# Setup webserver (NGINX) on Ubuntu ### Nginx + PHP + MariaDB + phpMyAdmin + SSH ## 0. Introduction ### Goal Set up a production-ready Ubuntu server with: **Nginx**, **PHP (PHP-FPM)**, **MariaDB**, **phpMyAdmin**, and **SSH on a custom port**. ### Assumptions - Ubuntu Server (22.04+) - CLI access - User `max` with sudo rights --- ## 1. Secure SSH (Custom Port) ### Edit SSH configuration ``` sudo nano /etc/ssh/sshd_config ``` ### Required settings ``` Port 1611 PermitRootLogin no PasswordAuthentication yes ``` ### Apply changes ``` sudo ufw allow 1611/tcp sudo systemctl restart ssh ``` ### Verify ``` sudo ss -tlnp | grep ssh ``` --- ## 2. Install Nginx ### Install ``` sudo apt update sudo apt install nginx -y ``` ### Enable and start ``` sudo systemctl enable nginx sudo systemctl start nginx ``` ### Allow firewall ``` sudo ufw allow 'Nginx Full' ``` --- ## 3. Install PHP (PHP-FPM) ### Install PHP and extensions ``` sudo apt install php-fpm php-cli php-mysql php-curl php-gd php-mbstring php-xml php-zip -y ``` ### Verify PHP ``` php -v systemctl status php8.3-fpm ``` --- ## 4. Configure Nginx + PHP ### Default site config ``` sudo nano /etc/nginx/sites-available/default ``` ### Minimal PHP configuration ``` server { listen 80; server_name _; root /var/www/html; index index.php index.html; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php8.3-fpm.sock; } } ``` ### Reload ``` sudo nginx -t sudo systemctl reload nginx ``` --- ## 5. Install MariaDB ### Install ``` sudo apt install mariadb-server mariadb-client -y ``` ### Secure ``` sudo mysql_secure_installation ``` ### Create admin user ``` sudo mariadb ``` ``` CREATE USER 'max'@'localhost' IDENTIFIED BY 'STRONG_PASSWORD'; GRANT ALL PRIVILEGES ON *.* TO 'max'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES; EXIT; ``` --- ## 6. Install phpMyAdmin ### Install package ``` sudo apt install phpmyadmin -y ``` When prompted: - Select no webserver - Choose **Yes** for dbconfig-common ### Nginx configuration ``` sudo nano /etc/nginx/snippets/phpmyadmin.conf ``` ``` location /phpmyadmin { root /usr/share/; index index.php; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php8.3-fpm.sock; } } ``` ### Enable ``` sudo nano /etc/nginx/sites-available/default ``` Add: ``` include snippets/phpmyadmin.conf; ``` ``` sudo nginx -t sudo systemctl reload nginx ``` --- ## 7. File Ownership & Permissions ### Recommended structure ``` /var/www/qool/test ``` ### Ownership ``` sudo chown -R max:www-data /var/www/qool/test ``` ### Permissions ``` find /var/www/qool/test -type d -exec chmod 750 {} \; find /var/www/qool/test -type f -exec chmod 640 {} \; ``` --- ## Final Notes - Nginx handles HTTP, PHP-FPM executes PHP - MariaDB uses socket authentication for root - phpMyAdmin should be IP-restricted in production - SSH on a custom port reduces automated attacks - This setup is production-ready and extensible