VPS Setup Guide for Ramnode
Detailed Setup Guide using TurnKey Linux LAMP
I hope the following guide will help you get started with your VPS. The guide isn't finished and I will be adding much more in the near future. Let me know if you spot any mistakes.
1) Go to Ramnode.com
- Make a note of any current promotion codes e.g TWOYEAR for 40% off
- Choose the VPS that is best suited for you. I chose OpenVZ SSD Cached
- Click on "View Plans" and choose your server location e.g. Seattle
- Decide how much RAM you need e.g. 512MB
- Click "Order Now"
- Fill in the configure form with
Billing Cycle e.g. Yearly Server Name e.g. myserver.designertuts.com Operating System e.g. Latest Ubuntu. Doesn't matter what you put here. Will specify Turnkey Linux LAMP later on Add extra IPs etc as you want
- Checkout and enter all your personal details plus promotional code
- Complete your order and pay
- Wait for Welcome email to arrive
2) Go to the Client Area http://clientarea.ramnode.com
- Click the "Secure Client Login" button and login with details you will have received in a Welcome email
- Look for and click the "View" link next to a line specifying how many services you have and then click "View Details"
- There are options here to reboot server etc together with billing and account info
You don't need to use Client Area. I would rather use the Solus VM Control Panel (see next) to reboot server etc so this is just to show you where Client area is.
3) Go to the Solus VM Control Panel (there is a link at top of Ramnode.com page) https://vpscp.ramnode.com
- Logon with details sent to you in Welcome email
- Click "Manage" button for your server
- Make a note of your server IP address e.g. 22.214.171.124
- Click "Reinstall" button (don't worry there is another screen before it does anything)
- It will show you a list of possible OSs e.g. SUSE 13.1
- Click the checkbox on far right next to TurnKey Linux - LAMP
- Scroll to bottom of page and click the "Reinstall" button. WARNING This will delete any existing system.
- The reinstall will start and is usually very quick. Go back to the Solus VM page you were just on and click "Refresh" button at top right
- The Status will soon change to "Online" wait a few minutes after that before proceeding to the next step
There are lots of useful functions here (Don't forget you might have to scroll page. There are some easily missed at bottom of screen)
4) Start up Putty as an SSH client
PuTTY is an SSH and telnet client that we will use to talk to the VPS server. I don't have install instructions for Windows but they shouldn't be hard to find.
- Open a terminal window (on your local PC) e.g. Ctrl Alt T
- sudo apt-get install putty
- fill in Hostname or IP to be your servers IP address and make sure Port is 22 and connection type SSH
- click "Open"
- You will get a security warning. Click "Accept" If instead you get "connection refused" then you probably havent waited long enough since previous step. Just wait a bit and try again
- At the loginas prompt type "root" without quotes
- MySQL password: enter a suitable password (and make a note of it!)
- Skip the Turnkey Backup
- Install the Security Updates
- It will tell you some IP and port numbers (These are important but I will cover them later)
- Choose Quit and confirm
and copy and paste your root password from welcome email (When you do the CTRL V just follow it with Enter key. It will not be echoed) Sometimes I have had problems with cut and paste. If you get access denied try actually typing in the password rather than using cut and paste
It will ask you a few questions
5) "Shell in a Box" comes with your LAMP server and is better to use than Putty so we will use that from now on
In your browser go to https://your server IP:12320 or whatever Ramnode told you in your Welcome email
- You will get a security warning about the certifcate. (In Firefox) say I understand the risks and add exception
- You then get a login prompt
- login as root
(root password sent in welcome email)
You can also right click and select "Paste from Browser". A popup box will appear into which you can paste a password. Click Ok and then press enter
6) Install SUDO
On Shell in a Box...
apt-get install sudo
7) Setup new Admin user
We don't want to be using root account all the time so think up a name for an admin user
- sudo adduser mike
Enter a complex password when prompted. There are a few other questions which you can leave blank if you want.
To make this user an admin...
- sudo visudo
step down to the line which says
- root ALL=(ALL:ALL) ALL
and just below it make a copy (with your new users name instead of root) e.g.
- mike ALL=(ALL:ALL) ALL
then save and exit by typing
- Ctrl O
- Ctrl X
8) Start WEBMIN
Webmin makes a number of tasks easier. To run it, in another browser tab enter https://your server IP:12321 (or whatever port Ramnode specified)
You can improve Webmin security using a number of techniques if you need more than the basic password protection. Just search online for "webmin security"
When Webmin starts
- Again you will get a security warning. Click ok as before
- You then see a login prompt. Login as root with your root password as before.
9) Make SSH more secure
Change SSH login to use the new admin user instead of root
- Select "Servers" "SSH Server" from Webmin main menu
- Click the "Networking" icon
- look for the line that says "listen on port" change 22 to the port of your choice e.g. 12345
- make a note of this new port number
- click "Save"
- click on "Access Control" icon
- change "only allow user" to be your recently created new admin user (mike in our example above)
- click "Save"
- click on "Authentication" icon
- change "allow login by root" to no
- click "Save"
- click "apply changes" button
- Select "Networking" "Linux Firewall" from Webmin main menu
- look for line referring to port 22 and click "accept" near start of this line
- look for 22 on this page as well
- change 22 to your new port number (12345 in examples above)
- click "save" at bottom of page
- click "apply configuration" near bottom of page
it should be on line that start "Destination TCP or UDP port"
10) Also check that Activate at boot is set to yes. If not change it to yes and click "activate at boot"
11) Verify the above change have worked
- Follow the steps under 4) above to run putty and try to connect on port 22. Check you are refused.
- Try again but this time put your new port number in (12345 in example above). Check you get the security warning. Accept this and check you see the login prompt
- Try and login as root and check you are denied access
- Try and login as your new admin user and check this works ok
Your system is now more secure. You aren't running on the well know port 22 anymore and root is not allowed to login via SSH
12) Hide sensitive info
- If you type your ip address in browser you will see a default page that has links to Shell, Webmin and phpmyadmin
The links aren't too much of a problem as an attacker would need to know login details. However there are also links to phpinfo and apache server status which will give away info that shouldn't be public
Ideally you will want to remove all the files in /var/www and put your own website there. But as a temporary measure...
Execute the following commands, one at a time, either at shell prompt or in webmin using "Tools" "Command Shell" from main menu
- rm /var/www/phpinfo.php
- a2dismod status
- service apache2 restart
13) Setup email
I decided to go for the simplest method I could find to allow my VPS and its websites to send email Thanks to http://linuxcommando.blogspot.co.uk/2014/04/how-to-setup-exim4-on-debian-to-use.html I decided to use exim4.
This method also allows local VPS accounts such as root to have their email redirected to an external email address The method assumes you have a Gmail account.
- sudo apt-get update
- sudo apt-get upgrade
- sudo apt-get install exim4-config
- sudo dpkg-reconfigure exim4-config
When prompted by dpkg-reconfigure, enter the following values for the respective exim4 parameters.
- General type of mail configuration: mail sent by smarthost; received via SMTP or fetchmail
- System mail name: localhost
- IP addresses to listen on for incoming SMTP connections: 127.0.0.1
- Other destinations for which mail is accepted: Leave empty.
- Machines to relay mail for: Leave empty.
- IP address or host name of the outgoing smarthost: smtp.gmail.com::587
- Hide local mail name in outgoing mail?: No
- Keep number of DNS-queries minimal (Dial-on-Demand)?: No
- Delivery method for local mail: mbox format in /var/mail/
- Split configuration into small files?: No
Append the following to /etc/exim4/passwd.client with the proper Gmail account and password:
This password file contains sensitive account information. Make sure it has correct permissions. (e.g. 640)
Now reload exim4
- sudo update-exim4.conf
- sudo apt-get install exim4 (if not installed, or sudo service exim4 restart)
To test, send an email to yourself, and check your Inbox:
- echo test only | mail -s 'Test Subject' myAddress@gmail.com
If you get an error about unknown command mail then $sudo apt-get install mailutils
Now to explain how to redirect local email from accounts such as root to external email
Edit /etc/aliases as root.
You should see a line such as
- root: mike
change this to
- root: yourAddress@gmail.com
Rebuild alias database. (not required if using exim4?)
To test, send root an email, and verify that the message is delivered to the target remote email account.
- echo 'TEST TEST TEST'| mail -s 'Alert' root
14) Setting up a website
I install my websites under /var/www and for each website I use the following structure
I have included instructions here for creating a new website from scratch and also for moving a website from an old server to a new one In either case...
- Login to Solus VM (There is a link from Ramnode website and help in your welcome email)
- Click Manage for your server
- Fire up Shell in a box
- Fire up Webmin
I found zip useful as I was moving websites from my old VPS to my new VPS
- sudo apt-get install zip
Moving files from an old server...
you will already have the tree structure and files and can just download to a zip by going to "Tools" on Webmin menu and selecting "Upload and Download" option. Then click on "Download from Server" and browse to /var/www , click on your website name and "OK". Then click the "Download" button. It will download a zip called yourwebsitename.com.zip
On new server
- cd /var/www
- sudo mkdir yourwebsitename.com
- select "Tools Upload Download" from Webmin
- Select Upload to server
- Under File or Directory to upload to, Navigate to /var/www/yourwebsitename.com
- Under Files to upload, Choose file yourwebsitename.com.zip
- Setting the owned by doesn't work because it doesn't propogate so you have to do it at command prompt so leave it at root
- Extract archive: Yes then delete
- Click Upload button
Creating a new website from scratch...
In Shell in a Box enter something like the following
- cd /var/www
- sudo mkdir yourwebsitename.com
- cd yourwebsitename.com
- sudo mkdir public_html
- sudo mkdir public_html/cgi-bin
- sudo mkdir logs
- cd ..
You now need to fix owner and group on the files
On the new server...
At shell command prompt...
- cd /var/www
- sudo chown -R adminuser yourwebsitename.com (where adminuser is the root replacement user you setup earlier)
- sudo chgrp -R www-data yourwebsitename.com
I'm not good at getting permissions right. Depending on the website you will need different permissions for different files and folders. e.g. a config file that is only changed by admin will need different permissions to a user uploadable folder for images.
The follwing are a couple of examples I have used in past but they are just examples. You need to research this yourself.
- sudo chmod -R 750 yourwebsitename.com (had probs with this and auto wordpress updates 770 worked)
- sudo chmod g+s yourwebsitename.com
15) Create New Database
If you are moving servers...
login on old server (See welcome email for port number for phpMyAdmin
Also do an export on old to save a .sql file clicking on Export Tab and clicking GO which will download a .sql file to your local computer
On the new server...
- Start phpMyAdmin and login as mysql root
- Click "Databases" tab
- create database with collation set to utf8_unicode_ci (or whatever suits your situation)
- edit privileges for this db and click add a new user
- give new user a username, set host to Local, and generate a password (make a note of it somewhere)
- click all privs and click Go at botton right (of this section)
16) Import any saved SQL database file from old server if moving servers
- Use phpmyadmin Import
17) Edit config file e.g. for Wordpress to use your database if using Wordpress
- Use Tools, Text Editor on Webmin
- Find wp-config or whatever file and edit it pasting in new database details
- Click Save
18) Setup Virtual Server on Apache
- Go to Webmin
- Servers, Apache
- Click on "Create Virtual Host"
- Under Document Root browse to /var/www/www.yourwebsitename.com/public_html (or whereever you have put the files)
- Under Server Name change it from automatic to www.yourwebsite.com
- Click "Create Now" at bottom
- At main Apache page click on "Apply Changes" link at top
This will work for a normal domain such as www.yourwebsitename.com but you can also setup some aliases e.g. if you wanted yourwebsitename.com without the www to go to the same website
To set this up in Webmin...
- go to "Servers, Apache Webserver"
- Find the row with your website on and click on the word "Virtual Server" in the first column This will take you to a "Virtua Server Options" page with lots of icons
- Click on "Edit Directives" in the bottom right It should look something like this
- DocumentRoot "/var/www/www.yourwebsitename.com/public_html"
- ServerName www.yourwebsitename.com
- <Directory "/var/www/www.yourwebsitename.com/public_html">
- allow from all
- Options +Indexes
You can add the following line at the end after line starting ServerName
- ServerAlias yourwebsitename.com
Then click "Save" button and "Apply Changes" on the Virtual Server Options" page
Find where your yourwebsitename.com is registered e.g. Namecheap
Logon to your account there and change Nameservers to
- ns6.ramnode.com or whatever you have been told to use by RamNode when you signed up
Be aware you might get some downtime if you are moving an existing website. This method assumes that isn't a problem You will need to do some more research on other solutions if this is a problem for you.
You then need to tell Ramnode where the site is
- Login to http://dns.ramnode.com/cpanel
- Enter username and password
- Create a new Addon Domain
- Set document root to /var/www/yourwebsitename.com/public_html or whatever you have used
- Use Password generator to set very complex password for FTP (no need to make a note of it if you don't use FTP)
- Click "Add Domain"
Go back to Home page and click on "Advanced DNS Zone Editor"
Choose your domain from the list
- Add a Record
- Name: yourwebsitename.com
- TTL: 14400
- Address: your VPS server ip address
There will already be a Zone File record for this domain and it will be set to 126.96.36.199 or some other ramnode server Delete this by clicking "Delete" link under Action for that record There are other strange entries such as webdisk. No idea what they are. I just leave them as they are.
20) Some general stuff
- sudo apt-get install ntp ntpdate
- probably need a sudo apt-get update and a sudo apt-get upgrade somewhere early on?
Some Apache modules might not be enabled by default. In my case I decided I needed
To enable these go to Webmin and click on Servers, Apache
- Then click "Global Configuration"
- and click the "Configure Apache Modules" icon
- Put a tick next to "expires" and "rewrite" then click the "Enable Selected Modules" button at the bottom of page and then return to the Global Config page and click the "Apply Changes" link at top of page
In my case I had the following modules enabled
- alias Enabled
- auth_basic Enabled
- authn_file Enabled
- authz_default Enabled
- authz_groupfile Enabled
- authz_host Enabled
- authz_user Enabled
- autoindex Enabled
- cgi Enabled
- deflate Enabled
- dir Enabled
- env Enabled
- expires Enabled
- mime Enabled
- negotiation Enabled
- perl Enabled
- php5 Enabled
- python Enabled
- reqtimeout Enabled
- rewrite Enabled
- setenvif Enabled
- ssl Enabled
Also on the Apache main page at the top right is a link to "Module Config" Click this and change Display Virtual Servers as List instead of Icons
- under Apache Global Configuration , Miscellaneous
- Server HTTP Header changed to "Product Only"
21) Finally did a backup
- sudo tklbam-init
- enter api key from your account (see hub website)
- sudo tklbam-backup