# Web Server CLI Cheatsheet — Ubuntu 24.04 (Apache + PHP-FPM + MariaDB)

Daily commands for running the server built by `setup-webserver.sh`.

## Quick status

```bash
sudo healthcheck                 # custom: all services, disk, memory, ports
systemctl status apache2         # one service detail
sudo systemctl --failed          # anything broken?
htop                             # live CPU/RAM/process (q to quit)
df -h                            # disk space
free -h                          # memory + swap
```

## Apache

```bash
sudo systemctl reload apache2    # apply config, no dropped connections (PREFER)
sudo systemctl restart apache2   # full restart (drops connections)
sudo apache2ctl configtest       # check config BEFORE reload — always do this
apache2ctl -v                    # version

# Manage sites (vhosts)
sudo a2ensite SITE.conf          # enable a site
sudo a2dissite SITE.conf         # disable a site
sudo a2enmod rewrite             # enable a module
ls /etc/apache2/sites-available/ # all defined sites
ls /etc/apache2/sites-enabled/   # active sites (symlinks)

# Add a site (your script)
sudo ./add-vhost.sh example.com

# Logs (live tail, Ctrl+C to stop)
sudo tail -f /var/log/apache2/error.log
sudo tail -f /var/log/apache2/example.com-access.log
```

## PHP / PHP-FPM

```bash
php -v                                   # version
php -m                                   # installed modules
sudo systemctl restart php8.3-fpm        # restart after ini changes
php -i | grep opcache                    # check opcache settings
sudo tail -f /var/log/php8.3-fpm.log     # FPM errors

# Config locations
/etc/php/8.3/fpm/php.ini                 # main FPM config
/etc/php/8.3/fpm/conf.d/                 # drop-in .ini files
/etc/php/8.3/fpm/pool.d/www.conf         # worker pool tuning
```

## MariaDB / MySQL

```bash
sudo mariadb                     # connect as root (socket auth, no password)

# Inside the mariadb prompt (end each with ;)
SHOW DATABASES;
USE mydb;
SHOW TABLES;
SELECT user, host FROM mysql.user;
\q                               # quit

# One-liners from shell
sudo mariadb -e "SHOW DATABASES;"
sudo mariadb mydb < dump.sql     # import
sudo mariadb-dump mydb > dump.sql   # export single DB
sudo db-backup                   # your nightly backup, run manually
ls -lh /var/backups/mysql/       # backups

# Create app DB + user
sudo mariadb -e "CREATE DATABASE app CHARACTER SET utf8mb4;
  CREATE USER 'app'@'localhost' IDENTIFIED BY 'CHANGE_ME';
  GRANT ALL ON app.* TO 'app'@'localhost'; FLUSH PRIVILEGES;"
```

## Firewall (UFW)

```bash
sudo ufw status verbose          # rules + active?
sudo ufw allow 8080/tcp          # open a port
sudo ufw delete allow 8080/tcp   # close it
sudo ufw deny from 1.2.3.4       # block an IP
```

## Fail2ban (brute-force bans)

```bash
sudo fail2ban-client status              # active jails
sudo fail2ban-client status sshd         # banned IPs for SSH
sudo fail2ban-client set sshd unbanip 1.2.3.4   # unban
```

## TLS / Certbot

```bash
sudo certbot --apache -d example.com -d www.example.com   # get cert
sudo certbot certificates        # list certs + expiry
sudo certbot renew --dry-run     # test auto-renew (real renew is automatic)
```

## Services (systemd) — the universal pattern

```bash
sudo systemctl start|stop|restart|reload|status NAME
sudo systemctl enable NAME       # start on boot
sudo systemctl disable NAME      # don't start on boot
journalctl -u NAME -f            # live logs for any service
journalctl -u NAME --since "1 hour ago"
```

## Files & permissions (web root)

```bash
sudo chown -R www-data:www-data /var/www/example.com   # web server owns files
sudo find /var/www -type d -exec chmod 755 {} \;       # dirs
sudo find /var/www -type f -exec chmod 644 {} \;       # files
du -sh /var/www/*                # folder sizes
```

## Node (if installed)

```bash
node -v ; npm -v
pm2 start app.js --name myapp    # run a node app, kept alive
pm2 list                         # running apps
pm2 logs myapp
pm2 restart myapp
pm2 startup && pm2 save          # survive reboot
```

## System maintenance

```bash
sudo apt update && sudo apt upgrade -y   # update packages
sudo apt autoremove                      # clean unused
sudo reboot
uptime                                   # how long up + load
who                                      # who's logged in
last                                     # login history
```

## Logs — where to look when something breaks

| Problem | Look here |
|---------|-----------|
| Site 500 error | `/var/log/apache2/<site>-error.log` |
| PHP crash | `/var/log/php8.3-fpm.log` |
| DB won't start | `journalctl -u mariadb` |
| Can't SSH in | `journalctl -u ssh` (from console) |
| Service down | `systemctl status <name>` |
| Anything else | `journalctl -xe` |

## Survival tips

- **Always `configtest` before reloading Apache.** Bad config + restart = site down.
- **`reload` over `restart`** when possible — no dropped connections.
- **Keep an SSH session open** when changing SSH/firewall config. Test new login in a *second* terminal before closing the first.
- **`Ctrl+C`** stops a running command (like `tail -f`). **`q`** quits pagers (`less`, `htop`).
- **Tab** autocompletes paths/commands. **↑** recalls last command.