Dusting off the cobwebs

So it’s been awhile since I blogged anything and so much has happened….recently I moved servers from a managed server to a Linode server because I felt like I needed the root access and the responsibility of keeping up my own server. So in my last job I got a lot of experience maintaining my own server (really several servers with MySQL replication setup) and learned a lot about server security and running my own websites. So why Linode? Well, it was recommended to me years ago by a knowledgeable friend and after doing some research on pricing and server stats…how many cores, what kind of CPU, how much throughput per month and will it scale at a reasonable price when traffic increases. I chose Ubuntu for my OS since that’s what I’ve gotten comfortable with and it has huge community support and has been rock solid for me so far. I installed the LAMP stack using this LAMP install guide, because what you get is very bare bones and you are really building up the server yourself. Of course you need to lock down the server fairly quickly because most applications start out fairly wide open when first installed. This Linode security doc was a great help in reminding me what aspects to secure first. First create a standard login user with SUDO access (SUDO access allows a regular user account to act as root)….this is the account you will login with and upload/download files with. Also add it to the same group as www-data user (what the APACHE thread runs as). This makes it so that Apache can access the files and directories you’ve uploaded, and also has the handy feature of making it easy to see what files you’ve uploaded and what files have been created by your server scripts, or uploaded via Apache (which is one of the most vulnerable points of any server).

So moving servers was a real pain…I upgraded my PHP to 7.2 (really wanted the 50% increase in server code execution speed this is supposed to give you), upgraded MySQL servers to 5.7.25, APACHE to 2.4.38…upgrading everything gives me increased security from having all the latest bug fixes and security patches, but also called for a lot of code changes. Also the same reason I upgraded from Ubuntu 18 to Ubuntu 19 which was an adventure in and of itself. This was the
Ubuntu upgrade guide I used, and it came out pretty smooth. Before I upgraded I also had to install sendmail (so my php programs could “mail”). There are multiple mail servers to use, and I will probably use a more advanced one for when I create email accounts with my domains, but sendmail is nice just to get my contact forms back up and running and sendmail is rock solid.

Upgrading to PHP 7.2 (and really any pre-7 to PHP 7) primarily consists of updating the MySQL calls…now ideally I would want to take my current custom code and implement a shiny new frame work like Laravel which has all the code updates for PHP 7, BUT it was quicker to just update my current code base. So my SQL queries were fairly basic, nothing too fancy, so they remained the same and you are just changing these mysql functions with these mysqli procedural versions of the functions and you just search and replace strings like “mysql_query(” with “mysqli_query($connection,” ….the caveat being you need to make sure all your function calls have access to $connection…also mysql_error() with “mysqli_error($connection)” (and/or mysql_error($connection)), etc. Not easy. Check the mysql logs to see what errors are being thrown and fix as you go until all the pages are compiling and no errors are appearing in the logs.

So some other big things I did was move my project code to Bitbucket and Git instead of using Github and SVN, upgrade my very, very old WordPress websites to the latest version including updating the PHP code to 7, installed free SSL certs with LetsEncrypt, installed PHPMyAdmin, Webmin, Fail2Ban Firewall, and put everything behind Cloudflare, and setup local development environments which I will detail in later articles.

Leave a Reply

Your email address will not be published. Required fields are marked *