Due to the fact that php5.6-curl only works with libcurl3 and Debian 10 is shipped with libcurl4 with no option to downgrade lib curl, it appears you can only use Debian 9 when wanting to use the old PHP 5.6 and curl extensions.
Install updates for Debian
apt-get update
followed by
apt-get dist-upgrade
sudo: command not found
After installation of Debian 9.11 and you try to install a package you might get the message: bash: sudo: command not found
To install sudo, run the following:
su
apt-get install sudo
Give the user the right to run sudo
usermod -aG sudo username
Log out the user to refresh the group permissions of the user
Reference: https://chewett.co.uk/blog/477/sudo-command-not-found-debian-fixed/
Install the firewall ufw on Debian
Run the package installer:
sudo apt-get install ufw
To configure your server to allow incoming SSH connections, use this command:
sudo ufw allow ssh
Enable the firewall
sudo ufw enable
Reference: https://www.tecmint.com/how-to-install-and-configure-ufw-firewall/
Install the Apache Web Server
Update the local package index to reflect the latest upstream changes:
sudo apt update
Install the apache2 package
sudo apt install apache2
Configure the firewall for port 80
sudo ufw allow in 'WWW Full'
On your local computer you can check ‘localhost’ in the browser to see if Apache is running.
To test the install from another computer find the IP address of the server with:
ip addr show
Reference: https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-debian-9
Install MYSQL 8.0
MySQL 8.0 packages are available on the official MySQL Dev apt repository
sudo apt -y install wget
wget https://repo.mysql.com//mysql-apt-config_0.8.13-1_all.deb
sudo dpkg -i mysql-apt-config_0.8.13-1_all.deb
If you get an error message “lsb-release is not installed.” – run the following:
sudo apt-get update
sudo apt-get install lsb-release
sudo apt update
sudo apt -y install mysql-server
Reference: https://computingforgeeks.com/how-to-install-mysql-8-0-on-debian/
Update the my.cnf file
Add the following information (depends based on your own requirements)
Setting innodb_dedicated_server=1 is an important one.
sudo nano /etc/mysql/my.cnf
[mysqld]
default_authentication_plugin=mysql_native_password
collation-server=utf8_unicode_ci
character-set-server=utf8
innodb_dedicated_server=1
innodb_flush_log_at_trx_commit=1
sync_binlog=1
local_infile=1
sql-mode="TRADITIONAL"
[client]
local_infile=1
Install PHP5.6
sudo apt update
sudo apt upgrade
sudo apt install ca-certificates apt-transport-https
wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
echo "deb https://packages.sury.org/php/ stretch main" | sudo tee /etc/apt/sources.list.d/php.list
sudo apt update
sudo apt install php5.6
sudo apt install php5.6-cli php5.6-common php5.6-curl php5.6-mbstring php5.6-mysqlnd php5.6-xml
Create a PHP Info page to see if it is all working.
sudo nano /var/www/html/info.php
Type in:
<?php phpinfo(); ?>
Enter ctrl+x, y and enter
In your browser go to your https://webserver/info.php
Reference: https://tecadmin.net/install-php-debian-9-stretch/
Install phpMyAdmin
sudo nano /etc/mysql/my.cnf
Add the following lines:
[mysqld]
default_authentication_plugin=mysql_native_password
collation-server=utf8_unicode_ci
character-set-server=utf8
Restart mysql server
sudo service mysql restart
Install phpmyadmin with
sudo apt install phpmyadmin php-mbstring php-gettext
Select apache2 by pressing SPACE, TAB and then enter
Configure database for phpmyadmin with dbconfig-common?
Choose no, as the installer will fail
Login to phpmyadmin with root
http://webserver/phpmyadmin
Create a new database called phpmyadmin, click on the Operations tab
Click ‘Create the phpMyAdmin configuration storage
Create an user called phpmyadmin
Choose ‘Native MySQL authentication’
For some reason after adding the user an error was generated, click on the phpmyadmin user, reenter the password and flush privileges.
Give user phpmyadmin full privileges to the database phpmyadmin
Setup SFTP
Using this method with the least amount of configuration, we will create a Match User
directive in the SSH config and add your SFTP user to the www-data
group.
Create user
sudo adduser webdev
Add Match User
Directive in SSH Config
Restrict the user webdev
to the document root and also disable their SSH access – we only want them to be able to log in over SFTP. We can do this by adding a Match User
directive in the SSH config file.
Begin by opening sshd_config
.
sudo nano /etc/ssh/sshd_config
Scroll down to the bottom of the SSH config file and add your new Match User
directive.
Make sure that ChrootDirectory
is the directory above your document root. For example, if your document root is /var/www/html/
, then the ChrootDirectory
is /var/www/
.
If you followed one of our previous guides on hosting multiple domains on Apache or Nginx, your document root may be located in /var/www/mydomain.com/public_html
, in that case, your ChrootDirectory
would be /var/www/mydomain.com/
.
Note you can add multiple users here separated by a comma, e.g. Match User webdev, webdev2, webdev3
/etc/ssh/sshd_config
Match User webdev
ChrootDirectory /var/www/
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
Save and exit (press CTRL
+ X
, press Y
and then press ENTER
)
Test SSH config before restarting.
sudo sshd -t
If no errors, restart the sshd
service for changes to take affect.
sudo service sshd restart
Setup SFTP
Add SFTP User to www-data
Add your SFTP user webdev
to the www-data
group.
sudo usermod -a -G www-data webdev
Note: Linux groups do not take affect until the user logs out and in again. If you are already logged in as this user in your FTP client, close the program completely and then log in again.
Set Directory Permissions
SFTP is very strict when it comes to chroot directory permissions and if they are not set correctly, you will not be able to login.
- The chroot directory and all of its parents must not have group or world write capabilities. In other words, you must make sure
/var/www/
is set to 755
. (not 775
, which gives group write permissions). - The chroot directory and all of its parents must be owned by
root
.
Assuming that your chroot is /var/www/
, ensure that the directory is set to 755
.
sudo chmod 755 /var/www/
Ensure your chroot directory is owned by root.
sudo chown root:root /var/www/
To check permissions for this directory:
sudo ls -ld /var/www/
Output:
drwxr-xr-x 14 root root 4096 Jun 3 14:28 /var/www/
Make sure the document root is set to 775
, which will allow groups write to this directory.
sudo chmod 775 /var/www/html
Make sure that your document root and all contents are owned by www-data
.
sudo chown -R www-data:www-data /var/www/html*
Change all directories in the document root to 775
. This will allow both the owner (www-data
) and its group (which SFTP users belong to) to read, write and execute folders.
sudo find /var/www/html/ -type d -exec chmod 775 {} \;
Change all filesin the document root to 664
, this will allow both the owner and the group to read, write and execute files.
sudo find /var/www/html/ -type f -exec chmod 664 {} \;
Make sure that any new files or folders created by SFTP users inherit the www-data
group.
sudo find /var/www/html -type d -exec chmod g+s {} \;
Now log into SFTP with you preferred FTP client and make sure you can create, edit and delete files and folders.
If you are not able to log in, check the auth log for the last 50 entries.
sudo tail -n 50 /var/log/auth.log
Adding More SFTP Users
If you need to provide other SFTP users write access to the document root, simply add their usernames separated by a comma, e.g. Match User webdev, webdev2, webdev3
in sshd_config
(step 4.1) and then add the SFTP user to the www-data
group .
Source: https://devanswers.co/configure-sftp-web-server-document-root/