New VPS setup

Before a few hours ago this site was hosted on an OpenVZ container running a cPanel LAMP stack which was provided by the company I work for.  I found a $10 credit for DigitalOcean so I decided I would configure a LEMP stack and move this site over there since I haven’t played around with vanilla Nginx in quite some time.

It took a few hours to get everything setup and I’ve documented the process below.

  • Get everything up to date:
yum update -y
  • We’ll need the EPEL repo in order to install nginx:
yum install -y epel-release
yum install -y nginx
  • For PHP-FPM 7 we need the IUS repos. WordPress also requires the GD extension to edit images:
curl 'https://setup.ius.io/' -o setup-ius.sh
bash setup-ius.sh
yum install -y php70u-fpm-nginx php70u-cli php70u-mysqlnd php70u-gd php70u-imagick php70u-opcache php70u-ioncube-loader
  • Setup the MariaDB repo and install the database server:
cat >/etc/yum.repos.d/MariaDB101.repo<<EOF
# MariaDB 10.1 CentOS repository list - created 2017-02-12 21:25 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF
yum clean all
yum install -y mariadb-server mariadb-libs mariadb-devel mariadb-client
  • I chose to use /var/www/html as the primary document root for Nginx:
mkdir -p /var/www/html
chown php-fpm:nginx -R /var/www/
  • While unnecessary when using Nginx I decided to also have Varnish handle non-HTTPS web traffic, mainly because I haven’t used Varnish in a while and wanted to play with it, we’ll install it now and configure it later:
yum install -y varnish
  • I’m using Let’s Encrypt for SSL since without cPanel there are no more free Comodo SSL certificates. I needed to point my domain to this server before I could go any further but wanted to at least have the site up before doing so, so we’ll finish up with the SSL certificate installation later:
yum install -y certbot
  • At this point we’re pretty much ready to start enabling services and configuring our LEMP stack.
  • Enable everything:
systemctl enable varnish php-fpm nginx mariadb
  • I won’t go into too much detail on how to configure the services because the config files are commented pretty well and I’m providing mine.
  • We’ll have Varnish on port 80 forwarding to Nginx on port 8080, Nginx will also handle all HTTPS traffic. PHP-FPM will be configured to use a socket instead of a loopback connection and MariaDB 10.1 will be used to handle the database for this site.
  • The configuration files used here are available for download here. It’s in git so check the branches.
  • We’ll now need to start the services in order to request the SSL certificates from Let’s Encrypt:
systemctl start varnish nginx php-fpm mariadb
  • Request and install the SSL certificate and configure a cron to renew it every 30 days:
certbot certonly -a webroot --webroot-path=/var/www/html/blog -d blog.donthurt.us
[root@centoscloud ~]# crontab -u root -l
30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
35 2 * * 1 /usr/bin/systemctl reload nginx
  • As seen below, HTTP traffic is going through Varnish to Nginx while Nginx handles all HTTPS traffic:
[root@centoscloud ~]# curl --head http://blog.donthurt.us
HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Mon, 13 Feb 2017 09:29:43 GMT
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/7.0.15
Link: &lt;http://blog.donthurt.us/wp-json/&gt;; rel="https://api.w.org/"
X-Cache: EXPIRED
X-Varnish: 327744 262211
Age: 3
Via: 1.1 varnish-v4
Connection: keep-alive

[root@centoscloud ~]# curl --head https://blog.donthurt.us
HTTP/1.1 200 OK
Server: nginx/1.10.2
Date: Mon, 13 Feb 2017 09:31:01 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.0.15
Link: &lt;https://blog.donthurt.us/wp-json/&gt;; rel="https://api.w.org/"
X-Cache: HIT

One thought on “New VPS setup

  1. Pingback:Memcached and WordPress – Blag

Leave a Reply

Your email address will not be published. Required fields are marked *