server:installation
                Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
| server:installation [2019/05/06 11:27] – kevin | server:installation [2019/05/12 18:21] (Version actuelle) – [HTTPS] kevin | ||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| ====== Installation et configuration d'un serveur Debian ====== | ====== Installation et configuration d'un serveur Debian ====== | ||
| - | |||
| - | ===== À faire ===== | ||
| - | * Installer Apache | ||
| - | * Installer MySQL | ||
| - | * Installer PHP | ||
| - | * Installer pare-feu (iptable ? fail2ban ?) | ||
| - | * Installer serveur NTP ? | ||
| ===== Préparation du disque d' | ===== Préparation du disque d' | ||
| Ligne 25: | Ligne 18: | ||
| Personnalisations : | Personnalisations : | ||
| - | + | * Ne pas forcer l' | |
| - | Ne pas forcer l' | + |  | 
| - | + | ||
| - | Schéma de partitionnement du disque : separate /home, /var, and /tmp partitions et garder les valeurs proposées. | + | |
| ===== Installer sudo ===== | ===== Installer sudo ===== | ||
| Ligne 85: | Ligne 76: | ||
| </ | </ | ||
| - | Par exemple, interdire | + | Interdire | 
| <file bash> | <file bash> | ||
| PermitRootLogin no | PermitRootLogin no | ||
| + | AllowUsers toto | ||
| </ | </ | ||
| Ligne 152: | Ligne 144: | ||
| :INPUT DROP [0:0] | :INPUT DROP [0:0] | ||
| :FORWARD DROP [0:0] | :FORWARD DROP [0:0] | ||
| - | :OUTPUT ACCEPT [687:218631] | + | :OUTPUT ACCEPT [0:0] | 
| # Allow internal traffic on the loopback device | # Allow internal traffic on the loopback device | ||
| Ligne 280: | Ligne 272: | ||
| * https:// | * https:// | ||
| * https:// | * https:// | ||
| + | |||
| + | ===== Installer et configurer ddclient ===== | ||
| + | '' | ||
| + | |||
| + | Installer '' | ||
| + | <code bash> | ||
| + | sudo apt install ddclient | ||
| + | </ | ||
| + | |||
| + | Éditer le fichier de configuration : | ||
| + | <code bash> | ||
| + | sudo nano / | ||
| + | </ | ||
| + | |||
| + | <file bash> | ||
| + | # Configuration file for ddclient generated by debconf | ||
| + | # | ||
| + | # / | ||
| + | |||
| + | syslog=yes | ||
| + | # | ||
| + | daemon=21600 | ||
| + | ssl=yes | ||
| + | protocol=dyndns2 | ||
| + | use=web | ||
| + | server=www.ovh.com | ||
| + | login=mondomaine.net-login | ||
| + | password=' | ||
| + | dyn.mondomaine.net | ||
| + | </ | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | Le paquet '' | ||
| + | </ | ||
| + | |||
| + | Redémarrer le service : | ||
| + | <code bash> | ||
| + | sudo service ddclient restart | ||
| + | </ | ||
| + | |||
| + | Vérifier que le service soit démarré : | ||
| + | <code bash> | ||
| + | sudo / | ||
| + | </ | ||
| + | |||
| + | Vérifier que le processus est en cours : | ||
| + | <code bash> | ||
| + | sudo ps aux | grep ddclient | ||
| + | </ | ||
| + | |||
| + | Vérifier les logs : | ||
| + | <code bash> | ||
| + | sudo cat / | ||
| + | </ | ||
| + | |||
| + | ==== Sources ==== | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | |||
| + | ===== Services web (Apache, MariaDB, PHP) ===== | ||
| + | ==== MariaDB ==== | ||
| + | Installer MariaDB : | ||
| + | <code bash> | ||
| + | sudo apt install mariadb-server mariadb-client | ||
| + | </ | ||
| + | |||
| + | Lancer l' | ||
| + | <code bash> | ||
| + | sudo mysql_secure_installation | ||
| + | </ | ||
| + | |||
| + | <code [enable_line_numbers=" | ||
| + | NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB | ||
| + | SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! | ||
| + | |||
| + | In order to log into MariaDB to secure it, we'll need the current | ||
| + | password for the root user. If you've just installed MariaDB, and | ||
| + | you haven' | ||
| + | so you should just press enter here. | ||
| + | |||
| + | Enter current password for root (enter for none): | ||
| + | OK, successfully used password, moving on... | ||
| + | |||
| + | Setting the root password ensures that nobody can log into the MariaDB | ||
| + | root user without the proper authorisation. | ||
| + | |||
| + | Set root password? [Y/n] y | ||
| + | New password: <mot de passe> | ||
| + | Re-enter new password: <mot de passe> | ||
| + | Password updated successfully! | ||
| + | Reloading privilege tables.. | ||
| + | ... Success! | ||
| + | |||
| + | |||
| + | By default, a MariaDB installation has an anonymous user, allowing anyone | ||
| + | to log into MariaDB without having to have a user account created for | ||
| + | them. This is intended only for testing, and to make the installation | ||
| + | go a bit smoother. | ||
| + | production environment. | ||
| + | |||
| + | Remove anonymous users? [Y/n] y | ||
| + | ... Success! | ||
| + | |||
| + | Normally, root should only be allowed to connect from ' | ||
| + | ensures that someone cannot guess at the root password from the network. | ||
| + | |||
| + | Disallow root login remotely? [Y/n] y | ||
| + | ... Success! | ||
| + | |||
| + | By default, MariaDB comes with a database named ' | ||
| + | access. | ||
| + | before moving into a production environment. | ||
| + | |||
| + | Remove test database and access to it? [Y/n] y | ||
| + | - Dropping test database... | ||
| + | ... Success! | ||
| + | - Removing privileges on test database... | ||
| + | ... Success! | ||
| + | |||
| + | Reloading the privilege tables will ensure that all changes made so far | ||
| + | will take effect immediately. | ||
| + | |||
| + | Reload privilege tables now? [Y/n] y | ||
| + | ... Success! | ||
| + | |||
| + | Cleaning up... | ||
| + | |||
| + | All done! If you've completed all of the above steps, your MariaDB | ||
| + | installation should now be secure. | ||
| + | |||
| + | Thanks for using MariaDB! | ||
| + | </ | ||
| + | |||
| + | MariaDB est dès à présent sécurisé. | ||
| + | |||
| + | === Créer un utilisateur avec tous les privilèges === | ||
| + | <code bash> | ||
| + | sudo mysql | ||
| + | </ | ||
| + | |||
| + | <code sql> | ||
| + | GRANT ALL ON *.* TO ' | ||
| + | </ | ||
| + | <code sql> | ||
| + | FLUSH PRIVILEGES; | ||
| + | </ | ||
| + | <code sql> | ||
| + | QUIT; | ||
| + | </ | ||
| + | |||
| + | ==== Apache ==== | ||
| + | Installer Apache : | ||
| + | <code bash> | ||
| + | sudo apt install apache2 | ||
| + | </ | ||
| + | |||
| + | Ajouter une règle dans le pare-feu (voir [[installation# | ||
| + | <file bash> | ||
| + | # Accept HTTP | ||
| + | -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT | ||
| + | </ | ||
| + | |||
| + | Chemins à connaître : | ||
| + | * Racine des documents : ''/ | ||
| + | * Fichier de configuration : ''/ | ||
| + | * Modules : ''/ | ||
| + | * Virtual hosts : ''/ | ||
| + | * Global configuration fragments : ''/ | ||
| + | |||
| + | === Déplacer le répertoire www === | ||
| + | Copier le répertoire ''/ | ||
| + | <code bash> | ||
| + | sudo cp -r /var/www/ /home/www/ | ||
| + | </ | ||
| + | |||
| + | Il est également possible de copier le répertoire (et les droits associés) avec [[https:// | ||
| + | |||
| + | Remplacer toutes les occurrences de ''/ | ||
| + | * ''/ | ||
| + | * ''/ | ||
| + | * ''/ | ||
| + | |||
| + | Redémarrer Apache : | ||
| + | <code bash> | ||
| + | sudo systemctl restart apache2 | ||
| + | </ | ||
| + | |||
| + | ==== PHP ==== | ||
| + | Installer PHP et plusieurs modules courants : | ||
| + | <code bash> | ||
| + | sudo apt install php libapache2-mod-php php-mysql php-curl php-gd php-intl php-json php-mbstring php-xml php-zip php-sqlite3 php-imagick php-mcrypt php-memcache | ||
| + | </ | ||
| + | |||
| + | Redémarrer Apache : | ||
| + | <code bash> | ||
| + | sudo systemctl restart apache2 | ||
| + | </ | ||
| + | |||
| + | Tester : | ||
| + | <code bash> | ||
| + | sudo nano / | ||
| + | </ | ||
| + | |||
| + | <file php info.php> | ||
| + | <?php | ||
| + | phpinfo(); | ||
| + | </ | ||
| + | |||
| + | ==== phpMyAdmin ==== | ||
| + | Installer phpMyAdmin : | ||
| + | <code bash> | ||
| + | sudo apt install phpmyadmin | ||
| + | </ | ||
| + | |||
| + | FIXME Configurer | ||
| + | |||
| + | Tester le fonctionnement de phpMyAdmin en se rendant sur http:// | ||
| + | |||
| + | S'il n'est pas accessible, il faut modifier la configuration du serveur Apache. | ||
| + | |||
| + | Éditer ''/ | ||
| + | <code bash> | ||
| + | sudo nano / | ||
| + | </ | ||
| + | |||
| + | Ajouter la ligne suivante à la fin du fichier : | ||
| + | <file bash> | ||
| + | Include / | ||
| + | </ | ||
| + | |||
| + | Redémarrer le serveur Apache : | ||
| + | <code bash> | ||
| + | sudo systemctl restart apache2 | ||
| + | </ | ||
| + | |||
| + | ==== HTTPS ==== | ||
| + | Activer le module SSL : | ||
| + | <code bash> | ||
| + | sudo a2enmod ssl | ||
| + | </ | ||
| + | |||
| + | Recharger la configuration d' | ||
| + | <code bash> | ||
| + | sudo systemctl reload apache2 | ||
| + | </ | ||
| + | |||
| + | Finalement, suivre les instructions données [[https:// | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | Ne pas oublier d' | ||
| + | </ | ||
| + | |||
| + | |||
| + | ==== Sources ==== | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| + | * https:// | ||
| ===== Divers liens utiles ===== | ===== Divers liens utiles ===== | ||
| * https:// | * https:// | ||
| * https:// | * https:// | ||
server/installation.1557134878.txt.gz · Dernière modification : 2019/05/06 11:27 de kevin
                
                