rkeus/webserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add webserver provisioning + vhost scripts, README, cheatsheet

Browse Source 
- setup-webserver.sh: idempotent Ubuntu 24.04 LAMP provisioning
  (Apache event MPM + PHP 8.3-FPM + MariaDB + Node/Python, phpMyAdmin,
  Composer, Certbot, UFW, Fail2ban; optional components prompted/env-gated)
- add-vhost.sh: add an Apache virtual host, optional DB + TLS
- CHEATSHEET.md: day-to-day server CLI reference
- README.md: setup instructions and env-var matrix

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
rkeus
2026-06-22 04:00:01 +00:00
commit d0c77893f7
4 changed files with 866 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHEATSHEET.md
+162
View File
@@ -0,0 +1,162 @@
# Web Server CLI Cheatsheet — Ubuntu 24.04 (Apache + PHP-FPM + MariaDB)
Daily commands for running the server built by `setup-webserver.sh`.
## Quick status
```bash
sudo healthcheck # custom: all services, disk, memory, ports
systemctl status apache2 # one service detail
sudo systemctl --failed # anything broken?
htop # live CPU/RAM/process (q to quit)
df -h # disk space
free -h # memory + swap
```
## Apache
```bash
sudo systemctl reload apache2 # apply config, no dropped connections (PREFER)
sudo systemctl restart apache2 # full restart (drops connections)
sudo apache2ctl configtest # check config BEFORE reload — always do this
apache2ctl -v # version
# Manage sites (vhosts)
sudo a2ensite SITE.conf # enable a site
sudo a2dissite SITE.conf # disable a site
sudo a2enmod rewrite # enable a module
ls /etc/apache2/sites-available/ # all defined sites
ls /etc/apache2/sites-enabled/ # active sites (symlinks)
# Add a site (your script)
sudo ./add-vhost.sh example.com
# Logs (live tail, Ctrl+C to stop)
sudo tail -f /var/log/apache2/error.log
sudo tail -f /var/log/apache2/example.com-access.log
```
## PHP / PHP-FPM
```bash
php -v # version
php -m # installed modules
sudo systemctl restart php8.3-fpm # restart after ini changes
php -i | grep opcache # check opcache settings
sudo tail -f /var/log/php8.3-fpm.log # FPM errors
# Config locations
/etc/php/8.3/fpm/php.ini # main FPM config
/etc/php/8.3/fpm/conf.d/ # drop-in .ini files
/etc/php/8.3/fpm/pool.d/www.conf # worker pool tuning
```
## MariaDB / MySQL
```bash
sudo mariadb # connect as root (socket auth, no password)
# Inside the mariadb prompt (end each with ;)
SHOW DATABASES;
USE mydb;
SHOW TABLES;
SELECT user, host FROM mysql.user;
\q # quit
# One-liners from shell
sudo mariadb -e "SHOW DATABASES;"
sudo mariadb mydb < dump.sql # import
sudo mariadb-dump mydb > dump.sql # export single DB
sudo db-backup # your nightly backup, run manually
ls -lh /var/backups/mysql/ # backups
# Create app DB + user
sudo mariadb -e "CREATE DATABASE app CHARACTER SET utf8mb4;
CREATE USER 'app'@'localhost' IDENTIFIED BY 'CHANGE_ME';
GRANT ALL ON app.* TO 'app'@'localhost'; FLUSH PRIVILEGES;"
```
## Firewall (UFW)
```bash
sudo ufw status verbose # rules + active?
sudo ufw allow 8080/tcp # open a port
sudo ufw delete allow 8080/tcp # close it
sudo ufw deny from 1.2.3.4 # block an IP
```
## Fail2ban (brute-force bans)
```bash
sudo fail2ban-client status # active jails
sudo fail2ban-client status sshd # banned IPs for SSH
sudo fail2ban-client set sshd unbanip 1.2.3.4 # unban
```
## TLS / Certbot
```bash
sudo certbot --apache -d example.com -d www.example.com # get cert
sudo certbot certificates # list certs + expiry
sudo certbot renew --dry-run # test auto-renew (real renew is automatic)
```
## Services (systemd) — the universal pattern
```bash
sudo systemctl start|stop|restart|reload|status NAME
sudo systemctl enable NAME # start on boot
sudo systemctl disable NAME # don't start on boot
journalctl -u NAME -f # live logs for any service
journalctl -u NAME --since "1 hour ago"
```
## Files & permissions (web root)
```bash
sudo chown -R www-data:www-data /var/www/example.com # web server owns files
sudo find /var/www -type d -exec chmod 755 {} \; # dirs
sudo find /var/www -type f -exec chmod 644 {} \; # files
du -sh /var/www/* # folder sizes
```
## Node (if installed)
```bash
node -v ; npm -v
pm2 start app.js --name myapp # run a node app, kept alive
pm2 list # running apps
pm2 logs myapp
pm2 restart myapp
pm2 startup && pm2 save # survive reboot
```
## System maintenance
```bash
sudo apt update && sudo apt upgrade -y # update packages
sudo apt autoremove # clean unused
sudo reboot
uptime # how long up + load
who # who's logged in
last # login history
```
## Logs — where to look when something breaks
| Problem | Look here |
|---------|-----------|
| Site 500 error | `/var/log/apache2/<site>-error.log` |
| PHP crash | `/var/log/php8.3-fpm.log` |
| DB won't start | `journalctl -u mariadb` |
| Can't SSH in | `journalctl -u ssh` (from console) |
| Service down | `systemctl status <name>` |
| Anything else | `journalctl -xe` |
## Survival tips
- **Always `configtest` before reloading Apache.** Bad config + restart = site down.
- **`reload` over `restart`** when possible — no dropped connections.
- **Keep an SSH session open** when changing SSH/firewall config. Test new login in a *second* terminal before closing the first.
- **`Ctrl+C`** stops a running command (like `tail -f`). **`q`** quits pagers (`less`, `htop`).
- **Tab** autocompletes paths/commands. **↑** recalls last command.