How to Set Up an Email Server with Postfix, Dovecot and Roundcube on Ubuntu 18.04

Postfix is a Mail Transfer Agent(Agent). It is a powerful open-source application that is capable of receiving and sending emails.

Dovecot is a free open-source POP3 and IMAP server that delivers and retrieves emails to local mailboxes on the Linux system.

Roundcube is a web-based email client that works pretty well with Postfix and Dovecot.

While utilizing the POP and IMAP protocol on Dovecot, Roundcube can read emails stored by Dovecot on virtual mailboxes.

At the same time, Roundcube can submit emails to Postfix using the SMTP protocol.

So by harnessing the power of three open source applications (Postfix, Dovecot, and Roundcube), you can create a fully functional send/receive email server.

This is a comprehensive guide for setting up an email server with Postfix, Dovecot, and Roundcube on Ubuntu 18.04 server.

Note: For a better experience with Postfix, Sign up with Digital Ocean and get up to $100 free trial credit. We recommend Digital Ocean because they allow outbound and inbound traffic to port 25.

Prerequisites

To follow along with this guide, you will require the following:

  1. A new VPS(Virtual Private Server) account. Sign up with Digital Ocean and enjoy up to $100 worth of free trial credit.
  2. A domain name(e.g. example.com)
  3. A VPS instance running Ubuntu 18.04 as the operating system
  4. A non-root user that can perform sudo tasks

Step 1: Configuring DNS Server

Your email server must have a fully qualified domain name.

To set up this, you must point the A record of your domain to the public IP address associated with your VPS instance.

You must also set MX records on your domain name DNS records editor. This is done from the control panel of your VPS provider.

Then, you need to change the hostname of your server.

To edit the server hostname, open the /etc/hostname file and change the name to something appropriate e.g., mail

$ sudo nano /etc/hostname

Save the file by pressing CTRL+X, Y and, Enter

The next step is editing the hosts’ file /etc/hosts. Open the file using nano text editor.

$ sudo nano /etc/hosts

Make sure you have the below two entries at the top of the file. Replace example.com with your domain name.

127.0.0.1    localhost
127.0.1.1    mail.example.com mail

Reboot the system

$ sudo reboot

Step 2: Installing Apache Web Server

With the server name and DNS records configured, we will go ahead and install Apache web server.

Apache is primarily needed by Roundcube email client for it to run from a browser like Google Chrome.

Install Apache.

$ sudo apt-get update
$ sudo apt-get install apache2

Press Y and hit Enter when prompted to confirm the installation.

Also, make sure the Mod_Rewrite module is enabled. This will be required for Roundcube to work:

$ sudo a2enmod rewrite

Restart Apache.

$ sudo systemctl restart apache2

Step 3: Installing MySQL Database Server

Roundcube requires MySQL for it to work, so we are going to install the database server.

$ sudo apt-get install mysql-server

Press Y and Enter to confirm the installation.

Next, run the command below to secure MySQL database server.

$ sudo mysql_secure_installation

Step 3: Installing Let’s Encrypt Certificate

In order for the mail server to use SSL, we need to install an SSL certificate.

To do this, run the command below and remember to replace example.com with the exact domain name that you intend to use with your mail server.

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache
$ sudo certbot --apache -d example.com -d www.example.com

Step 3: Installing PHP Scripting Language

Roundcube is written in PHP. As such, we need to install PHP together with all associated modules required by Roundcube.

$ sudo apt-get install php libapache2-mod-php php-mysql

Again, press Y when prompted to confirm the installation and hit Enter to continue.

Step 4: Installing Postfix MTA

Next, we are going to install Postfix Mail Transfer Agent (MTA). To do this, run the command below:

$ sudo apt-get install postfix

Press Y and hit Enter when prompted to confirm the installation.

On the next screen, hit TAB then Enter to continue.

You will be prompted to select the mail server configuration type. Choose Internet Site and press TAB and Enter to continue.

On the next screen, you should enter the name of your domain without the ‘www’ part.

So, if your domain name is www.example.com, enter example.com on the system mail name field and hit Tab and Enter to continue.

After a few seconds, Postfix will be successfully installed on your Ubuntu 18.04 server

Step 5: Configuring Postfix

Postfix MTA is a very powerful and secure out-of-the-box. However, it requires a few configurations for it to work with Ubuntu 18.04 and Dovecot.

The main Postfix configuration file is located at /etc/postfix/main.cf.

We will back up this file before editing it by running the command below.

$ sudo mv /etc/postfix/main.cf /etc/postfix/main.cf.bk

This ensures that we can go back to the default settings in case we mess up with the Postfix configuration.

Next, we can create a new Postfix configuration file using nano text editor:

$ sudo nano /etc/postfix/main.cf

Paste the below information on the file and remember to replace example.com with your domain name.

# GENERAL SETTINGS

smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no

# SMTP SETTINGS 

smtp_use_tls=yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# SMTPD SETTINGS 

smtpd_use_tls=yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,  reject_unauth_destination

# SASL SETTINGS

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# VIRTUAL MAIL BOX AND LMTP SETTINGS

virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains



# OTHER SETTINGS

myhostname = mail.example.com
myorigin = /etc/mailname
mydestination =  localhost.$mydomain, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

Once you add the settings above, save and close the file.

Step 6: Creating Virtual Mail Box Domains

Our Postfix configuration file that we created above instructed the mail server to look for virtual mailbox domains from the /etc/postfix/virtual_mailbox_domains file.

We need to add the domains that we intend to use with the mail server on this file. You can add as many domains as you want.

To keep things simple, we are adding the example.com domain.

Open the file:

$ sudo nano /etc/postfix/virtual_mailbox_domains

Then, add the entry below. Please note, the entry MUST be in two parts as shown below.

example.com #domain

Save and close the file when done.

Since Postfix is not configured to read plain text files, we will convert the file to a format that it can understand using the command below:

$ sudo postmap /etc/postfix/virtual_mailbox_domains

Remember, you must run that command each time you edit the /etc/postfix/virtual_mailbox_domains file.

The next step is setting up the Postfix’s master configuration file /etc/postfix/master.cf.

Open the file using nano text editor.

$ sudo nano /etc/postfix/master.cf

Look for the line below.

#submission inet n       -       y       -       -       smtpd

Then, remove the leading # symbol to uncomment it:

submission inet n       -       y       -       -       smtpd

When done, save the file and close it.

Step 7: Installing Dovecot on Ubuntu 18.04

Next, we will install Dovecot and all associated packages necessary for running IMAP, POP and LMTP protocol.

$ sudo apt-get install dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd

Step 8: Configuring Dovecot mail_location

In order for Dovecot to communicate with Postfix and our virtual mailbox domains, we need to make a few changes to its configuration files.

We will start off by editing the /etc/dovecot/conf.d/10-mail.conf file

$ sudo nano /etc/dovecot/conf.d/10-mail.conf

Locate the mail_location parameter :

mail_location = mbox:~/mail:INBOX=/var/mail/%u

Then, change its value as shown below :

mail_location = maildir:/var/mail/vhosts/%d/%n

Save and close the file

In a nutshell, we have instructed Dovecot to look for mails on the /var/mail/vhosts directory.

So for Dovecot to work, we need to create a sub-directory for each domain we intend to use with our email server.

Step 9: Creating Dovecot vhosts Directory

Let’s create the vhosts directory first:

$ sudo mkdir /var/mail/vhosts

Then we can go ahead and create the sub-directory for our domain name.

$ sudo mkdir /var/mail/vhosts/example.com

If you have multiple domains, repeat the command above while replacing the last part of the directory name(example.com) with the name of each domain.

Step 10: Creating Dovecot vmail User and Group

The next step is creating a vmail user and a group. We will also assign the user access to the vhosts directories that we created above.

First, let’s create the group:

$ sudo groupadd -g 5000 vmail

Next, we can create a vmail user and the same to the group that we have created above:

$ sudo useradd -r -g vmail -u 5000 vmail -d /var/mail/vhosts -c "virtual mail user"

Then, we need to assign the ownership of the directories to the vmail user.

$ sudo chown -R vmail:vmail /var/mail/vhosts/

Step 11: Enabling Dovecot for Secure POP3 and IMAP Services

Next we are going to edit the /etc/dovecot/conf.d/10-master.conf file and enable IMAPs and POP3 secure services.

First, open the file

$ sudo nano /etc/dovecot/conf.d/10-master.conf

Then, find the entries below.

inet_listener imaps {
    #port = 993
    #ssl = yes
  }

Change them to:

inet_listener imaps {

    port = 993
    ssl = yes
  }

On the same file, locate the below content.

inet_listener pop3s {

    #port = 995
    #ssl = yes

  }

Change the above to:

inet_listener pop3s {

    port = 995
    ssl = yes

  }

Step 12: Setting up Dovecot LMTP service

On the same file, we need to enable the LMTP service.

Find the entries below:

service lmtp {

unix_listener lmtp {

#mode = 0666

}

And change them to:

service lmtp {

unix_listener /var/spool/postfix/private/dovecot-lmtp {

mode = 0600
user = postfix
group = postfix

 }

Don’t close the file yet.

Step 13: Configuring Dovecot Authentication Socket

We need to configure the authentication socket. So, locate:

service  auth {

...

  # Postfix smtp-auth

  #unix_listener /var/spool/postfix/private/auth {

  #  mode = 0666

  #}



}

And change the above entries to:

service auth {

...

#Postfix smtp-auth

unix_listener /var/spool/postfix/private/auth {

mode = 0666

user=postfix

group=postfix

}

...

Save and close the file when done.

Step 14: Setting Up Dovecot Authentication Process

Next, we will set up Dovecot authentication process by editing the /etc/dovecot/conf.d/10-auth.conf file:

$ sudo nano /etc/dovecot/conf.d/10-auth.conf

Find the entry below.

# disable_plaintext_auth = yes

Then, uncomment it by removing the leading pound symbol

disable_plaintext_auth = yes

Also, we have to change the authentication mechanism from plain to plain login.

On the same file, find the below entry.

auth_mechanisms = plain

And change it to:

auth_mechanisms = plain login

We can now set up the users and passwords configurations.

We will use a password file since it is a flexible method for configuring new users.

First,  disable the default Dovecot behavior for authenticating users using system information.

Locate the line:

!include auth-system.conf.ext

And comment it by adding a pound symbol(#) at the beginning :

#!include auth-system.conf.ext

Then, enable password file configuration. Locate the entry below.

#!include auth-passwdfile.conf.ext

Then, change it to:

!include auth-passwdfile.conf.ext

Save and close the file

Next we will edit the /etc/dovecot/conf.d/auth-passwdfile.conf.ext file.

$ sudo nano /etc/dovecot/conf.d/auth-passwdfile.conf.ext

Make sure the file looks as shown below:

passdb {

  driver = passwd-file

  args = scheme=PLAIN username_format=%u /etc/dovecot/dovecot-users

}



userdb {

driver = static

args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n



 # Default fields that can be overridden by passwd-file

 #default_fields = quota_rule=*:storage=1G

 # Override fields from passwd-file

 #override_fields = home=/home/virtual/%u

}

Save and close the file.

Step 15: Creating Dovecot Password File

The next step is creating a password file for each user that we intend to assign an email account.

$ sudo nano /etc/dovecot/dovecot-users

Users must be added using the format user@domainname.com  followed by the password.

Example:

admin@example.com:{plain}Mis25sOpdsio

You can add as many users as you want and finally save and close the file.

In order for Dovecot to work with SSL for security reasons, we will make a few changes to the /etc/dovecot/conf.d/10-ssl.conf file

$ sudo nano /etc/dovecot/conf.d/10-ssl.conf

Change the ssl parameter value from no to required.

Locate:

ssl = no

And change it to:

ssl = required

Step 16: Configuring Dovecot to Use Let’s Encrypt Certificate

The next step is to point the Let’s encrypt certificate files that were generated earlier to Dovecot.

Find the below two lines on the /etc/dovecot/conf.d/10-ssl.conf file:

#ssl_cert = </etc/dovecot/dovecot.pem

#ssl_key = </etc/dovecot/private/dovecot.pem

Then change their values to:

ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem

ssl_key = </etc/letsencrypt/live/example.com/privkey.pem

Save and close the file and restart Apache, Postfix and Dovecot for the changes to be effected:

$ sudo service apache2 restart 
$ sudo service postfix restart 
$ sudo service dovecot restart

Step 17: Installing Roundcube

The next step is installing Roundcube email client on Ubuntu 18.04 server.

Since the Roundcube package is available on the Ubuntu software repository, we are going to run the command below to install it:

$ sudo apt-get install roundcube

Press Y and hit Enter when prompted to confirm the installation.

Next, add Roundcube path to the default SSL configuration file:

$ sudo nano /etc/apache2/sites-enabled/000-default-le-ssl.conf

Add Alias /mail /usr/share/roundcube below ServerAlias www.example.com

Alias /mail /usr/share/roundcube

Save and close the file. Then, restart Apache for the changes to take effect

$ sudo service apache2 restart

Step 18: Testing the Configuration

To test the configuration, visit www.example.com/mail on your server and replace example.com with your domain name.

You should see a page similar to the one shown below.

Enter the username and password that you created on the Dovecot password file to login. On the server field, enter ‘localhost’.

If you have reached this step, congratulations! From this point forward, you can start sending and receiving emails right from the Roudcube dashboard as shown below.

To check Postfix error log file, run the command below.

$ sudo tail -f /var/log/syslog | grep postfix

You can also telnet Gmail servers to make sure outbound traffic from port 25 is allowed from your VPS provider.

$ telnet alt4.gmail-smtp-in.l.google.com 25

In case the port is blocked, contact your VPS provider and ask them to enable it.

They will be more than happy to assist you provided you won’t send SPAM emails from the server.

Conclusion

In this guide, we have shown you how to configure an email server with Postfix, Dovecot, and Roundcube on Ubuntu 18.04 VPS.

We hope you enjoyed the guide. To test out configuring email with Postfix, Dovecot, and Roundcube, Sign up with Digital Ocean today and enjoy up to $100 worth of free cloud credit!

How to Setup Linux, Nginx, MariaDB and PHP (LEMP) Stack on CentOS 7

LEMP stack is a collection of four open-source applications that are installed together on a server to run dynamic websites. These include Linux, Nginx, MariaDB, and PHP.

When setting up a VPS (Virtual Private Server) account, you will be prompted to select a Linux image (e.g. CentOS 7) when deploying the server. Linux is an operating system based on the Linux Kernel. It is very powerful, secure and runs most of the world’s servers.

Nginx is an event-driven web server popularly used for serving dynamic content. It has a very predictable performance, especially for high trafficked websites.

MariaDB is a fork of MySQL database and is compatible with all SQL commands. It is considered as a drop-in replacement for MySQL. The Relational Database Management System is fast, highly scalable and secure.

PHP is a scripting language that is popularly used as the middleware between the database server and web server.

In this guide, we will show you how to install Nginx, MariaDB, and PHP on a VPS plan running CentOS 7 as the operating system.

Prerequisites

Before you begin make sure you have the following:

Step 1: Installing Nginx on CentOS 7

Nginx packages are available in the EPEL repositories. If you don’t have EPEL repository already installed you can do it by typing:

Nginx packages can be pulled from the EPEL repositories, so you can first install it by typing the command below:

$ sudo yum install epel-release

Once installed, run the command below to install Nginx

$ sudo yum install nginx

Press Y and hit Enter when prompted to confirm the installation. Next, enable the Nginx server by typing the command below:

$ sudo systemctl start nginx

In order to start the web server when the system is rebooted, run the command below:

$ sudo systemctl enable nginx

The default CentOS 7 inbuilt firewall is set to block Nginx traffic. In order to allow inbound traffic to the Nginx server, run the commands below:

$ sudo firewall-cmd --zone=public --permanent --add-service=http
$ sudo firewall-cmd --zone=public --permanent --add-service=https
$ sudo firewall-cmd --reload

To check if Nginx was successfully installed on your server, enter the IP address associated with your VPS instance on a web browser like Google Chrome:

$ 192.0.0.1

You should see the default Nginx home page as shown below:

Alternatively, if you wish to check the status of the web server on the command line tool, enter the command below:

$ sudo systemctl status nginx

Output:

nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset                                             : disabled)

Active: active (running) since Wed 2019-02-13 07:52:14 UTC; 3min 17s ago

Main PID: 12740 (nginx)

CGroup: /system.slice/nginx.service

├─12740 nginx: master process /usr/sbin/nginx

└─12741 nginx: worker process



Feb 13 07:52:14 lemp-server-1 systemd[1]: Starting The nginx HTTP and revers....

Feb 13 07:52:14 lemp-server-1 nginx[12735]: nginx: the configuration file /e...k

Feb 13 07:52:14 lemp-server-1 nginx[12735]: nginx: configuration file /etc/n...l

Feb 13 07:52:14 lemp-server-1 systemd[1]: Failed to read PID from file /run/...t

Feb 13 07:52:14 lemp-server-1 systemd[1]: Started The nginx HTTP and reverse....

Hint: Some lines were ellipsized, use -l to show in full.

Step 2: Installing MariaDB on CentOS 7

Next, we are going to install the MariaDB database server on the CentOS 7 machine. We are going to use the yum package manager

$ sudo yum install mariadb-server

Press Y and hit Enter when prompted to confirm the installation. After a while, your MariaDB server installation should be completed.

To start the database server, run the command below:

$ sudo systemctl start mariadb

Just like we did for the Nginx server, we want to make sure that the database server is started when the system boots. To do this, run the command below

$ sudo systemctl enable mariadb

You can check if the MariaDB server is running by typing the command below

$ sudo systemctl status mariadb

Output:

mariadb.service - MariaDB database server

Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)

Active: active (running) since Wed 2019-02-13 08:02:03 UTC; 56s ago

Main PID: 12913 (mysqld_safe)

CGroup: /system.slice/mariadb.service

├─12913 /bin/sh /usr/bin/mysqld_safe --basedir=/usr

└─13075 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-...



Feb 13 08:02:01 lemp-server-1 mariadb-prepare-db-dir[12835]: MySQL manual for more instructions.

Feb 13 08:02:01 lemp-server-1 mariadb-prepare-db-dir[12835]: Please report any problems at http://mariadb.org/jira

Feb 13 08:02:01 lemp-server-1 mariadb-prepare-db-dir[12835]: The latest information about MariaDB is available at http...rg/.

Feb 13 08:02:01 lemp-server-1 mariadb-prepare-db-dir[12835]: You can find additional information about the MySQL part at:

Feb 13 08:02:01 lemp-server-1 mariadb-prepare-db-dir[12835]: http://dev.mysql.com

Feb 13 08:02:01 lemp-server-1 mariadb-prepare-db-dir[12835]: Consider joining MariaDB's strong and vibrant community:

Feb 13 08:02:01 lemp-server-1 mariadb-prepare-db-dir[12835]: https://mariadb.org/get-involved/

Feb 13 08:02:01 lemp-server-1 mysqld_safe[12913]: 190213 08:02:01 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.

Feb 13 08:02:01 lemp-server-1 mysqld_safe[12913]: 190213 08:02:01 mysqld_safe Starting mysqld daemon with databases f...mysql

Feb 13 08:02:03 lemp-server-1 systemd[1]: Started MariaDB database server.

The default MariaDB installation is not secure, so we are going to run the command below to set a root password, remove anonymous users and disable remote access

The default MariaDB installation is not secure, so we are going to run the command below to set a root password, remove anonymous users and disable remote access

$ sudo mysql_secure_installation
Enter current password for root (enter for none):
Set root password: Y
New password: STRONGPASSWORDHERE
Re-enter new password: REPEATSTRONGPASSWORDHERE
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Output:

Cleaning up...
All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

Once the MariaDB  installation is complete, you can log in to the database server using the command below:

$ sudo mysql -uroot -p

Enter the root password of your MariaDB server and press Enter to continue.

You should see the MariaDB command line interface

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

Once logged in, you can run any SQL command e.g., to list databases, run the command below:

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)

Step 3: Installing PHP on CentOS 7

Next, we are going to install PHP(Hypertext Preprocessor).

This is a general-purpose scripting language that is highly suitable for web applications. In fact, most Content Management Systems (CMS) are coded in PHP.

To install the PHP software package, run the command below:

$ sudo yum install php php-mysql php-fpm

Again, press Y and hit Enter when prompted to confirm the PHP installation on CentOS 7 server.

Once PHP is installed, we will make a few changes to the configuration file. Open the file using nano text editor

$ sudo nano /etc/php.ini

Then, look for the line below:

;cgi.fix_pathinfo=1

And change it to:

cgi.fix_pathinfo=0

Press CTRL+X, Y and hit Enter to continue.

Then, we are going to edit the PHP-fpm configuration file:

$ sudo nano /etc/php-fpm.d/www.conf

Make the following changes to the file:

listen = /var/run/php-fpm/php-fpm.sock
listen.owner = nginx
listen.group = nginx
user = nginx
group = nginx

We can now start the PHP package by running the command below:

$ sudo systemctl start php-fpm
$ sudo systemctl enable php-fpm

To enable Nginx to process PHP pages, we are going to create a configuration file using nano text editor

$ sudo nano /etc/nginx/conf.d/default.conf

Then, enter the following details:

server {
    listen   80;
    server_name  192.0.0.1;

    # note that these lines are originally from the "location /" block
    root   /usr/share/nginx/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Save the file by pressing CTRL+X, Y, and Enter. Then, restart the Nginx web server:

$ sudo systemctl restart nginx

To test if PHP is working, create PHP info file:

$ sudo nano sudo nano /usr/share/nginx/html/info.php

Then enter the information below:

<?php
 phpinfo();
?>

Save and close the file. Then, on a web browser visit the page below and remember to replace 192.0.0.1 with your IP address:

http://192.0.0.1/info.php

You should see a page similar to the one shown below with lots of information about PHP

Conclusion

That’s all when it comes to installing the LEMP stack on your VPS machine. Once the setup is complete, you can import your website files and have a fully functioning web server.

Remember to point your domain name DNS records the public IP address associated with your VPS machine.

New to VPS hosting and cloud computing. Sign up with Digitial Ocean today and enjoy up to $100 worth of free trial credit.

How to Install MySQL 8.0 Community Edition on Ubuntu 18.04

As of February 2019, MySQL 8.0 was the newest version of MySQL. The new and exciting version has great improvements that you probably don’t want to miss.

Being an open source database, MySQL 8.0 has been re-engineered to offer most Windows SQL  functions as well as extended JSON functions. The InnoDB engine has been improved to offer a crash-safe environment and the performance schema has been enhanced.

Another great feature that ships with MySQL 8.0 is role management for organizing users better.

You can take advantage of all these great MySQL 8.0 features by installing it on your Virtual Private Server(VPS).

This guide takes you through the steps of setting up MySQL 8.0 community edition on your Ubuntu 18.04 server.

Prerequisites

Before you begin, make sure you have the following:

  1. A VPS account. Signup with Digital Ocean and get free $100 credit to test this article and other cloud services.
  2. A non-root user that can perform sudo tasks on your Ubuntu 18.04 server.

Step 1: Downloading MySQL 8.0 Repository

The default MySQL edition available on the Ubuntu software repository is not the newest version. So we are going to manually download the repository using wget command.

First,  cd to the tmp directory:

$ cd /tmp

Then, add the repository.

$ wget https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb

Next, we are going to use the dpkg command to install the repository on Ubuntu 18.04 server:

$ sudo dpkg -i mysql-apt-config_0.8.12-1_all.deb

A dialog box will appear, choose OK and press Enter to continue.

Step 2: Installing MySQL 8.0 On Ubuntu 18.04 VPS

Next, update the package information index:

$ sudo apt-get update

To install MySQL, run the command below:

$ sudo apt-get install  mysql-server

Press Y and hit Enter when prompted to confirm the installation.

Towards the end of the installation, you will be prompted to enter the root user of your MySQL server; don’t confuse this with the root account of your VPS server.

 

Enter a strong password and hit Enter to continue. You will be prompted to repeat the password.

Select OK on the next dialog box and hit Enter

Then, select the right authentication plugin

The installation should be successfully installed.  You can confirm the MySQL version on your Ubuntu 18.04 server by running the command below:

$ mysql --version

Output:

mysql  Ver 8.0.15 for Linux on x86_64 (MySQL Community Server - GPL)

Step 3: Loggin to the MySQL 8.0 Server

To log in to the MySQL 8.0 server, run the command below:

$mysql -uroot -p

Enter the root password of the MySQL server and hit Enter to continue.

You will get a prompt similar to the one shown below:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.15 MySQL Community Server - GPL

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

You can then start issuing commands on the MySQL command line interface e.g., show databases;

mysql> show databases;

Output:

+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.00 sec

Conclusion

In this article, we have taken you through the steps of configuring MySQL 8.0 on your Ubuntu 18.04 VPS.

Sign up with Digital Ocean VPS today and get free $100 to deploy MySQL 8.0  on your next project to take advantage of improved features that you can’t find on other versions of MySQL.

How to Set up Multiple Websites on Ubuntu 18.04 VPS with Apache

Apache is one of the best open-source web servers that run millions of sites on the web. It is very fast, secure, flexible, and takes minutes to set up on a Linux server e.g., Ubuntu 18.04.

If you have purchased a VPS plan, there are high chances that you want to run multiple websites on your server. This will reduce additional costs which you would have incurred to deploy additional VPS machines.

Running multiple websites is possible on a single Ubuntu 18.04 server because Apache comes with a feature known as Virtual hosts that allows you to configure unlimited websites on a single server.

In this guide, we will take you through the steps of configuring multiple websites on your Ubuntu 18.04 with Apache.

Prerequisites

To follow along with the guide, you will require the following:

  1. A VPS account. Sign up with Digital Ocean today and get up to $100 worth of free credit to test this article and other cloud products.
  2. A non-root user account that can perform sudo tasks on your VPS server.

For better clarification, we will set up two domains: example.com and example.net on the server.

Step 1: Installing Apache Web Server

The first step is installing the web server. We will use Ubuntu apt manager to install Apache.

First,  update the package information index:

$ sudo apt-get update

Then, install Apache

$ sudo apt-get install apache2

Press Y and hit Enter when prompted to confirm the installation.

Once installed, you can enter the IP address associated with your VPS machine on a web browser like Google Chrome. If the Apache installation was completed successfully, you should see a page similar to the one shown below:

Step 2: Creating the First Virtual Host on Ubuntu 18.04 Server

Apache creates a virtual host when installed for the first time. The configuration file can be located at /etc/apache2/sites-available/000-default.conf. To avoid any conflicts, we need to  disable the virtual host by running the command below.

$ sudo a2dissite 000-default.conf

Next, create a virtual host configuration for the example.com domain.

$ sudo mkdir -p /var/www/example.com/public_html

Next,  we will change the ownership of the directory that we have created above.

$ sudo chown -R $USER:$USER /var/www/example.com/public_html

Then,  issue the right file permissions to the directory.

$ sudo chmod -R 755 /var/www/example.com/public_html

Also, to ensure that newly created files and directories inherit the permissions we  created above, we are going to run the command below:

$ sudo find /var/www/example.com/public_html -type d -exec chmod g+s {} \;

Once we have the directory for the example.com website in place, we can create a new virtual host configuration file and reference to that directory:

$ sudo nano /etc/apache2/sites-available/example.com.conf

Paste the information below:

<VirtualHost *:80>

    ServerAdmin admin@example.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/example.com/public_html>

Options -Indexes +FollowSymLinks -MultiViews
AllowOverride All          
Require all granted

</Directory>

</VirtualHost>

Next, enable the example.com virtual host by running the command below.

$ sudo a2ensite example.com.conf

We can create a sample home page for the example.com website. So, create the file using nano text editor:

$ sudo nano /var/www/example.com/public_html/index.html

Paste the information below in the file.

<html>
  <head>
    <title>Site 1</title>
  </head>
  <body>
    <h1>This is a sample page for example.com website</h1>
  </body>
</html>

Step 3: Creating the Second Virtual Host on Ubuntu 18.04 Server

Just like we have done for the example.com website, we need to create a directory for the example.net virtual host on Apache.

$ sudo mkdir -p /var/www/example.net/public_html

Then we need to change the file ownership and associate them to the currently logged in user.

$ sudo chown -R $USER:$USER /var/www/example.net/public_html

Then, run the command below to issue the right permissions.

$ sudo chmod -R 755 /var/www/example.net/public_html

Make sure that files created under the directory inherit permissions from the parent directory.

$ sudo find /var/www/example.net/public_html -type d -exec chmod g+s {} \;

Create a virtual host file for the example.net website.

$ sudo nano /etc/apache2/sites-available/example.net.conf

Then, paste the information below.

<VirtualHost *:80>
    ServerAdmin admin@example.net
    ServerName example.net
    ServerAlias www.example.net
    DocumentRoot /var/www/example.net/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/example.net/public_html>

Options -Indexes +FollowSymLinks -MultiViews
AllowOverride All           
Require all granted

</Directory>

</VirtualHost>

Close and save the file by pressing CTRL+X, Y and hit Enter.

Next, enable the example.net virtual host by running the command below:

$ sudo a2ensite example.net.conf

Next, create a sample home page for the example.net website.

$ sudo nano /var/www/example.net/public_html/index.html

Enter the information below;

<html>

  <head>

    <title>Site 2</title>

  </head>

  <body>

    <h1>This is a sample page for example.net website</h1>

  </body>

</html>

Press CTRL+X, Y and Enter to save the file.

Step 3: Restart Apache and Test the Configuration

In order for Apache to load the settings for the newly created virtual hosts, it must be restarted.

$ sudo systemctl restart apache2

Then, on your local computer, add the example.com and example.net domain names on the hosts file and point them to the public IP address of your VPS machine and save the file.

If you are running Windows, edit the file c:\Windows\System32\Drivers\etc\hosts and save it. Remember to replace 192.88.99.0 with the IP address associated with your VPS machine:

# Copyright (c) 1993-2009 Microsoft Corp.

...

# localhost name resolution is handled within DNS itself.

#             127.0.0.1       localhost

#             ::1             localhost

192.88.99.1 example.net

192.88.99.1 example.com

..

Then, save the file and visit the example.com on your browser. You should see a page similar to the one below:

Next, visit example.net on your browser to test the 2nd virtual host. Your browser should display the page shown below.

Conclusion

That’s all when it comes to hosting multiple sites on your Ubuntu 16.04 server with Apache. A virtual host is a great feature that you can leverage to reduce cost of ownership when you wish to run multiple sites on a single VPS machine.

Remember, you can configure as many websites as you want provided your VPS plan can handle the disk space, memory, and bandwidth.

The virtual hosts configuration should work pretty well on any Digital Ocean server.  Sign up with Digitial Ocean today and get $100 worth of free trial credit.

How to Setup Fault-Tolerant Database with MySQL Group Replication on Ubuntu 18.04

MySQL group replication is a plugin that provides the functionality of creating a shared-nothing fault-tolerant database architecture. The add-on utilizes a group of servers that interact with each other to agree on the state of a database at any given time and any changes that may occur.

The plugin is useful when creating mission critical applications that require  highly available databases. It simply creates an additional layer of security by coordinating redundant servers in a simple way.

Data is replicated across multiple servers and if a member leaves a group, an auto-detect mechanisms notifies the other members about the change.  If the remaining servers can agree on a quorum, database operations resume as expected.

In this guide, we will walk you through the steps of setting up MySQL Group Replication plugin on Ubuntu 18.04 server.

Prerequisite

Step 1: Installing MySQL Community Edition

The default MySQL package available on the Ubuntu software repository does not support MySQL Group Replication plugin. So we will manually pull deb packages from the official MySQL download page and install the Community Edition.

We will repeat this procedure in all the 3 servers since each server will house its own copy of the replicated MySQL database:

SSH to server1 and navigate to the tmp directory using Linux cd command:

$ cd /tmp

Then, use wget command to download a tar archive with all the deb package files that we are going to install:

$ wget https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-server_5.7.23-1ubuntu18.04_amd64.deb-bundle.tar

Once the file is downloaded, make an installation directory:

$ mkdir installation

Unzip the archive file to the installation directory that we created:

$ tar -xvf mysql-server_5.7.23-1ubuntu18.04_amd64.deb-bundle.tar -C installation/

All the necessary deb files should now be placed under the installation directory. However, before we install them, we need to install libaio1 and libmecab2 dependencies for MySQL to work.

So,first update the package information index, then install the dependencies using the commands below:

$ sudo apt-get update
$ sudo apt-get install libaio1
$ sudo apt-get install libmecab2

Next, cd  to the installation directory:

$ cd installation

Then, install MySQL community server using the dpkg package manager by running the below commands one by one:

$ sudo dpkg -i mysql-common_5.7.23-1ubuntu18.04_amd64.deb
$ sudo dpkg -i mysql-community-client_5.7.23-1ubuntu18.04_amd64.deb
$ sudo dpkg -i mysql-client_5.7.23-1ubuntu18.04_amd64.deb
$ sudo dpkg -i mysql-community-server_5.7.23-1ubuntu18.04_amd64.deb

Enter a secure root password for your MySQL server when prompted.Repeat this procedure in all the 3 servers participating in the group replication.

Step 2: Generating a Universally Unique Identifier (UUID) for the Group

Next, we will generate Universally Unique Identifier (UUID) for our group. To do this, login to MySQL on server1 using the command below:

$ sudo mysql -uroot -p

Enter the root password of MySQL server that your created above  when prompted and press Enter to continue.

Then, run the below SQL command to generate the UUID:

SELECT UUID();
+————————————–+
| UUID()                               |
+————————————–+
| 99bfc355-cd41-11e8-ba46-5600018c8695 |
+————————————–+

Copy the value generated above, we will need it when making changes to the MySQL server configuration file.

Step 3: Configuring MySQL Group Replication Settings on server1

Next, we are going to configure server1 to support group replication by editing the MySQL configuration file using nano editor:

$ sudo nano /etc/mysql/my.cnf

Then, paste the below content at  the end of the file:

[mysqld]

bind-address= 0.0.0.0
server_id=1
gtid_mode=ON
enforce_gtid_consistency=ON
binlog_checksum=NONE

The above configurations enable remote access to the MySQL server and assigns 1 as the unique server identifier. They also instruct MySQL  to enable global transaction identifiers and disable checksum for the binary log file.

Next, paste the settings below:

log_bin=binlog
log_slave_updates=ON
binlog_format=ROW
master_info_repository=TABLE
relay_log_info_repository=TABLE

These configurations enable binary logging in a row-based format and instruct MySQL to store replication information in system tables instead of files to speed up replication.

Finally, paste the below group replication information and remember to replace the group name with the UUID that we generated earlier.

The address 192.0.2.1 should match the private IP address of your virtual machine instances.

transaction_write_set_extraction=XXHASH64
loose-group_replication_group_name=”99bfc355-cd41-11e8-ba46-5600018c8695″
loose-group_replication_start_on_boot=off
loose-group_replication_local_address= “192.0.2.1:33061”
loose-group_replication_group_seeds= “192.0.2.1:33061, 192.0.2.2:33061, 192.0.2.3:33061”
loose-group_replication_bootstrap_group=offreport_host=192.0.2.1

The loose-group_replication_local_address should match the private IP address of  server1.

Also, make sure to include all the 3 private IP addresses for the servers participating in group replication as the value of the loose-group_replication_group_seeds.  

For the sake of simplicity, we have used the IP addresses 192.0.2.1, 192.0.2.2 and 192.0.2.3 for server1, server2 and server3 respectively.

Remember, the recommended port for MySQL Group Replication is 33061.

The loose- prefix  prevents MySQL server to encounter problems if the server starts before the plugin is installed.

The transaction_write_set_extraction configures the server to gather the write instructions set and encode it using the XXHASH64 algorithm

The group_replication_group_name sets the name of the group that is being created.

When set to off, the group_replication_start_on_boot directive disables the plugin from loading when the server starts.

The value specified in the group_replication_local_address tells the plugin to use the IP address and port combination to communicate to the other members of the group.

The  group_replication_group_seeds parameter is used to set the hosts and ports that will be used by new members joining the group. Although we have included all the 3 server addresses here, it is not mandatory to do this and you can choose only a few members as the value for the seeds depending on your group size.

We have set the loose-group_replication_bootstrap_group to off to avoid creating a new group with the same name every time our server reboots.

Once you have made the above changes, save the file by pressing CTRL+X, Y and Enter. Then run the command below to restart MySQL service on server1:

$ sudo service mysql restart

Step 4: Setting up User Credentials for the Group Replication Recovery Channel

To achieve distributed recovery, MySQL Group Replication uses the asynchronous replication protocol. This technology synchronizes new members before adding them to the group using group_replication_recovery channel .

Therefore a replication user must be created on each member in the group to aid in transferring transactions. To achieve this, log in to server1 using the command below:

$ sudo mysql -uroot -p

Enter the root password when prompted and hit Enter. Then disable binary logging to avoid logging the changes on the binary file:

mysql> SET SQL_LOG_BIN=0;

Then, run the commands below one by one to create the replication user and assign the correct privileges. Remember to replace PASSWORD with a strong value for security purposes.

mysql> CREATE USER ‘rep_user’@‘%’ IDENTIFIED BY ‘PASSWORD’;
mysql> GRANT REPLICATION SLAVE ON *.* TO ‘rep_user’@‘%’;
mysql> FLUSH PRIVILEGES;
mysql> SET SQL_LOG_BIN=1;

With the user configured, we can use the CHANGE MASTER TO query to tell MySQL  to assign the user to the group_replication_recovery channel:

mysql> CHANGE MASTER TO MASTER_USER=‘rep_user’, MASTER_PASSWORD=‘PASSWORD’      FOR CHANNEL ‘group_replication_recovery’;

Step 5: Installing the Group Replication Plugin and Bootstrapping the Group

We can now go ahead and install the group replication plugin on server1 using the command below:

mysql> INSTALL PLUGIN group_replication SONAME ‘group_replication.so’;

Everything is now set and we can now bootstrap the group with the commands below:

mysql>SET GLOBAL group_replication_bootstrap_group=ON;
mysql>START GROUP_REPLICATION;

To avoid bootstrapping multiple groups with the same name when the server restarts, we will set the GLOBAL group_replication_bootstrap_group back to off :

mysql>SET GLOBAL group_replication_bootstrap_group=OFF;

Once the group is started, we can check its status:

mysql> SELECT MEMBER_ID,MEMBER_HOST,MEMBER_STATE FROM performance_schema.replication_group_members;

Output:

+————————————–+————-+————–+
| MEMBER_ID                            | MEMBER_HOST | MEMBER_STATE |
+————————————–+————-+————–+
| 18cf9650-cde5-11e8-9e26-560001b743c7 | 192.0.2.1   | ONLINE |
+————————————–+————-+————–+

The output above shows that server1 is online and indeed a member of our group.

MySQL Group Replication works with Innodb tables. So , we are going to create a test database to see if the database server is working as expected.

mysql> create database test_replication;

Then, we can switch to the database:

mysql> use test_replication;

Next, we need to create a test_table:

mysql> create table test_table (student_id INT PRIMARY KEY,
student_name VARCHAR(30) NOT NULL) Engine = InnoDB;

We can confirm the presence of the table by running the command below:

mysql> show tables;

Output:

+—————————-+
| Tables_in_test_replication |
+—————————-+
| test_table                 |
+—————————-+

Step 6: Configuring server2

Once server1 is up and our group is running, we can now go ahead and configure server2 and join it to the group.

SSH to server2 and make sure you have installed MySQL Community Edition server as outlined in step 1. Then, edit the MySQL configuration file using a text editor:

$ sudo nano /etc/mysql/my.cnf

Paste the below settings at the end of the file and remember to replace 192.0.2.2 with the correct private addresses of your VPS :

[mysqld]

bind-address= 0.0.0.0
server_id=2
gtid_mode=ON
enforce_gtid_consistency=ON
binlog_checksum=NONE

log_bin=binlog
log_slave_updates=ON
binlog_format=ROW
master_info_repository=TABLE
relay_log_info_repository=TABLE

transaction_write_set_extraction=XXHASH64
loose-group_replication_group_name=”99bfc355-cd41-11e8-ba46-5600018c8695″
loose-group_replication_start_on_boot=off
loose-group_replication_local_address= “192.0.2.2:33061”
loose-group_replication_group_seeds= “192.0.2.1:33061, 192.0.2.2:33061, 192.0.2.3:33061”
loose-group_replication_bootstrap_group=off

report_host=192.0.2.2

Press CTRL+X, Y and Enter to save the file.

Restart MySQL server for the changes to take effect using the command below:

$ sudo service mysql restart

Login to MySQL on server2:

$ sudo mysql-uroot -p

Enter your database password when prompted and hit Enter.

Next, create the replication user for the group replication recovery channel on server2 by running the commands below.

mysql> SET SQL_LOG_BIN=0;
mysql> CREATE USER ‘rep_user’@‘%’ IDENTIFIED BY ‘PASSWORD’;
mysql> GRANT REPLICATION SLAVE ON *.* TO ‘rep_user’@‘%’;
mysql> FLUSH PRIVILEGES;
mysql> SET SQL_LOG_BIN=1;
mysql> CHANGE MASTER TO MASTER_USER=‘rep_user’, MASTER_PASSWORD=‘PASSWORD’      FOR CHANNEL ‘group_replication_recovery’;

Then, install the MySQL group replication plugin on server2 using the commands below:

mysql>INSTALL PLUGIN group_replication SONAME ‘group_replication.so’;

Then, start the plugin to join server2 to the group:

mysql> START GROUP_REPLICATION;

You  can confirm the status of the group by running the command below on server2:

mysql> SELECT MEMBER_ID,MEMBER_HOST,MEMBER_STATE FROM performance_schema.replication_group_members;

Output:

+————————————–+————-+————–+
| MEMBER_ID                            | MEMBER_HOST | MEMBER_STATE |
+————————————–+————-+————–+
| 18cf9650-cde5-11e8-9e26-560001b743c7 | 192.0.2.1   | ONLINE |
| 210cc012-cdf4-11e8-8be1-560001b74419 | 192.0.2.2   | ONLINE |
+————————————–+————-+————–+

As you can see from the output above, we now have two members in the group. To confirm if server2 was able to pick up data from server1, we can run the command below and see whether the sample database that we created above was synchronized succesfully:

mysql> show databases;

Output:

+——————–+
| Database           |
+——————–+

| test_replication   |
+——————–+

Step 7: Configuring server3

Just like we have done on server2, we can configure server3 and join it to the group. Before doing this, make sure you have installed MySQL community on server3 as discussed in step 1.

Then, edit the configuration file of server3 using nano text editor:

$ sudo nano /etc/mysql/my.cnf

Paste the below configuration information at the end of the file. Remember to replace 192.0.2.3 with the correct private address assigned to your server3 virtual machine instance.

[mysqld]

bind-address= 0.0.0.0
server_id=3
gtid_mode=ON
enforce_gtid_consistency=ON
binlog_checksum=NONE

log_bin=binlog
log_slave_updates=ON
binlog_format=ROW
master_info_repository=TABLE
relay_log_info_repository=TABLE

transaction_write_set_extraction=XXHASH64
loose-group_replication_group_name=”99bfc355-cd41-11e8-ba46-5600018c8695″
loose-group_replication_start_on_boot=off
loose-group_replication_local_address= “192.0.2.3:33061”
loose-group_replication_group_seeds= “192.0.2.1:33061, 192.0.2.2:33061, 192.0.2.3:33061”
loose-group_replication_bootstrap_group=off

report_host=192.0.2.3

Press CTRL+X, Y and hit Enter to save the file.Then, restart MySQL server for the changes to take effect:

$ sudo service mysql restart

Next, log in to MySQL on server3:

$ sudo mysql -uroot -p

Enter your MySQL password when prompted and hit Enter. We need to create a user for the group replication channel on server3 just like we did on server1 and server2:

mysql> SET SQL_LOG_BIN=0;
mysql> CREATE USER ‘rep_user’@‘%’ IDENTIFIED BY ‘PASSWORD’;
mysql> GRANT REPLICATION SLAVE ON *.* TO ‘rep_user’@‘%’;
mysql> FLUSH PRIVILEGES;
mysql> SET SQL_LOG_BIN=1;
mysql> CHANGE MASTER TO MASTER_USER=‘rep_user’, MASTER_PASSWORD=‘PASSWORD’      FOR CHANNEL ‘group_replication_recovery’;

Next, run the command below to install the Group Replication plugin:

mysql>INSTALL PLUGIN group_replication SONAME ‘group_replication.so’;

Then start the Group Replication plugin to join server3 the group:

mysql> START GROUP_REPLICATION;

We can then confirm the status of our group using the commands below:

mysql> SELECT MEMBER_ID,MEMBER_HOST,MEMBER_STATE FROM performance_schema.replication_group_members;

Output:

+————————————–+————-+————–+
| MEMBER_ID                            | MEMBER_HOST | MEMBER_STATE |
+————————————–+————-+————–+
| 1634bce6-cdfb-11e8-8f8d-560001b74425 | 192.0.2.1   | ONLINE |
| 18cf9650-cde5-11e8-9e26-560001b743c7 | 192.0.2.2   | ONLINE |
| 210cc012-cdf4-11e8-8be1-560001b74419 | 192.0.2.3   | ONLINE |
+————————————–+————-+————–+

As you can see above, our group has 3 members like we expected and our Group Replication setup is working like expected.

We can confirm if server3 was able to synchronize data from the group by running the command below:

mysql> show databases;

Output:

+——————–+
| Database           |
+——————–+

| test_replication   |
+——————–+

The database that we created is already synchronized and our Group Replication is working as expected.

Conclusion

In this guide, we have taken you through the steps of setting up and configuring MySQL group replication on Ubuntu 18.04 server.

If you have followed along, you are able to create a fault-tolerant database cluster using a shared-nothing architecture that ensures high availability for your database server.

New to VPS hosting, sign up with Digital Ocean and get $100 worth of free trial credit.

How to Setup WordPress Website with Apache, MySQL and PHP on Ubuntu 18.04 VPS

Since May 2003, WordPress has remained the most popular, stable, secure and easy to use Content Management System (CMS) for setting up websites.

The free Open-source software is fully built-in and comes with thousands of beautiful themes and plugins for extended functionalities.

WordPress WYSIWYG interface is browser-based and does not require complicated FTP or HTML coding software applications to launch a website.

Due to its clean and simple code, the CMS is loved by all major search engines because it is easier to index.

WordPress is based on PHP and MySQL and runs on most popular web servers including Apache and Nginx.

On a shared hosting, WordPress can be installed by automatic script installers such as Softaculous.

However, the installation method on a VPS hosting  takes a new approach and can be done with just a few and simple shell commands.

This is a step-by-step guide on setting up a WordPress website with  Apache, MySQL and PHP on Ubuntu 18.04 VPS.

Prerequisites

  • A VPS account running Ubuntu 18.04 Operating System. Sign up with Digital Ocean and get free trial credit worth $100 to configure this article and test other cloud products.
  • A domain name (e.g. example.com). You can buy a domain name from a registrar of your choice(e.g. Namecheap).
  • A non-root user that can perform sudo tasks for your Ubuntu 18.04 Server.

Step 1: Point your Domain Name DNS records to your VPS

The first step is to point the DNS records of your domain name to your VPS . When visitors enter your domain name on a browser, they should be routed to the IP address associated with your VPS account.

You should ask your VPS provider about the correct DNS records to use if you are in doubt.

For instance, if you are running a VPS from Vultr, the DNS records look like these:

  • ns1.vultr.com
  • ns2.vultr.com

Step 2: Connecting to Your VPS Server

SSH to your Ubuntu 18.04 server using the public IP address (e.g. 198.18.0.22) associated with your VPS instance.  You can do this via the Command Line Interface (CLI) that ships with Linux or Mac. If you are running Windows on your local computer, consider downloading PuTTY SSH client.

Step 3: Installing Apache Web Server

The first software we are going to install is Apache. It’s an Open source web server application that runs the world’s busiest sites. Apache can handle large traffic and has lots of built-in security features and expandable modules.

To install Apache, first update the package information list on your Ubuntu server using the command below:

$ sudo apt-get update

Then, pull Apache from Ubuntu’s software repository using the command below:

$ sudo apt-get install apache2 php libapache2-mod-php

Press Y and hit Enter when prompted to confirm the installation.

Step 4: Initializing WordPress Website Directory Structure

Apache has a special feature called Virtual Hosts. This advanced feature allows you to host unlimited websites on a single Linux machine.

Before we create the Virtual Host configuration file, we must initialize the directory for holding our website files.

We have to create the directory under the /var/www/ folder using the command below:

$ sudo mkdir -p /var/www/example.com/public_html

Step 5: Creating a Virtual Host for the WordPress Website

When you install Apache, a default Virtual host (000-default.conf) is created under the /etc/apache2/sites-available directory. To keep things simple, we will create our own virtual host to run our WordPress site.

Please note, virtual hosts configuration files must end with a ‘.conf’ extension. So let’s create the configuration file for our domain name www.example.com

$ sudo nano /etc/apache2/sites-available/example.com.conf

Then, copy and paste the below content on that file:

<VirtualHost *:80>

    ServerAdmin admin@example.com

    ServerName example.com

    ServerAlias www.example.com

    DocumentRoot /var/www/example.com/public_html

    ErrorLog ${APACHE_LOG_DIR}/error.log

    CustomLog ${APACHE_LOG_DIR}/access.log combined

  <Directory /var/www/example.com/public_html>

     Options -Indexes +FollowSymLinks -MultiViews

     AllowOverride All

     Require all granted

  </Directory>

</VirtualHost>

Press CTRL+X, Y, and Enter to save the file.

We need to disable the default virtual host and enable the one we have just created, run the commands below:

$ sudo a2dissite 000-default.conf
$ sudo a2ensite example.com.conf

Restart Apache web server

$ sudo systemctl restart apache2

Step 6: Installing MySQL Database Server

WordPress relies on MySQL to store data. Apart from photos, plugins, and themes, post and web pages are stored in the MySQL relational database.

Like WordPress and Apache, MySQL is free and Open-source. It is also available on the Ubuntu’s software repository and we can install it using the apt command:

$ sudo apt-get install mysql-server

Press Y and hit Enter when prompted to confirm the installation

Step 7: Securing MySQL Server

MySQL installation is not secure by default. It comes with some test databases and other settings that we must disable. To do this, run the command below:

$ sudo mysql_secure_installation

You will get a prompt to answer multiple questions. We have prepared the correct responses, just follow the settings below:

Setup 'validate password' plugin? [Y/N] Y
Password Validation Policy Level: 2
Root Password: PASSWORD
Re-enter password: REPEAT PASSWORD
Continue with the password provided? Y
Remove anonymous users? [Y/N] Y
Disallow root login remotely? [Y/N] Y
Remove test database and access to it? [Y/N] Y
Reload privilege tables now? [Y/N] Y

If all goes well, you will get a success message.

Step 8: Creating a WordPress Database and User

Next, we are going to create a database and username for our WordPress software. First, log in to the MySQL command line interface using the command below:

$ sudo mysql -u root -p

Enter the root password of your MySQL server when prompted and hit Enter.

Then, on the command prompt that appears, enter the below SQL command to create a database:

mysql> Create database wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

To create a database user, run the command below:

mysql>Create user  'wp_user'@'localhost' IDENTIFIED BY 'PASSWORD';

Then, assign all privileges to the ‘wordpress’ database to the user we have created above using the command below:

mysql> Grant all privileges on wordpress.* to  'wp_user'@'localhost';

Flush privileges for the changes to take effect:

mysql> Flush privileges;

Exit from the MySQL command line interface:

mysql> Exit;

Step 9: Installing PHP on Ubuntu 18.04 Server

WordPress is written in PHP language and we must install the software on our Ubuntu 18.04 server in order for the application to function.

We are also going to install all the required PHP modules that WordPress require.

We can install all the software and modules in one line using the command below:

$ sudo apt-get install php php-cli php-common php-mbstring php-gd php-intl php-xml php-mysql php-zip php-curl php-xmlrpc

Restart Apache web server for the changes to take effect:

$ sudo systemctl restart apache2

Step 10: Downloading and Installing WordPress on Ubuntu 18.04 VPS

We now have a web server, a database for our WordPress software and PHP scripting language. We can now go ahead and download WordPress.

First, cd to the ‘tmp’ directory:

$ cd /tmp

Then, grab the latest WordPress version using wget command:

$ wget -c http://wordpress.org/latest.tar.gz

To unzip the WordPress installation files to the root directory of the virtual host that we created earlier, run the commands below:

$ sudo tar -xzvf latest.tar.gz
$ sudo cp -r wordpress/.  /var/www/example.com/public_html/

Apache runs under the www-data user, we need to grant the web server full permissions to control our website’s file. Run the command below:

$ sudo chown -R www-data:www-data /var/www/example.com/public_html

Then, we can set the appropriate permissions to ensure the outside world has read and execute permissions only:

$ sudo chmod -R 755 /var/www/example.com/public_html

To make sure that newly created files and folders inherit the correct permissions, we can run the command below:

$ sudo find /var/www/example.com/public_html -type d -exec chmod g+s {} \;

Step 11: Finalizing WordPress Installation on Ubuntu 18.04 Server

We now have WordPress installation files on the root of our website. However, we need to configure the database settings on the WordPress configuration files.

So type the command below to copy wp-config.php file from the default wp-config-sample.php file:

$ sudo cp /var/www/example.com/public_html/wp-config-sample.php /var/www/example.com/public_html/wp-config.php

Then, open the new configuration file that we have copied using a nano editor:

$ sudo nano /var/www/example.com/public_html/wp-config.php

Look for the values:

define('DB_NAME', 'database_name_here');
/** MySQL database username */
define('DB_USER', 'username_here');
/** MySQL database password */
define('DB_PASSWORD', 'password_here');

And change them to:

define('DB_NAME', 'wordpress');
/** MySQL database username */
define('DB_USER', 'wp_user');
/** MySQL database password */
define('DB_PASSWORD', 'PASSWORD');

Remember to replace PASSWORD with the correct value.

Before you close the file add the line below at the top:

<?php

And the line below at the bottom

?>

If you don’t add the two lines, PHP will not be able to parse the configuration file.

On a browser, enter your domain to finalize WordPress installation. If you followed all the steps, you should see the below web page:

Configuring WordPress with Apache, MySQL and PHP on Ubuntu 18.04 VPS

Congratulations! Your WordPress site is now installed. Just follow the wizard to complete the final settings.

Finally, you can create new posts, add a new web page or probably change the WordPress theme to match the look and feel of your company brand.

Conclusion

We have shown you how to install WordPress with Apache, MySQL, and PHP on Ubuntu 18.04 server.

Remember, you can run as many WordPress sites as required on your VPS plan by leveraging the power of Apache Virtual Host feature.

Sign up with Digital Ocean today and enjoy up to $100 worth of free trial credit to test this article and other cloud products.

How to Setup a Web Server with LAMP Stack on Ubuntu 18.04 VPS

LAMP stack is a group of four Open-source software applications that are used together to run a full-blown web server. These include: Linux, Apache, MySQL and PHP.

Most of the world’s busiest sites run on Linux OS. Apache, on the other hand, is the cornerstone of highly trafficked websites and is one of the most used software in the internet economy.

The high-quality web server is fast, reliable and compatible with Linux.

MySQL is a Relational Database Management System (RDMS)that powers web applications by providing a secure environment for data storage.

PHP (Hypertext Preprocessor) is a general-purpose scripting language used to code dynamic websites.

PHP can be embedded in HTML and is executed on the server, therefore, offering great security for web applications.

This is a step-by-step guide for installing Linux, Apache, MySQL, and PHP on your Ubuntu 18.04 VPS.

At the end of the guide, you should be able to run a website on your Virtual Private Server.

Prerequisite

Step 1: Login to your VPS account

First, log in to your VPS account by entering the login credentials assigned to you when you created an account.

Next, create a VPS instance and select Ubuntu 18.04 as the Operating System. You will also see an option for selecting the server location(data center), vCPUs, RAM, Disk space and bandwidth.

If you are running just a few websites, a VPS plan with the below features should work pretty well:

  • 1 GB RAM
  • 1 vCPU
  • 25 GB disk space
  • 1 TB data transfer.

Next, SSH to VPS server using the public IP address of your instance, username (usually root) and password that was assigned to you.

If you are running Linux or Mac OS on your local computer, use the built-in Command Line Interface(CLI) to connect to your VPS server using the syntax below:

$ ssh root@198.18.0.12

Replace 198.18.0.12 with the public IP address associated with your VPS instance.

If you are on Windows, you can connect to your server through PuTTY SSH client.

Step 3: Creating a Non-root User with sudo Privileges

For security purposes, it is advisable to create a non-root user that can perform sudo tasks when your first set up a Linux server. You can then elevate privileges when running super admin tasks using the sudo command.

To create the user, run the command below and replace james with your desired name:

$ adduser james

You will be prompted to create a password for the new user. Next, press Enter multiple times to skip the other optional fields. Towards the end of the questions, you will be asked to confirm if the details for the new user are correct. Hit Y and press Enter to proceed.

Next, add the user to the sudoers group by running the command below:

$ adduser james sudo

You can now log out and login with the new user in order to install LAMP stack on your Ubuntu 18.04 server.

Step 4: Updating the Software Index

Ubuntu 18.04 has a nice command line package manager (apt). You can use it to install software applications as required.

The package manager maintains an index of software on the server.

First, update the package list information by running the command below:

$ sudo apt-get update

Step 5: Installing Apache Web Server on Ubuntu 18.04

We now have a VPS running Ubuntu 18.04 as the Operating System. We can now go ahead and install our first software – Apache. To do this,  run the command below:

$ sudo apt-get install apache2

Press Y and hit Enter when prompted to confirm the installation.

Then, enter the public IP address associated with your server on a web browser to test Apache installation.

http://198.18.0.12

If the software was installed successfully, you should see the below web page:

The default website root directory on Apache is /var/www/html. So if you want to publish your website, you should upload all your files to that directory via an FTP client like Filezilla.

Step 6: Installing MySQL Server on Ubuntu 18.04

Next, we can install the MySQL database server on our VPS instance by running the command below:

$ sudo apt-get install mysql-server

Just before the installation is finalized, you will be prompted to enter a root password for your MySQL server.

You should not confuse this with the root password for your Ubuntu 18.04 server. Also, select a strong password with a mix of both letters and numbers. Also, ensure a good length of at least 8 characters.

MySQL server should be installed without any problems. To confirm if the installation was completed successfully, run the command below:

$ sudo service mysql status

Output

MySQL Server Status on Ubuntu 18.04 VPS

The default MySQL server installation is not secure. Luckily we can use the mysql_secure_installation command to harden the installation. Just run the command below:

$ sudo mysql_secure_installation

You will be taken through a series of questions. Enter the  answers below and hit Enter after each response:

Setup ‘validate password’ plugin? [Y/N] Y
Password Validation Policy Level: 2
Root Password: PASSWORD
Re-enter password: REPEAT PASSWORD
Continue with the password provided? Y
Remove anonymous users? [Y/N] Y
Disallow root login remotely? [Y/N] Y
Remove test database and access to it? [Y/N] Y
Reload privilege tables now? [Y/N] Y

MySQL server will be secured and you will get a success message at the end.

Step 6: Installing PHP Scripting Language on Ubuntu 18.04

PHP works together with a web server to deliver web content to a client. Once you request a PHP file, the PHP software processes the request and sends HTML back to your browser via a web server and in our case Apache.

To install PHP, run the command below:

$ sudo apt-get install php

Then, reload Apache web server:

$ sudo service apache2 restart

To test if PHP is working, create a file on the root of your website using nano text editor:

$ sudo nano /var/www/html/info.php

Then copy paste the below content:

<?php

phpinfo();

?>

Press CTRL + X, Y and hit Enter to save the file:

Then, on a web browser visit the address below and replace the IP address with the public IP address associated with your Ubuntu 18.04 VPS

http:// 198.18.0.12/info.php

If you see the below web page, it means PHP is working as expected.

PHP info page on Ubuntu 18.04 VPS

PHP does not install all modules that are required for running a full-blown website by default. Luckily, we can install all these packages with a single command:

$ sudo apt-get install php-cli php-common php-mbstring php-gd php-intl php-xml php-mysql php-zip php-curl php-xmlrpc

Press Y and hit Enter when prompted to confirm the installation.

Then, restart Apache using the command below:

$ sudo service apache2 restart

Conclusion

In this guide, we have taken you through the steps of installing Linux, Apache, MySQL, and PHP in order to run and host a website from your VPS server.

If you are new to VPS hosting, sign up with Digital Ocean today and enjoy $100 free test credit.

How to Disable Apache 2.4 Directory Browsing On Ubuntu 16.04

Apache is a corner stone of most web applications. The modern open source web server is critical in running your hosted websites and software. It supports most Operating systems including Windows and Linux so it should work pretty well with your Ubuntu 16.04 distribution.

However, since Apache is placed at the edge of your network, it can become potentially vulnerable.  Majority of web applications attacks occur due to information leakage.  Malicious attackers can utilize directory listing to gain a better insight of your web application’s directory and file structure.

For instance an attacker can run a URL like http://example.com/config from any browser. If directory browsing is not disabled your Apache server will list all the files in that directory and this would speed up the hackers’ reconnaissance process.

One of the most practicable steps in securing your Apache web server is to disable directory browsing. This limits the Apache server from listing the directory files if there is no default index file (e.g. index.html) defined on that directory.

Prerequisites

Step 1: Open the Apache Base Configuration File for Editing Using nano Text Editor

If you are running a single site, editing the Apache base configuration file might a good option. This will eliminate the need of creating separate configuration files and symbolic links which can be time consuming for a single website.

To edit the base Apache configuration file using nano, type the command below.

sudo nano /etc/apache2/apache2.conf
  • Once the nano text editor opens, find the directory option directives and you will see some text similar to the below excerpt.
<Directory /var/www/>

            Options Indexes FollowSymLinks

            AllowOverride None

            Require all granted

</Directory>

In Apache, options pertaining to a particular directory are enclosed in a paired <Directory> and </Directory> tags inside a configuration file.

  • The Options None directive tells Apache that there are no specific features applied to that directory.
  • AllowOverride None specifies that the directory options will not be overridden by any .htaccess file.
  • The option Followsymlinks simply tells the Apache web server to follow symbolic links in that directory. This is very useful for shared applications such as PhpMyadmin which must be shared across different websites.
  • The Indexes option instructs Apache to prepare and display a list of pre-formatted index in case the directory does not contain a default index file such as index.html or index.php.
  • The allow from alldirective authorizes any host to access documents and services within that directory.

We are interested in the Indexes options and we are going to change it to disable directory listing

Step 2: Changing the Indexes Directive

We need to change Options Indexes FollowSymLinks to Options -Indexes +FollowSymLinks on the nano text editor that we opened above. Please note, adding a preceding “-” sign on an option disables and adding a “+” sign enables a directive as shown below.

<Directory /var/www/>

            Options -Indexes +FollowSymLinks

            AllowOverride All

            Require all granted

</Directory>

Once you have finished editing the file, press CTRL+X, Y and then Enter to save the changes

Step 3: Disabling Directory Browsing on Virtual Hosts Files

Apache’s lion market-share is attributed to its capability of running unlimited virtual hosts in a single instance. This allows website owners to run numerous sites, sub-domains and application on a single instance.

Some websites do not consume a lot of server resources and the best way to get the most from your Vultr VPS is to utilize this Apache virtual hosting feature.

While the virtual host is a bullet-proof for hosting multiple sites, its configuration can become a double-edged sword.

Managing the configuration files for virtual hosts can be difficult. However, there is a better approach. Each virtual website configuration file can be placed under the /etc/apache2/sites-available/ and a symbolic link would be maintained under /etc/apache2/sites-available directory.

Apache will then maintain and load the configurations for each website independently. 

With that in mind, if you are hosting multiple sites, you may disable directory browsing directly on each virtual host configuration file. By default, Apache comes with a single default virtual host.

Type the command below to edit the configuration file:

sudo nano /etc/apache2/sites-available/000-default.conf

Add the details below before the </virtual host> closing tag at the end of the file to disable directory browsing.

<Directory /var/www/html >

Options -Indexes +FollowSymLinks -MultiViews

AllowOverride All     
         
Require all granted

</Directory>

The Order allow,deny directive makes deny directives to take precedence as they are applied after the allow directives.

Remember to press CTRL+X then Y and Enter, when you finish editing the /etc/apache2/sites-available/000-default.conf file for the changes to take effect.

You may follow the same procedure above for any virtual websites that you have on your Ubuntu 16.04 server. Remember all virtual hosts configuration files end with a .config extension. For example, to edit the configuration file for an example.com virtual host, enter the command below.

sudo nano /etc/apache2/sites-available/example.com.conf

Then, add the following details at the end of the example.com.conf file just before the </virtual host> closing tag.

<Directory /var/www/example.com/public_html >

Options -Indexes +FollowSymLinks -MultiViews

AllowOverride All     
         
Require all granted

</Directory>

Important: Remember to match your virtual host directory to your website’s public folder. In the above example, our website files are found under /var/www/example.com/public_html

Step 4: Restarting Apache Web Server

Finally, we need to restart Apache for the changes to take effect by typing the command below:

sudo service apache2 restart

Conclusion

That’s all when it comes to disabling directory browsing. Remember to double check whether the changes have been effected by typing your domain/IP address on your browser followed by a forward slash and the folder you want to check.

For example, to double check a config folder under your website, we should type. http://www.example.conm/config.

If the directory browsing was successfully disabled, we should be greeted with a forbidden error message, “Forbidden you don’t have permission to access /config on this server. Enjoy your Apache web server!

New to VPS hosting,  sign up with Digital Ocean today and get $100 free to test VPS hosting.

 

5 Tips to Secure a Linux Server Running Ubuntu 16.04

Linux is considered to be the most secure Operating System(OS). The open-source OS was built with unrivaled security in mind. Security experts from different Linux distributions react very fast to fix discovered threats and vulnerabilities.

Unlike Windows, Linux was built as a multi-user system from the beginning. Security best practices were followed since its innovation to segregate user files. Most applications run very far from the Kernel that controls the server.

However, no system is 100% secure. If you are using a Linux distribution such as Ubuntu 16.04, you need to follow the industry’s best practices to keep your system up to date and tighten your server’s security.

Here is a Linux server security checklist that you can use on your Ubuntu 16.04 virtual private server to protect your system if you are wondering how to secure your Linux server.

Prerequisites

  • A Virtual Private server running Ubuntu 16.04 .

Tip 1: Update your System Frequently

Hackers take advantage of non-patched operating systems. To avoid becoming a victim; update your Linux system frequently using the command below.

sudo apt update && sudo apt upgrade

Tip 2: Create a Non-root User with sudo Privileges

Login on your Ubuntu server with super-user privileges can cause a lot of harm to your VPS server. It is always recommended to login to a system with limited privileges and only elevate the privileges when a task requires administrative rights.

To create a non-root user with sudo privileges, type the command below on your terminal. Replace the example_user with your preferred username

# adduser example_user

You will be prompted to enter the full details of the user including a password.

Next, you need to add the newly created user to the sudo group. Replace the example_user with your preferred username

# adduser example_user sudo

Tip 3: Create an Authentication Key Pair

Due to increased modern computing power, malicious attackers with unlimited access to your servers SSH port may try to brute-force your password to gain access to your system.

Using a public/private key pair for logging on your system is one of the best Linux server hardening tricks.

You can simply create the key pair using a tool like Puttygen. Then, upload the public key on your server and save the private key on your local computer.

You will use your private key every time you want to connect to your server. You can add another layer of security by securing your private key with a passphrase.

So, even if your private key ends in the wrong hands, a malicious user won’t be in a position to use your private key without the passphrase.

To copy a public key on your server,  log in with the user that you want to create the key pair for then type the command below:

mkdir ~/.ssh; nano ~/.ssh/authorized_keys

Then, copy the public key that you created from Putty key generator directly on the text editor

Press CTRL + X then Y and Enter to save the changes

Another Linux security best practices is to change the permission of the authorized key directory and file to make sure other users on the system cannot see the public key.

 

sudo chmod 700 -R ~/.ssh && chmod 600 ~/.ssh/authorized_keys

Tip 4: Disable SSH Password Authentication

Once you are able to log in on your Linux server with the private/public key pair, you need to disable password login.

To do this, you need to edit the SSH configuration file using nano text editor. Type the command below:

sudo nano /etc/ssh/sshd_config

Then, look for the line PasswordAuthentication and change to no

PasswordAuthentication no

Tip 5: Disallow root Login Over SSH

Even with the private/public key pair, log in on your system over SSH as the root does not go well with Linux server security best practices. To disable this, you need to edit the SSH configuration file using nano text editor.

Type the command below:

sudo nano /etc/ssh/sshd_config

Then, look for the PermitRootLogin directive and change it to no.

PermitRootLogin no

Restart the SSH daemon for the changes to take effect by typing the command below:

sudo service ssh restart

Tip 6: Install Uncomplicated Firewall (UFW) 

Linux server security best practices recommend UFW. It is installed by default in a fresh Ubuntu 16.04 installation but you can install it by running the command below if it was uninstalled.

sudo apt-get install ufw

By default, the general UFW rule is to deny all incoming traffic and allow all outgoing traffic. With the default settings, your virtual private server will run smoothly but it can’t allow external communications.

You need to allow the necessary ports otherwise you might completely lock yourself from your system.

Enabling SSH or Secure FTP server for Linux on UFW

Since logging on the server via SSH is essential, we need to allow port 22 by typing the command below. You might change the port if you had configured a different port for SSH.

The SSH port is the same if you want to log in on your system using a secure FTP server for Linux using a tool like Filezilla.

sudo ufw allow ssh

or

sudo ufw allow 22

Next, we need to allow port 80 and port 443 because they are specifically used for internet traffic. If you don’t want users to access your server on the un-encrypted channel(HTTP), you may skip the step of allowing port 80 and only allow port 443 for https traffic only.

Enable HTTP traffic on UFW

sudo ufw allow 80

or

sudo ufw allow 80

Enable HTTPs Traffic on UFW

sudo ufw allow 443

or

sudo ufw allow https

Enabling UFW

Once you have made the necessary changes, you can enable the UFW by typing the command below

sudo ufw enable

Disable UFW

You can also disable UFW by typing the command below

sudo ufw disable

Checking the UFW rules

You can always check the enabled UFW rules by typing the command below:

sudo ufw status verbose

Deleting  UFW rules

To delete a UFW rule, you need to check its number by running the command

sudo ufw status numbered

Then, once you get the number, just run the command below e.g. to delete rule number 2

sudo ufw delete 2

Resetting UFW

You can always run the command below to reset UFW and start all over again

sudo ufw reset

Top Linux Commands With Examples

Here are the basic Linux commands that works on any distribution including Ubuntu 16.04. Only use the commands if you are sure about what you are doing. Remember,  a single command like rm can completely wipe your server files if used incorrectly.

No Command  Description
1 cat displays the content of a file
2 cd Change directory

e.g. cd /var

3 chmod change permissions of a file
4 chown change the ownership of a file or directory
5 cp copy  a file

e.g. cp /var/test1.text /var/test2.text

6 cp -a copy a directory
7 df -h reports the amount of available disk space
8 du –h shows the disk usage in a specific directory

e.g du -h /var

9 find locates a file or a directory
10 history display all  previous commands typed in terminal
11 ifconfig see the TCP/IP settings of the system
12 ls list directory contents
13 mkdir Short form for make directory. Used create directory

e.g. mkdir samplefolder

14 mv move a file
15 pwd print working directory
16 reboot restarts the system
17 rm removes a file
18 rm -f removes a directory without giving any warning
19 shutdown –h shuts the system down
20 tar compress/decompress files
21 uptime see how long the system has been running
22 date display the current date and time