Background:

- I always been on shared hosting but decided to host my new site on a VPS.
- VPS and Linux n00b (although I use a Linux machine for day to day use)


Requirements:

- Will be hosting Wordpress sites on the main domain and on a sub-domain
- Main domain will be pretty static
- Sub-domain will be hosting another wordpress site
- Will be using Interspire email marketer on both main domain and on the sub-domain separately for weekly/monthly news-letters
- The sub-domain should be able to handle some unexpected traffic spikes.
- Will be using separate email addresses for them. i.e. main domain will be using @maindomain.com and the sub will be using @sub.maindomain.com email addresses
- The operation of the main domain and sub will be separate.

What have I done so far:

- At first I installed the lamp stack by following the Quick Start Guides of the Linode libarary, and it was fine, the demo site was working.

- Then I wanted to install Ispconfig and phpadmin because I prefer to use an GUI

*after the Ispconfig and phpadmin installation the site stopped working*

After googling and browsing this forum, I realised that I should install the Ispconfig first BEFORE deploying the LAMP

- I rebuilt the linode and installed the Ispconfig first. Ispconfig was working fine as well as http://176.58.122.148/ <--it was showing "It works!" message.

- Then I decided to optimize Apache, PhP, Mysql etc (which were installed with the Ispconfig) as shown here http://library.linode.com/hosting-website

Also I created the firewall as shown here http://library.linode.com/securing-your-server

After this, both the http://176.58.122.148/ and the ispconfig are showing 403 forbidden "You don't have permission to access / on this server"

I checked the /home/user_name/public/sitename.com/public's last "public" directory permission/file attributes on filezilla, it is showing 755.

Now my patience and energy are running out as I spent the whole weekend on this.

So I would really appreciate if anyone could tell me what have I done wrong or what should I really do in order to achieve those requirements?

Thank you very much.

Update:

Just checked the error log using filezilla at /home/usernae/public/site.com/log/error.log

It is saying [Mon Sep 17 10:50:39 2012] [error] [client *ip-address*] client denied by server configuration: /home/username/public/sitename.com/public/

Update-2

After more googling I came across to this post http://www.cyberciti.biz/faq/httpd-clie ... iguration/ and updated the apache configuration according to that post.

The apache configuration now look like this



Now the http://176.58.122.148/ is working BUT Ispconfig saying can't connect.

I am still lost

_________________
Ubuntu 10.4 LTS, Apache2, LAMP, n00b

Online Shopping

In your firewall configuration, find

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

And add in a new rule

# Allow ISPConfig
-A INPUT -p tcp --dport 8080 -j ACCEPT

Then restart the firewall.

Unless you're hosting multiple sites that OTHER people need to admin, then a Control Panel is a waste of resources AND it bastardizes the config setup.

Take 15 minutes and learn the command line. Then you can run all of the apps and services natively without worrying what the control panel is doing to their config's.

As to phpmyadmin, search the forum. There are way better (and way way way more secure) GUI options for managing MYSQL.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

Hi Nibbler,

Thanks a lot!!! It's working now. BUT the httpS is showing the SSL is expired. Can't remember even if I told ispconfig to use SSL.

But anyway - at least it is accessible now.

_________________
Ubuntu 10.4 LTS, Apache2, LAMP, n00b

Online Shopping

Hi vonskippy,

Thanks for your input. Now I am considering to get rid of ispconfig and phpmyadmin.
But few questions -



Isn't it easy to maintain/monitor the server using ispconfig as it has an interface? Also isn't it offer easy to do small tasks? i.e. creating a subdomain.




Yeh got to learn the command line just for the sake of the self maintained VPS. Any good places to start?*



Tried searching this forum but not much luck. But in various forums I came across to SQL Buddy, MySQL GUI Tools and Navicat for MySQL.

Which one do you use or which one do you think better than phpmyadmin?

Do you think I should simply uninstall the phpmyadmin and ispconfig now or shall I do the rebuild the linode and do it from the scratch?

Thanks

*Google mainly brings garbage these days

_________________
Ubuntu 10.4 LTS, Apache2, LAMP, n00b

Online Shopping

Not really, using apache adding a subdomain can be as simple as adding ServerAlias subdomain.domain.com to your config file or adding a new config file which you can copy from an existing site, it depends on the situation, after you've done it a few times you'll be able to do it in a few minutes.



The linode library is a good place to start http://library.linode.com/


MySQL Workbench http://www.mysql.com/products/workbench/ - cross platform
Sequel pro http://www.sequelpro.com/ - mac
Heidi SQL http://www.heidisql.com/ - windows

All of those support SSH tunnels which you should use.



Rebuilding is probably easier since you can follow the Linode library guides as you go along.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Hi obs,

Cheers for the reply.



I already tried to make a sub-domain but it seems I broke the server again, do you think it is because my domain (on godaddy) isn't pointing to the linode ip address?

_________________
Ubuntu 10.4 LTS, Apache2, LAMP, n00b

Online Shopping

(Not intending to thread hijack; this may be useful educationally for the OP and me.)

For PHPMyadmin, how secure would following type of configuration be:
-restrict access to PHPMyadmin to only your IP
-require SSL login
-use a free Cloudflare account to manage DNS, which does not allow people to connect via https
-->therefore, the main way to connect would be to do so from your IP, and by modifying the local HOSTS file to bypass Cloudflare and be able to log in with a secure connection

Can more experienced folks can shoot holes in this plan, or would this considered to be reasonably secure? If so, please share!

_________________
Amateur, eager to learn.
My hematology, oncology, and chemotherapy regimen wiki

Define broke, i.e. error messages, without the details I can't comment.

that's a fair setup, if you've restricted access via iptables then it's fine, if not then I'd suggest doing so just in case there's some login bypass bug that creeps into phpmyadmin. Other good ways of locking down services such as this are ssh tunnels, client web certificates and vpns.

The cloud flare bit is a bit..meh IMHO I wouldn't bother with it, depending on how your server is setup it's possible someone could put https://<yourip> into their browser and it'd bypass cloud flare.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I think I found the answer. I was trying to create a sub-domain BEFORE pointing my domain to the ip address. But technically something like http://subdomain.176.58.122.148/ not possible, right?

Thanks for your help!

_________________
Ubuntu 10.4 LTS, Apache2, LAMP, n00b

Online Shopping

Right.

But you can use a local host file on the local computer you're testing from to see that the subdomains and vhosts are working before you commit the changes to your public dns server.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

Thanks for your input; I considered that workaround too. I already have https://domain.com/phpmyadmin IP restricted via virtualhosts/Apache. Is that as good? I may eventually get an SSL certificate for the site, so I'd prefer not to lay down a foundation where everything on port 443 only always restricted to only 1 IP.

_________________
Amateur, eager to learn.
My hematology, oncology, and chemotherapy regimen wiki

The simplest solution to secure PHPMyAdmin is to have it only accessible on localhost and then use a SSH tunnel to access it, that way no one that doesn't have SSH access can see it's even installed, you also don't need to add a SSL cert since SSH does the encryption for you.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I think that's a great idea--thanks.

_________________
Amateur, eager to learn.
My hematology, oncology, and chemotherapy regimen wiki