Good day.
It so happened that the last time I had to change the VDS providers quite often, and each time I had to re-configure the system, so I decided to write a short summary of the settings. All described below works correctly on Linux OS Ubuntu server 12.04 LTS. In this article I will describe how to install and perform the initial configuration of nginx + apache2, eaccelerator, memcached, fure-ftpd, php, mysql, phpmyadmin and also the game server control panel - the open game panel.
I will begin with a brief description of some terms.
VDS - also known as VPS - Virtual Dedicated (Private) server - virtual machine, server - it is needed when there is little normal hosting, and a dedicated server is expensive. There are a great many providers in the modern market of providers that provide VDS rental services, and each has its own pros and cons, but we will not discuss them.
Virtualization type - in simple terms, this is how a virtual machine is organized. Currently the most common are OpenVZ and XEN. Plus OpenVZ - low cost, since in this type of virtualization for all virtual machines running on the hardware server uses a specially modified kernel of the host system. The disadvantage of this type of virtualization is that it is impossible to change the parameters of the OS kernel, overselling is almost always present (more on this later). And for serious projects it is better to use XEN or KVM virtualization - there the guest OS doesn't even know that it is installed on the virtual machine, and you can do almost everything your heart desires with the OS, especially on XEN-HWM and KVM.
Overselling providers sell more resources than they actually are. This works due to the fact that customers rarely use resources at a rate of 100 percent, but unscrupulous providers with an excessive overselling rate may experience problems, such as extremely slow machine work or script failure due to lack of memory. Getting back to the types of virtualization on XEN and KVM overselling is almost technically impossible.
')
Choosing a hosting provider
So, you decided to buy the VDS service. How should choose a provider. You should start with geography - where your server will be located geographically.
Germany - pluses: cheap tariffs, fast channels, unlimited traffic, minuses - quite a big delay to Russia - about 80ms, they take torrent trackers very seriously, torrent clients, varesu, etc.
Holland, Canada - the same is Germany, but a bit more expensive, but the main plus is the legislation that is more loyal to various types of information stored and transmitted, for which we are not patted on the head.
The United States - for the most part consider traffic, big pings to Russia - in general, not the best option.
Russia, Ukraine - minimum delays to the Russian audience, in most cases pseudo-unlimited traffic (speed reduction after a certain threshold or the need to observe the proportions of incoming / outgoing Russian / foreign traffic), not the most reliable data centers - in almost every case mass service outages occur periodically hours, despite three independent electrical input, reservation of Internet channels and diesel generators.
Select the type of virtualization
If resources allow, then this is definitely KVM or XEN. But not all providers have these types of virtual machines, and it costs a bit more money than OpenVZ. Therefore, if your project is a certain site \ two \ ten with low attendance (up to about 10,000 unique hosts per day) and \ or some ICQ chat, then OpenVZ will be quite enough for you.
Well, if you need to perform some more demanding tasks, such as hosting game servers or video chats, choose XEN | KVM, also these types of virtualization should be chosen if there is a need to create VPN tunnels. Here VPN is easier to raise than on OpenVZ.
Server Tuning
Next, I will talk about the different features that I set up on my server, some may be useful to you. The operating system I use is Ubuntu 12.04.1 LTS. Since the overwhelming majority of the commands that are being executed further require root privileges, and I am a lazy person, I perform all actions under the root. Logging in immediately under the root is usually impossible, so we go under the user with sudo rights and execute the command sudo -s
Reassemble the kernel
If you chose OpenVZ, then you can safely skip this part of the article.
This procedure will not give a tangible increase in productivity, and this procedure is necessary only for self-development and “practice for the future.”
Download the latest stable kernel source from kernel.org. At the moment this is version 3.6.7
wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.6.7.tar.bz2
• Unpack the archive
tar -xjf linux-3.6.7.tar.bz2
• Install the necessary packages for compilation
aptitude update aptitude install build-dep linux kernel-package
• go to the source folder and generate the kernel configuration. In our case, everything will pass automatically - only those modules that are needed by the current hardware will be included in the kernel. If you want to manually configure the kernel, then please google upon request make config or make menugonfig.
cd linux-3.6.7 make localyesconfig
• we start compiling the kernel - the process is not fast going from 15 minutes to several hours.
fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers
• go up to the directory above and install the packages
cd .. dpkg -i linux-*.deb
• Reboot and verify that the kernel has crashed.
reboot uname -r
• That's all, in your system a new kernel.
Change the time zone and the name of the PC
If you install Ubuntu on a dedicated server yourself, then you set the language and geographic parameters of the system during installation, but in the case of VDS, the provider has a ready-made image of the system, which he rolls to your server. And it’s more pleasant for all of us to see the correct time on our server for our time zone.
• So, let's set the time zone, for this we execute the command
dpkg-reconfigure tzdata
• A pseudo-graphic interface will appear in which we will choose our location.
• If suddenly (I have never seen such a thing before) there are discrepancies in date / time, then we will execute the following command, into which we will substitute the current date and time
hwclock --set --date=”11/24/2012 16:19:55"
• To change the server name, open the / etc / hostname file and replace the contents with the desired server name.
Install nginx with apache2, PHP, MySQL, phpmyadmin backend
In this part of the article, we will install and configure a web server designed for a large number of connections.
• First, install the standard “children’s” set of web server packages.
aptitude update aptitude install mysql-server mysql-client libmysqlclient15-dev apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-certlibapache2-mod-php5 libapache2-mod-ruby php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl phpmyadmin g++
• We will be asked to set a password from MySQL, then we will be asked what to process phpmyadmin with - then you need to answer with an apache, and ask for a password from MySQL for the needs of phpmyadmin
• At the time of writing the article, phpmyadmin was not automatically registered in the apache2 configuration, as a result of which we see an error 404 at the address of the
website_address./zone / phpmyadmin address, therefore we open the /etc/apache2/apache2.conf file and in the end we add the line
Include /etc/phpmyadmin/apache.conf
• Turn on apache2 modules
a2enmod include a2enmod rewrite a2enmod suexec a2enmod ssl
• We draw apache's default config. To do this, open / etc / apache2 / sites-available / default erase everything in this file and write the following:
<VirtualHost *:800> ServerAdmin @e-mail DocumentRoot /home/www/_. <Directory /> Options FollowSymLinks AllowOverride All </Directory> <Directory /home/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order deny,allow deny from all allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride All Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel crit CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride All Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
• The fact that the eight hundredth port is specified is not an error; nginx will hang on the standard eighty port for http. The DocumentRoot parameter, for reasons unknown to me, is advised by most to specify / var / www / ..., in my opinion it is more logical to keep important data in / home - it will be easier to set up a backup.
• Edit the /etc/apache2/ports.conf file
NameVirtualHost *:800 Listen 800
• Copy the / etc / apache2 / sites-available / default file to / etc / apache2 / sites-enabled / site_address
• It is better to call directories and files with configs by the addresses of sites since In the future, this will simplify the search for the necessary configs \ directories, for example /home/www/tweedle.ru /etc/apache2/sites-enabled/tweedle.ru
• Edit the /etc/apache2/apache2.conf file - change the value of the MaxClients parameter to 20, it should be done in two places.
• We register nginx repository, for this we open the /etc/apt/sources.list file and add to the end
deb http://nginx.org/packages/ubuntu/ precise nginx deb-src http://nginx.org/packages/ubuntu/ precise nginx
• Install nginx and apache2-mod-rpaf
wget http://nginx.org/keys/nginx_signing.key apt-key add nginx_signing.key aptitude update aptitude install libapache2-mod-rpaf libpcre3 libpcre3-dev nginx
• Next, configure nginx, to do this, open the file /usr/local/etc/nginx/nginx.conf and replace the contents with the following
user www-data; worker_processes 1; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; server_names_hash_bucket_size 64; access_log /var/log/nginx/access.log; sendfile on;
• in the event that the web server role is the main role of your server and \ or sites have a high attendance, set the worker_processes value equal to the number of available CPU cores, otherwise one process will be enough
• create a config for our site /etc/nginx/sites-enabled/address_sayta.zona
server { listen 80; server_name _.; access_log /var/log/nginx.access_log; location ~* \.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx|mp3|bsp)$ { root /home/www/_./; index index.php index.html index.htm; access_log off; expires 30d; } location ~ /\.ht { deny all; } location / { proxy_pass http://127.0.0.1:800/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $remote_addr; proxy_set_header Host $host; proxy_connect_timeout 60; proxy_send_timeout 90; proxy_read_timeout 90; proxy_redirect off; proxy_set_header Connection close; proxy_pass_header Content-Type; proxy_pass_header Content-Disposition; proxy_pass_header Content-Length; } }
• install memcached, no additional settings are required for it
aptitude install memcached
• install eAccelerator
aptitude install php5-dev aptitude install make cd /tmp/ wget https://github.com/downloads/eaccelerator/eaccelerator/eaccelerator-0.9.6.1.tar.bz2 tar xvjf eaccelerator-0.9.6.1.tar.bz2 cd eaccelerator-0.9.6.1
• now, before we compile eAccelerator, we fix one bug in the code, which causes all sorts of problems, for example, phpmyadmin authorization stops working. Open the eaccelerator.c file, line 867.
if (php_check_open_basedir(realname TSRMLS_CC)) {
with
if (php_check_open_basedir(p->realfilename TSRMLS_CC)) {
Save and continue ...
phpize ./configure --enable-eaccelerator=shared make make install
• Create a folder for the cache, and give it the right
mkdir -p /var/cache/eaccelerator chmod 0777 /var/cache/eaccelerator
• Configure php to work with eaccelerator, to do this, open the file /etc/php5/apache2/php.ini and add on top
[PHP] extension = "eaccelerator.so" eaccelerator.shm_size = "16" eaccelerator.cache_dir = "/var/cache/eaccelerator" eaccelerator.enable = "1" eaccelerator.optimizer = "1" eaccelerator.check_mtime = "1" eaccelerator.debug = "0" eaccelerator.filter = "" eaccelerator.shm_max = "0" eaccelerator.shm_ttl = "0" eaccelerator.shm_prune_period = "0" eaccelerator.shm_only = "0" eaccelerator.compress = "1" eaccelerator.compress_level = "9" eaccelerator.allowed_admin_path = "/var/www/eaccelerator"
• We restart the services, making sure that the site is in / home / www / site_name
service apache2 restart service nginx restart service memcached restart
• Now we have a fairly smart web server that consumes less than 100MB of RAM. Todo: There is one drawback - phpmyadmin, which is available at the
website_address.zone / phpmyadmin is displayed ugly (without pictures), a temporary solution that I can offer is to open phpmyadmin at the address of the
website_zone.zone : 800 / phpmyadmin
Installing a pure-ftpd FTP server with MySQL support
FTP server is useful to us for a simple and fast and convenient transfer of information from the server and to the server.
• Install pure-ftpd with mysql support.
aptitude install pure-ftpd-mysql
• Create a group for ftp users and users in it - this is done in order to make it more convenient to follow what is happening on your server.
groupadd -g 4001 ftpusers && useradd -u 4001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpusers ftp
• Create a database in MySQL for pure-ftpd. This can be done via phpmyadmin, but with a great and powerful copy-paste it is faster to do it in the console.
mysql -u root –p
CREATE DATABASE pureftpd; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost' IDENTIFIED BY '__pureftpd'; FLUSH PRIVILEGES;
• Create a table in which FTP accounts will be stored.
USE pureftpd; CREATE TABLE ftpd ( User varchar(16) NOT NULL default '', status enum('0','1') NOT NULL default '0', Password varchar(64) NOT NULL default '', Uid varchar(11) NOT NULL default '-1', Gid varchar(11) NOT NULL default '-1', Dir varchar(128) NOT NULL default '', ULBandwidth smallint(5) NOT NULL default '0', DLBandwidth smallint(5) NOT NULL default '0', comment tinytext NOT NULL, ipaccess varchar(15) NOT NULL default '*', QuotaSize smallint(5) NOT NULL default '0', QuotaFiles int(11) NOT NULL default 0, PRIMARY KEY (User), UNIQUE KEY User (User) ) ENGINE=MyISAM; quit;
• Now we will configure pure-ftpd, to do this, open the file /etc/pure-ftpd/db/mysql.conf and make its contents like this:
MYSQLSocket /var/run/mysqld/mysqld.sock MYSQLUser pureftpd MYSQLPassword __pureftpd MYSQLDatabase pureftpd MYSQLCrypt md5 MYSQLGetPW SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetUID SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetGID SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetDir SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetQTASZ SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetQTAFS SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
• Now we will make so that the user's home directory is automatically created if it does not exist
echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
• The following command will not give users access to directories that are higher than their home directory.
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
• And finally, turn off checking of users' hostnums - this will significantly speed up the authorization process and slightly reduce the amount of traffic.
echo "yes" > /etc/pure-ftpd/conf/DontResolve
• Restart the service to apply the settings.
service pure-ftpd-mysql restart
• Now we will create the www-ftp user with a GID and UID 4002, home directory / home / www with download / upload speed limits per megabyte per second and without restrictions on the disk space occupied. I will give an example using the command line, you can also use "execute a SQL query" in phpmyadmin, or even use the "add lines" in phpmyadmin - but in this case, you should not miss the fact that the password in the database is stored as its md5 hash , and in the password field select "Function" md5
mysql -u root -p
USE pureftpd; INSERT INTO `ftpd` (`User`, `status`, `Password`, `Uid`, `Gid`, `Dir`, `ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`, `QuotaFiles`) VALUES ('www-ftp', '1', MD5('___www-ftp'), '4002', '4002', '/home/www', '1024', '1024', '', '*', '0', '0'); quit;
• That's it, you can try to connect to your FTP server at the address of the
site_address.with the login www-ftp and the specified password.
• If you are going to transfer data over the FTP protocol that should not fall into the wrong hands, then it is useful to configure TLS encryption. To do this, do the following:
echo 1 > /etc/pure-ftpd/conf/TLS mkdir -p /etc/ssl/private/
• Install the openssl package if it is not installed and generate a certificate.
aptitude update aptitude install openssl openssl req -x509 -nodes -days 3652 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
• We answer questions - this data will be displayed in the generated certificate.
• Set permissions on the certificate and restart pure-ftpd
chmod 600 /etc/ssl/private/pure-ftpd.pem service pure-ftpd-mysql restart
• That's all. Remember that in order for the data to be encrypted it is necessary to enable tls encryption on the client side, and not all FTP clients support it.
Installing the game server management complex - Open Game Panel
The open game panel, also known as OGP, is the only free solution I have found that allows you to monitor and control various game servers. At the time of this writing, more than 50 different games are supported with servers on Windows and Linux platforms. Including such popular ones as Counter-Strike (2D, 1.5, 1.6, Source, GO) and Minecraft (Vanilla, Bukkit)
The complex consists of two parts - a web-muzzle, through which monitoring and control (frontend) and agent-service, which hangs on machines with game servers and sends logs to the front-end, and commands from frontend to game servers, is carried out.
• First of all, we register at
http://www.opengamepanel.org - this is not necessary for installation, but on the site you can download additional modules (for example, the billing system), themes and other buns.
• Install the necessary packages
aptitude update aptitude install libxml-parser-perl libpath-class-perl libarchive-any-perl screen
• If the system is x64, then additionally install ia32-libs
aptitude install ia32-libs
• Download the agent itself
wget "http://www.opengamepanel.org/downloads/ogp_agent_nightly.tar.gz" -O agent.tar.gz tar xf agent.tar.gz cd agent
• Install. Attention - I previously created a user in the system, included him in the root and sudo groups and created a home directory for him - all this is necessary for the agent to work correctly.
bash ./install.sh
• We will be asked for the username under which the service will spin - you need to specify the one about which I spoke in the previous paragraph, its password, the directory in which the executable files will be located (/ home / username / OGP) and ask you to enter the agent key - this is not a user password, but an agent management key, it will come in handy later, and we will be asked to agree to the Steam policy rules.
• After installation, log in under the created user and run
cd /home/ /OGP perl ./ogp_agent.pl --log-stdout
• We have to write that everything is in order, the process is running and listening on port 12679.
• Press ctrl + c, log in as root and prescribe - this is necessary for the service to start when the system is started
update-rc.d ogp_agent defaults
• If there are several servers (dedicated or virtual), then an agent must be installed on each
• Now we will install the web interface from OGP, download the archive and unpack
wget "http://www.opengamepanel.org/downloads/ogp_web_nightly.tar.gz" -O upload.tar.gz tar xf upload.tar.gz
• Move the contents of the upload folder to the folder where we have the site
• In the browser, open the
website_address.zone / folder_c_ogp and choose the language, if suddenly we are told that there are not enough rights to create any files or folders, then we issue the 777 permissions to chmod, for this we go into the folder with ogp and execute the command.
chmod 777 –v –R *
• Return to the web interface and click "Repeat", then "Next"
• Specify the parameters for connecting to the database and click "Next"
• Register an administrator account and click "Next"
• Next, follow the instructions, maybe in the next article I will describe the process of adding servers to OGP