LAMP Web Server : security optimizations + backup set up
I have one dedicated server already running and working.
Configuration: 32go ram, 4c, 8 threads, 2x 120go ssd
- Php5 (and php-apc,
- mysql server
About the server and my needs :
I like our configuration because :
- I understand it without advanced debian knowledge
- installed packages are well known
- we can add new websites easily
- the system is pretty simple
But actually it's too much simple, and nothing has been set up to secure our web server.
I want to host some clients websites on this server. It already hosts 4 websites, and i want it to to host more of them this year.
I don't want hosting control panel like Webmin or ZPanel - because i want the server to remain simple.
So it's ok if i have to launch some scripts or command lines to add a new website. Below you'll find the routine i have to add a new website. It's ok if it remains the same.
- Check security issues
- Deliver a list a what has to be done, installed and configured to have something clean and efficient to secure the server.
- I will validate that
- Install and configure the validated actions.
- Check if external connection to db are safe (see below why - with db bsc_stcheron)
2. Automated Backups
- I have another dedicated server, which is pretty common and with 500Go capacity.
- It will be already installed with Debian only.
- It has to be configured to receive automatic backup from our main server. (So some cron jobs will be configured on main server using crontab or similar)
- One file per website per day (yyyy-mm-dd-files-websitename.tar.gz)
- One file per database per day (yyyy-mm-dd-db-db_name)
- Automatically delete backups after 30 days
- But keep one backup per month for each website and database)
- Backups folders have a ftp user that can read and delete backup files (that's how i will copy the files to my computer)
3. Write down how i can add a new website - if procedure has to change
- i don't need it to be more simple (you can check the current procedure below)
- provide me the informations if i need to do some more steps to create new (for instance add a new cron line for each website/db backup, some firewall setting to change, etc.. )
Note: How i configured the new website skeleton
echo " <h1>New website</h1> " > /etc/skel/public_html/index.html
Note Procedures: How i add a new website
useradd -g www-data -m username
Options -Indexes FollowSymLinks MultiViews
CustomLog /home/websitename/logs/access.log combined
ln -s /etc/apache2/sites-available/websitename/etc/apache2/sites-enabled/websitename
* create new password *
CREATE DATABASE sql_db_name CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'website_sql_user'@'localhost' IDENTIFIED BY 'password_here';
GRANT SELECT, INSERT, UPDATE, DELETE ON sql_db_name .* TO website_sql_user @'localhost';