewall

wget http://download.configserver.com/csf.tgz
tar -zxvf csf.tgz
cd csf && bash install.sh
nvim /etc/csf/csf.conf

2.5. Install nginx

apt install nginx

2.6. Install mariadb

apt install mariadb-server
systemctl start mariadb
systemctl enable mariadb
mysql
CREATE USER 'username'@'%' IDENTIFIED BY 'PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%';

2.7. Install PHP

apt -y install lsb-release apt-transport-https ca-certificates
wget https://packages.sury.org/php/apt.gpg -O /etc/apt/trusted.gpg.d/php.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
apt update
apt upgrade
apt install php php8.1-fpm php8.1-mysql php8.1-common php8.1-mysql php8.1-xml php8.1-xmlrpc php8.1-curl php8.1-gd php8.1-imagick php8.1-cli php8.1-dev php8.1-imap php8.1-mbstring php8.1-opcache php8.1-soap php8.1-zip php8.1-intl

Add: “catch_workers_output = yes” to /etc/php/8.1/fpm/pool.d/www.conf

You may add if needed: “display_errors = On” to “/etc/php/8.1/fpm/php.ini

2.8. Basics

apt install python

apt install build-essential

2.9. Install PHPMyAdmin

Get last phpmyadmin version link from: https://www.phpmyadmin.net/downloads/

wget [https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-english.tar.gz](https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-english.tar.gz)
tar -zxvf phpMyAdmin-5.2.0-english.tar.gz
mv phpMyAdmin-5.2.0-english somethingrandom.yourdomain.com

And add it to /etc/nginx/sites-enabled/default

server {
    root /var/www/somethingrandom.yourdomain.com;
    index index.php index.ml index.m;
    server_name phpmyadmin.yourdomain.com;
    charset   utf-8;
    gzip on;
    gzip_vary on;
    gzip_disable "msie6";
    gzip_comp_level 6;
    gzip_min_length 1100;
    gzip_buffers 16 8k;
    gzip_proxied any;
    gzip_types
        text/plain
        text/css
        text/js
        text/xml
        text/javascript
        application/javascript
        application/x-javascript
        application/json
        application/xml
        application/xml+rss;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_read_timeout 300;
    }

    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|svg|woff|woff2|ttf)$ {
      expires 12M;
      access_log off;
      add_header Cache-Control "public";
    }

    location ~* \.(?:css|js)$ {
      expires 12M;
      access_log off;
      add_header Cache-Control "public";
    }

    location ~ /\. {
        deny  all;
    }
}
/etc/init.d/nginx reload

jmontes

Leave a Reply

Your email address will not be published. Required fields are marked *