Setting up a secure Ubuntu LAMP server has an amazing article. However, it is a little outdated:
- UFW: In case VPS kicks you out even though you have allowed SSH port: [How to] Configures Iptables with INPUT rules (with dynamic NBD).
- Apache2: You should find 000-default site instead of default. All the site configuration should be ended by .conf. closetnoc has a great answer about how Apache2 handles a request.
- MySQL: The installation above is simply not enough. You also need this command: sudo apt-get install php-mysql.
- PHP: Ubuntu 16.04 has switched to PHP 7.0. You should install PHP as a mod of Apache2 rather than a stand-alone package. In case you need PHP 5.6 (or other PHP versions), check out how to switch PHP version, by the way do not forget sudo apt-get install software-properties-common first.
FTP server problems:
- I have had a hard time with vsftpd I have switched to PureFTPd. systemBash has a comparison article on vsftpd vs PureFTPd vs ProFTPd, which states that PureFTPd is the most secure server of them all.
- Currently I setup PureFTPd by following the guide Setting Up Pure-FTPd in Ubuntu, however that alone is not secure and you will have problems in passive mode, ubuntu documentation offers a great help. Anyway, do not forget to let the firewall allows a range of passive ports.
- <insert TLS problem here>
- How To Use SFTP to Securely Transfer Files with a Remote Server
- If you set ChrootDirectory /srv then there maybe a chance that the home directory of a user should be /www/example.com with /www is a sub-directory of /srv. Also do not forget to set root as the owner of /srv. I have also found a problem when I try to set /srv/www as the ChrootDirectory, this problem is not solved until now.