I've been finding that the Ubuntu mirrors are not always reliable and can be problematic. For instance, the mirrors for my home are rock solid, but the mirrors for my VPS are unreliable at best, and non-responsive at times. It took me some time to figure this out as the default setting of CONFIGURE_APT is yes.

My thought is that it may be best is to change this default setting to no and provide a note as to their potential unreliability when changing it to yes.

On a related note, have you considered using the Amazon S3 mirrors instead? (http://cloud.ubuntu.com/2012/01/regional-s3-backed-ec2-mirrors-available-for-testing/ http://askubuntu.com/questions/37753/how-can-i-get-apt-to-use-a-mirror-close-to-me-or-choose-a-faster-mirror/125252#125252)

Since 2.4 is now standard in the 14.04 apt repos, there are a few issues with the default apache2.conf...

Line 89: LockFile ${APACHE_LOCK_DIR}/accept.lock

AH00526: Syntax error on line 89 of /etc/apache2/apache2.conf: Invalid command 'LockFile', perhaps misspelled or defined by a module not included in the server configuration

Changing the above to Mutex file:${APACHE_LOCK_DIR} default corrects the issue, though I'm not positive it's actually required in 2.4. I haven't really looked into it that much.

Line 201: Options -Indexes FollowSymLinks

AH00526: Syntax error on line 201 of /etc/apache2/apache2.conf: Either all Options must start with + or -, or no Option may.

For me using +FollowSymLinks is what I generally want and handles the issue.

Line 273: Include conf.d/

apache2: Syntax error on line 273 of /etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/conf.d/: No such file or directory

Just creating the dir fixes the above.

Can Percona Server also be offered as an alternative to MySQL? It supposedly helps performance and is binary-compatible like MariaDB. It doesn't, in my experience, hurt performance at least. I've started to move over to it.

HI,

i've set ROOT_LOGIN=yes in options.conf but in the end of installation, still give me notice that root login has disabled and we need to adduser

how to fix this?

thanks

i have used this script successfully on 14.04.2 LTS (GNU/Linux 2.6.32-042stab103.6 x86_64)
setup all ran fine no issues
It however doesnt work with GNU/Linux 3.10.23-xxxx-std-ipv6-64-vps x86_64

not sure what the difference is but the script fails on this kernel

I used a different OVH cloud VPS and after it removes bind9 it can no longer resolve any of the ubuntu repositories.
as such it processes and says completed at each stage but does not install anything as it has err cannot resolve security.ubuntu.com or archive. or any other repo's

the errors begin after bind9 is removed
apache2: unrecognized service
sendmail: unrecognized service

• Stopping domain name service... bind9 waiting for pid 4036 to die
  [ OK ]
  nscd: unrecognized service
  The following packages will be REMOVED:
  bind9{p}
  0 packages upgraded, 0 newly installed, 1 to remove and 2 not upgraded.
  Need to get 0 B of archives. After unpacking 942 kB will be freed.
  (Reading database ... 33380 files and directories currently installed.)
  Removing bind9 ...
  rm '/etc/systemd/system/multi-user.target.wants/bind9.service'
  Purging configuration files for bind9 ...
  Deleting bind user
  dpkg: warning: while removing bind9, directory '/var/cache/bind' not empty so not removed
  Processing triggers for ureadahead ...
  Processing triggers for ufw ...
  Processing triggers for man-db ...

Configuring /etc/apt/sources.list.
Enabling MariaDB.org repo for Ubuntu saucy.
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.csbXrMv8n9 --trustdb-name /etc/apt//trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
gpg: requesting key 1BB943DB from hkp server keyserver.ubuntu.com
?: keyserver.ubuntu.com: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
Err http://archive.ubuntu.com saucy InRelease
Err http://archive.ubuntu.com saucy-updates InRelease
Err http://security.ubuntu.com saucy-security InRelease
Err http://ftp.osuosl.org saucy InRelease
Err http://ftp.osuosl.org saucy Release.gpg
Could not resolve 'ftp.osuosl.org'
Err http://archive.ubuntu.com saucy Release.gpg
Could not resolve 'archive.ubuntu.com'
Err http://security.ubuntu.com saucy-security Release.gpg
Could not resolve 'security.ubuntu.com'
Err http://archive.ubuntu.com saucy-updates Release.gpg
Could not resolve 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/saucy/InRelease:
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/saucy-updates/InRelease:
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/saucy-security/InRelease:
W: Failed to fetch http://ftp.osuosl.org/pub/mariadb/repo/5.5/ubuntu/dists/saucy/InRelease:
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/saucy/Release.gpg: Could not resolve 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/saucy-updates/Release.gpg: Could not resolve 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/saucy-security/Release.gpg: Could not resolve 'security.ubuntu.com'
W: Failed to fetch http://ftp.osuosl.org/pub/mariadb/repo/5.5/ubuntu/dists/saucy/Release.gpg: Could not resolve 'ftp.osuosl.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.

It basically replicates this for all future requests for packages and then finished with

Generating self signed SSL cert...
The following NEW packages will be installed:
expect tcl8.5{a} tcl8.5-lib{a}
0 packages upgraded, 3 newly installed, 0 to remove and 2 not upgraded.
Need to get 1,268 kB of archives. After unpacking 4,072 kB will be used.
Err http://archive.ubuntu.com/ubuntu/ saucy/main tcl8.5-lib amd64 8.5.13-1ubuntu4
Could not resolve 'archive.ubuntu.com'
Err http://archive.ubuntu.com/ubuntu/ saucy/main tcl8.5 amd64 8.5.13-1ubuntu4
Could not resolve 'archive.ubuntu.com'
Err http://archive.ubuntu.com/ubuntu/ saucy/main expect amd64 5.45-3
Could not resolve 'archive.ubuntu.com'
0% [Working]E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/t/tcl8.5/tcl8.5-lib_8.5.13-1ubuntu4_amd64.deb: Could not resolve 'archive.ubuntu.com'

./setup.sh: line 417: expect: command not found

No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.

nginx: unrecognized service
php5-fpm: unrecognized service
php5-fpm: unrecognized service
Optimize complete!

Installation complete!
Root login disabled.

This is also even though i set root login to yes in options.conf also

I suppose there are several issues with the new 14.04 kernel / process here.

however. if you use the OVH classic VPS instead of the Cloud VPS then you get ubuntu 14.04 with the

I think after install of fail2ban, install DDOS deflate will give the server basic protection against DDOS. You may write that in the install docs. Only my suggestions.

CentOS also how they can work

Hi,

any idea how to safely upgrade to PHP 5.4 from 5.3?
i run this command

nano /etc/apt/sources.list
# PHP 5.4
deb http://packages.dotdeb.org squeeze-php54 all
deb-src http://packages.dotdeb.org squeeze-php54 all
apt-get update; apt-get install php5;

but then my site get 502 bad gateaway

Thanks

Hi
I have idea to improve security in some scenarios and add automatic blowfish_secret random characters generator during
./setup.sh dbgui script execution and save it to
$cfg['blowfish_secret'] = 'generated characters here';
in
/usr/local/share/phpmyadmin/config.inc.php.

What do you think?

Best regards

Maybe you could add longer browser cache expiration for static files?
https://developers.google.com/speed/docs/best-practices/caching?csw=1#LeverageBrowserCaching

For Nginx:
Based on http://mesmor.com/2012/02/25/web-optimization-leverage-browser-caching/ :

location ~* \.(js|css|png|jpg|jpeg|gif|ico)(\?ver=[0-9.]+)?$ {
        expires 1y;
}

or https://github.com/rtCamp/easyengine/blob/master/etc/nginx/common/locations.conf#L17 :

location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off;
    log_not_found off;
    expires 1y;
}

Best regards

It's more like question than request:

Why don't you set DotDeb repositories also for Debian 7 Wheezy (only for Debian 6)?

It have a lot newer versions of packages (like php 5.4.4 vs 5.4.27).

I work a lot with Drupal - in fact, that's what I've created both times I've used TuxLite on new servers so far. I notice there's a wordpress.sh script but no drupal.sh. I'm thinking of writing a drupal.sh in the same style as wordpress.sh, so creating an issue to get your thoughts on that. If/when I write it, I'll obviously make a proper pull request.

Hello. I need help, i have followed this guide but my local server is not online and when i type /etc/init.d/apache2 start in terminal i get the following error

• Starting web server apache2 apache2: Syntax error on line 216 of /etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/httpd.conf: No such file or directory
  Action 'start' failed.

my os is ubuntu 13.04.

btw after commenting include httpd.conf on line 216 and retype /etc/init.d/apache2 start, i get the following error

• Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
  [Sun Mar 24 18:34:13 2013] [warn] NameVirtualHost *:443 has no VirtualHosts
  (98)Address already in use: make_sock: could not bind to address [::]:80
  (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
  no listening sockets available, shutting down
  Unable to open logs
  Action 'start' failed.

Hi. I think that changing sources.list by default is not good in every scenario. It wiil be good to make sources.list modification by Tuxlite script only optional. Tuxlite installation removing and changing all sources.list content. For example there is no need to change default repo on Amazon Ec2 Ubuntu Instances. How to prevent this change during T installation? Cheers

Looks like last update was 1 year ago, Will it work on latest Ubuntu 16.04

Server: Debian Wheezy, Apache, MySQL, Awstats = on

After running command:
./domain.sh stats on
Awstats are not accessible on domainname.com/stats/ with error:
You don't have permission to access /stats/ on this server.
Additional configuration is required?
Best regards

Could you add support for WordPress Multisite and W3 Total Cache?

See this script
https://github.com/rtCamp/easyengine/wiki/Create

I got this working on Lucid by running

sudo apt-get install python-software-properties sudo apt-add-repository ppa:brianmercer/php5

before running it. That lets PHP-FPM install. I also like to sudo apt-add-repository ppa:nginx/stable, though I don't believe that's strictly necessary.

Just thought to share, even though the script doesn't promise to work with Lucid :)

Hello, thanks for the script he is great but i have found a bug/issue with debian 7.
When i switch with varnish ( ./varnish.sh on) my site doesnt work , i have welcome message at least. how can i fix this problem ?

i use nginx 1.41

Debian Wheezy 7.0.1
Ubuntu Server 12.04.2
Apache2

Can't access domain virtualhost.
After adding domain:
Syntax error on line 10 of /etc/apache2/sites-enabled/mydomain.com
Invalid command 'FastCGIExternalServer', perhaps misspelled or defined by a module not included in the server configuration
Action 'graceful' failed.

Virtualhosts doesn't work.
Can't access /dbgui phpmyadmin interface.

Hi! Current stable Nginx version for Ubuntu 12.0.4 from ppa:nginx/stable is
nginx_1.2.8-1~precise_i386
Tuxlite installing by default, old version for Ubuntu: nginx/1.1.19

Unfortunatelly when I'm trying to upgrade Nginx after execute Tuxlite script by running apt-get upgrade, there is no success. Is there any easy way to modify Tuxlite script so new Nginx version will be installed? Cheers!

Ran the script on Friday with only 3 minor issues *I'll detail those next. Today ran the script on the same Deb 6 image and nginx and php-fpm did not install. Is there a log file created of the install or an option to enable logging? This is what I grabbed from my putty buffer when I ran the script:

Installing LAMP or LNMP stack.
The following NEW packages will be installed:
libossp-uuid16{a} nginx nginx-common{a} nginx-full{ab}
0 packages upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 708 kB of archives. After unpacking 1526 kB will be used.
The following packages have unmet dependencies:
nginx-full: Depends: libgeoip1 (>= 1.4.8+dfsg) but it is not going to be installed.
Depends: libpcre3 (>= 8.10) but 8.02-1.1 is installed.
Depends: libssl1.0.0 (>= 1.0.1) which is a virtual package.
The following actions will resolve these dependencies:

 Keep the following packages at their current version:

1. nginx [Not Installed]
   

2. nginx-full [Not Installed]
   

No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

./setup.sh: line 123: /etc/nginx/sites-available/default: No such file or directory
Couldn't find any package whose name or description matched "php5-fpm"
Couldn't find any package whose name or description matched "php5-fpm"
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

The 3 minor issues I had before wheezy live on a Deb 6 image were:

1. error log for nginx in /var/logs/nginx had the following error:
   rewrite or internal redirection cycle while internally redirecting to "/index.html",
   the solution http://serverfault.com/questions/416891/nginx-1-2-2-how-to-get-try-files-to-work

2)PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626/suhosin.so' - /usr/lib/php5/20090626/suhosin.so: cannot open shared object file: No such file or directory in Unknown on line 0
I just went ahead and added suhosin back into the options.config . Not sure why php was looking for it in the first place.

3)Wordpress install: had a noop error
solution - http://wordpress.org/support/topic/fatal-error-class-noop_translations-not-found-in-path

Because the script installs quite a few php modules by default, the install is vulnerable to PHP bug #62886 (https://bugs.php.net/bug.php?id=62886). This bug bit me on almost every PHP5-FPM restart with up-to-date Debian squeeze (as of this post) and PHP 5.3.17-1.

Patch PHP (patch provided in in bug report) or limit the number of PHP modules installed.

I recently had one of my Ubuntu VPSs upgraded (under 12.04).

The PHP modules upgraded caused PHP5-FPM to stop serving anything. The issue that caused it is referenced here (as well as the fix, which is to simply enable the supposedly default value for listen.mode):

http://chriskief.com/2014/05/07/nginx-php5-fpm-and-permission-denied-errors/

I wanted to bring this up since the main www.conf config file for PHP5-FPM is already modified by TuxLite on installation and any new user added gets a copy of this config file.

Why not use php5-mysqlnd?

https://dev.mysql.com/downloads/connector/php-mysqlnd/

Hi, congratulations, your script is great. It's a time saver. I just need to ask you one thing. I want to add a new location (for instance /admin) pointing to a subfolder (with php), is it straightforward?.

Thanks.

Would be nice if TuxLite could print info about server/domain

For example:
./domain.sh info domain.com - would search for domain in all users accounts and when found print all info about it. Like folder path etc.

/home/user/domains/domain.com/
/etc/nginx/sites-available/domain.com
/etc/logrotate.d/domain-domain.com
git remote (or full git command for adding remote path)
domain folder sizes etc.

./setup.sh info would give us all info about server configuration, configuration file paths etc.

PHP version: 5.4.4
PHP config files:
    /etc/php5/fpm/php.ini
    /etc/php5/fpm/pool.d/user.conf
MySql version: 5.5.3
MySql config file:
    /etc/mysql/my.cnf
Size of all MySql databases: 12MB
Nginx version: 1.2.2
Nginx config file:
    /etc/nginx/nginx.conf
number of installed sites (any info that you consider useful) etc.

Best regards

Is it possible to use system repos instead of direct link? So updates won't be a problem. Right now 4.0.5 is installed and I don't now how to update phpmyadmin with using apt-get.

I understand that you have to recompile nginx in order to add a module... Is there away to do this with your script? If I build nginx from source, what do I have to do to ensure that I can still use Tuxlite?

I propose to prevent directory listings by default configuration. For now directories and files can be viewed by any visitor. It is vulnerable in the sense that these directories can contain configuration, private and backup files which can be used by the attackers. Thank you for great job!

https://blog.codinghorror.com/pick-a-license-any-license/
https://choosealicense.com/

Your repo is without license. Are you planning to open this work for others to use?

After a recent patches update (aptitude safe-upgrade) started experiencing "502 Bad Gateway" error for all the sites on the server running Ubuntu 12.04.

The solution that worked is as described by someone here: http://ubuntuforums.org/showthread.php?t=2231143

I uncommented the three lines and made sure listen.mode is equal to 0660 in *.conf files present under /etc/php5/fpm/pool.d/ folder. Then restarted php5-fpm.

Before the above fix:

root@vzssd5:/var/run# ls -ltr *.sock
srw-rw---- 1 root root 0 Jul 3 06:58 php5-fpm-www-data.sock
srw-rw---- 1 root root 0 Jul 3 06:58 php5-fpm-vanarp.sock

After the above fix:

root@vzssd5:/var/run# ls -ltr *.sock
srw-rw---- 1 www-data www-data 0 Jul 3 13:26 php5-fpm-www-data.sock
srw-rw---- 1 www-data www-data 0 Jul 3 13:26 php5-fpm-vanarp.sock

I am not sure if this will be an issue for newer installations. May need further testing with other Linux distros/versions.

MariaDB is gaining a bit of steam and it'd be great to have the option of installing that rather than MySQL.

Hi,

I'm not sure if it's alright to post this here. But here it goes.

I've installed it in Ubuntu x64 12.04, it's great! But how shall I choose the document root? Doing a ./domain.sh add myusername mysub.domain.tld automatically creates another separate document root.

What if I wanted to direct the sub-domain to another folder inside it's root domain?
The usual path for root domain is /home/user-name/domains/domain-folder/public_html and I need the newly created sub-domain to use the same document root. This is easy to do with a control panel, but I'd rather use this script for my intended hosting.

Any thoughts on this one?

Testing this on a VirtualBox. Great script by the way!

Hi,
the phpMyAdmin download url has changed. It is not available at sourceforge anymore. When using ./setup.sh dbgui it gives an error because phpMyAdmin could not be downloaded.

New url:
https://files.phpmyadmin.net/phpMyAdmin/${PMA_VER}/phpMyAdmin-${PMA_VER}-all-languages.tar.gz

Support for php7 would be nice.

I've emailed you in the past about this and I believe it's time to discuss it further.

TuxLite could have a /plugins directory inside which bash scripts could reside. These bash scripts could auto-execute at the last step of TuxLite's installation process or they could be pre-defined to be executed in the options.conf file.

This /plugins directory can include any "non-core" scripts (e.g. wordpress.sh).

The whole concept could modularize TuxLite further more ;)

P.S. If I recall, you plan on merging all these scripts to a single one - imho I believe varnish.sh should be a core script (my 2c).

Something I noticed on a new VPS is that MySQL is using up some memory. It's using an Ubuntu 12.04 template that probably has not been vetted much over time yet. Any plans to add some my.cnf tweaking to TuxLite? I realize this is a bit of a precarious question since it's impossible to know with which kind of application MySQL will be used. But maybe a few common templates (e.g. WordPress site, Drupal site, read-heavy site, write-heavy site, whatever) would be a starting point. I'd envision typing:

./setup.sh optimize-mysql <tempate_name>

to run the command.

My motivation for asking this is basically the unnecessarily-high-seeming memory use of the stock MySQL on the VPS.

(And I'm aware of https://github.com/rackerhacker/MySQLTuner-perl :))

Thanks.

Love the script, is exactly what I was looking for. Great work.

That said, I think it would be fantastic to extend the functionality of ./domain.sh add | rem to include copy (cpy in example) though easier said than done I'm sure!
Example:

setup main wp site

./domain.sh add user1 user1.com
./wordpress.sh

setup a test wp site

./domain.sh add user1 test.user1.com
./wordpress.sh

copy mainsite to test site

./domain.sh cpy user1 user1.com user1 test.user1.com

user1.com remains the same,

test.user1.com databases & home/user1/domains/test.user1.com folder etc are overwritten with user1.com databases & home/user1/domains/user1.com etc.

make some updates, test some stuff, show some clients some stuff on test.user1.com, then copy back to user1.com.

AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/ports.conf:8
AH00526: Syntax error on line 9 of /etc/apache2/sites-enabled/craftystudio.pl:
Invalid command 'FastCGIExternalServer', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.

How to fix it? After removing this line server works but php doesn't.

I noticed the SSL certificate has expired for the site.

Desktop version.

Hello, I don't see where I can specify which PHP version to install. I see it chooses php5 by default, but I want to install php7

Hi,
Does this script support Debian8 64 bit?

When I run the install.sh script on a VPS running Ubuntu 12.10, at the point where mysql-server gets installed, I get a gui prompt saying:

Unable to set password for the MySQL "root" user

After I press enter, it seems to be stuck at installing mysql-server-5.5

Am I doing something wrong?

tuxlite.com is down, would be a useful resource to have the features/installation info available within the repository.

I'm planning to use this script (initially) for setting up a Vagrant VM, but it'll be run non-interactively. I think the MySQL parts ask for the root password. Is it possible to pass that in through the script that calls ./install.sh?

I'll test my assumption here and see if it just works, but I do recall being stopped like that once during installation.

Test it multiple times and it seems to be the case

Does this script work on Ubuntu 16.04 LTS?