Web Server Admin Quick Ref

Published in Programming, Reference

Setup

Connect via SSH

ssh root@<server_ip>

or

ssh <user>@<server_ip>

if a non-root user already exists.

Add a non-root user

Add a new user and add to the sudo group.

adduser <user>
usermod -G sudo <user>

Generate SSH keys

On the local machine, use

ssh-keygen

to create a key pair stored in ~/.ssh by default. Then, copy the public key contents to the server.

cd ~/.ssh
cat id_rsa.pub

In a new terminal window connect to the server with your new user and paste the contents as a new line into the authorized_keys file. This file won’t exist if it is the first time setting up SSH so create it:

ssh <user>@<server_ip>
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
nano authorized_keys

Set permissions for this file:

chmod 600 authorized_keys

Shell Commands Quick Ref

To move around filesystem,

cd /absolute/path
cd ../relative/path

For listing files, use the -la flags to list all files with details:

ls -la

Copy files:

cp path/to/file path/to/new/file

Move or rename a file:

mv filename new_filename
mv file new/file

Move or rename a directory:

mv dirname new/path/dirname
mv dirname new_dirname

Transfer files with SFTP

sftp <user>@<ip_address>

Then use normal commands but to have the effect on the local filesystem precede it with an l:

lpwd
lls
lcd

Then to send a file or directory from the local machine to server:

put <local_file>
put -r <local_directory>

Which will put the file or directory (the -r flag specifies recursive, so all contents will be transfered) to the current directory on the server.

To download a file or directory from the server:

$ get <remote_file>
get -r <remote_directory>

When done issue exit.

Disable Password Authentication

Log in to the server and edit sshd_config:

ssh <user>@<ip_address>
sudo nano /etc/ssh/sshd_config

Find the line containing PasswordAuthentication and set to no.

Also find the line containing PermitRootLogin and set to no.

Then restart SSH:

sudo systemctl reload sshd

Firewall

To use the Ubuntu firewall, ufw:

sufo ufw status

A common operation is to allow a specific program through (e.g. a web server). To see the available applications for such a commands, run:

sudo ufw app list

And then to enable one enter as the argument for allow:

sudu ufw allow OpenSSH
sudo ufw allow 'Nginx HTTP'

You can also enter a specific port or connection type:

sudo ufw allow 443
sudo ufw allow http

To enable or disable the firewall altogether, use enable or disable:

sudo ufw enable
sudo ufw disable

WordPress Backup

To backup a wordpress site, download both the WordPress site files and the database.

Files

Navigate to the location your site is stored. This is typically /var/www/<site>. Once in the www directory, use tar to create a zip archive.

tar -zcvf site.tgz <directory>

Later, to uncompress, switch the -c flag with -x in order to extract the file instead of create.

tar -zxvf site.tgz <directory>

DatabaseAssuming MYSQL is used as the database, you can use the mysqldump utility to output a database to a file.

mysqldump -u [user] -p [database] > datadump.sql

Database

Assuming MYSQL is used as the database, you can use the mysqldump utility to output a database to a file.

mysqldump -u [user] -p [database] > datadump.sql