Originally published at: https://www.classicpress.net/blog/how-to-setup-classicpress-on-ubuntu-16-04-using-vestacp-at-digital-ocean/
In this guide, you will learn how to set up, install and configure ClassicPress on an unmanaged web server at Digital Ocean VPS. The server we are going to set up should be running on Ubuntu 16.04 with a working Vesta Control Panel that can be used to manage multiple websites, email accounts, Ftp accounts,…
8 Likes
Excellent tutorial, thanks for writing this up!
VPS hosting using DigitalOcean is a great option, if you are willing to do these configuration steps and keep up with system upgrades then it is a much better value for your money than most of the shared hosting packages out there. We use a similar setup for hosting most of our official sites.
As you’ve noted, such a server (even at the basic $5/month plan) can comfortably host multiple low- or medium-traffic websites. If you pair this with Cloudflare or another external caching solution then you’ll get even better results.
A good next step as far as server configuration would be to install upgrades to the system packages automatically every day or every week. This will ensure that you get security updates in a timely fashion. I’m not sure if VestaCP offers this option but here is one way to set it up: Ubuntu Server documentation | Ubuntu
Also, I am curious why not use Ubuntu Server 18.04 as the base? If everything works well then this could be a good option. It is also a long-term support release, with official support ending in 2023 instead of 2021: Releases - Ubuntu Wiki
Paging @1stepforward, were you aware of this?
3 Likes
Yh exactly, Vesta supports different combos, I am currently using Nginx + Apache. Nginx on my frontend and Apache handles the back end side. Plus Redis for object caching, and I have 3 website hosted on just a $5 droplets with no issue at all.
The same step applies but there are still some little issue in Vesta but this can be fixed manually.
I think softaculous is free with cpanel
3 Likes
That thought is, per se, nice, because a lot of people aint got no clue about properly keeping their Linux server installs updated, but it still makes me uncomfortable in the stomach, because if you a) got no clue what’re doing and b) let updates run automated without any monitoring, one could easily bork up their Linux system.
I’d add something like a pre-update auto system backup, too, so that if the bork-up happened, one could easily revert to the original system or image.
cu, w0lf.
3 Likes
There is one called Canonical Livepatch service, which allows you to receive updates and have them applied without rebooting.
To my understanding, it isn’t included with Ubuntu by default and it is only free for three of your servers, which isn’t bad at all.
For monitoring updates, there is also one called Canonical Landscape Service but I currently update my servers manually but I think the one James linked to is a life time saver for me, I’ll check it out later.
2 Likes
Good points, it is theoretically possible for a new system update to cause problems. However with Ubuntu LTS releases this should be pretty rare as long as you haven’t customized a lot of things on the server.
Monitoring and installing updates is free on Ubuntu and similar systems, with sudo apt-get update and sudo apt-get upgrade, and some tools I referenced in my previous post for sending alerts and doing this automatically. This includes installing the updates without rebooting, except for updates to the kernel itself.
2 Likes
Yes but to be honest, the free version is more of a trial version and really not worth having. There are only 55 scripts available in the free version (compared with 450 in the premium version) and not even WordPress is included. You can see more here Scripts in Free Version.
I would think that most, if not all, hosting companies will use the premium because it’s pretty useless otherwise.
8 Likes
Thanks for pointing this out.
1 Like
Extremely good writeup - excellent job!
Two things on the security side of things: RSA should be avoided whenever you have a choice. It’s not broken and it’s unlikely to be any time soon, but 2048 is the minimum safe key length - 4k is a better choice today.
Instead, use ed25519. It was developed by a very well respected security guy, had zero involvement from the NSA etc (a problem with any of the other elliptic curve algorithms), and is finally starting to get widespread adoption. (There’s even a better alternative to DNSSEC that uses it - also developed by the same guy).
Second, being able to log in as root should be avoided unless you have a specific need. Instead, either use su or sudo; su would require fewer changes to your tutorial, but sudo is far safer for the inexperienced sysadmin. If you stick to what you have then you should at least change the sshd config file to require keys for root login.
Finally, you should add a note about backing up the key - most people forget to do that and are stuck later.
Other than that, great job - thanks for your continued contribution to the community!
5 Likes
Thanks for the tips, I’ll adjust it.
I actually linked to a guide about that, it’s under Initial Server Setup In Ubuntu (Recommended).
I wrote about disabling root, creating a new user with sudo privilege, creating a new ssh for the new user, disabling password authentication, disabling root login with ssh and setting up ufw firewall.
I would have merged it with this guide but it would become too long, so, I decided to create a new guide about that: Devsrealm » Initial Server Setup on Ubuntu 16.04 [Enhancing Server Security]
Yh, that’s a great idea, thanksi
4 Likes