1. Introduction
I’m installing Debian 11 on a Hetzner server, a very reliable hosting (and they also have really good prices!). This server can be a good base for a laravel installation for example.
Previously I’ve been using OVH for many years, but last year when I needed to cancel one of my servers that I had for 3 years they denied the cancelation alleging I had signed a 1 year contract, that I didn’t remember at all, but even if that was true, 3 years already passed! 2 months and 200€ after a very painful process I was able to cancel the server and I also canceled and moved away all I had there and no longer recommend them to anyone.
After paying the server you can select the OS, I always use Debian, but it’s ok if you prefer Ubuntu (that is based on Debian), they are very very similar, or another Debian based distro.
2. Connect using SSH
After the installation process finishes, you can connect to the server using SSH, I start checking a couple things and installing the tools I’ll use on next steps, as nvim.
2.1. Check if the machine is what is supposed to be:
df -h
top
2.2. Install nvim
This is my preference, you can use anything else like vim or nano.
apt install neovim
2.2. Change the SSH port
I always change the default SSH port to anything else, this single change may save you from a big % of hacking attempts.
nvim /etc/ssh/sshd_config
/etc/init.d/ssh restart
Before continue and without closing your current session connect again through SSH to ensure port change is working.
2.3. Disable IPV6
I always do this to avoid a lot of headaches with further configurations.
nvim /etc/sysctl.conf
Add: “net.ipv6.conf.all.disable_ipv6 = 1“
And next:
sysctl -p
2.4. Install CSF firewall
wget http://download.configserver.com/csf.tgz
tar -zxvf csf.tgz
cd csf && bash install.sh
nvim /etc/csf/csf.conf
2.5. Install nginx
apt install nginx
2.6. Install mariadb
apt install mariadb-server
systemctl start mariadb
systemctl enable mariadb
mysql
CREATE USER 'username'@'%' IDENTIFIED BY 'PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'username'@'%';
2.7. Install PHP
apt -y install lsb-release apt-transport-https ca-certificates
wget https://packages.sury.org/php/apt.gpg -O /etc/apt/trusted.gpg.d/php.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list
apt update
apt upgrade
apt install php php8.1-fpm php8.1-mysql php8.1-common php8.1-mysql php8.1-xml php8.1-xmlrpc php8.1-curl php8.1-gd php8.1-imagick php8.1-cli php8.1-dev php8.1-imap php8.1-mbstring php8.1-opcache php8.1-soap php8.1-zip php8.1-intl
Add: “catch_workers_output = yes” to /etc/php/8.1/fpm/pool.d/www.conf
You may add if needed: “display_errors = On” to “/etc/php/8.1/fpm/php.ini“
2.8. Basics
apt install python
apt install build-essential
2.9. Install PHPMyAdmin
Get last phpmyadmin version link from: https://www.phpmyadmin.net/downloads/
wget [https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-english.tar.gz](https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-english.tar.gz)
tar -zxvf phpMyAdmin-5.2.0-english.tar.gz
mv phpMyAdmin-5.2.0-english somethingrandom.yourdomain.com
And add it to /etc/nginx/sites-enabled/default
server {
root /var/www/somethingrandom.yourdomain.com;
index index.php index.ml index.m;
server_name phpmyadmin.yourdomain.com;
charset utf-8;
gzip on;
gzip_vary on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/xml+rss;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_read_timeout 300;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|svg|woff|woff2|ttf)$ {
expires 12M;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(?:css|js)$ {
expires 12M;
access_log off;
add_header Cache-Control "public";
}
location ~ /\. {
deny all;
}
}
/etc/init.d/nginx reload