Debian Wheezy
This guide covers a robust LEMP (Linux, Nginx, MySQL, PHP) stack running on Debian Wheezy, as well as a guide to a similarly robust Dovecot + Postfix mail solution.
After finally getting around to putting this up, I noticed I skipped over some documentation, and as a result I am probably still missing a few things. More than that, I am sure not all of this is very clear. Some of it may be wrong, or at least, 'improper'. I can say it works - you are reading this, after all - and that it works rather smoothly.
I could add a few more items to the stack section - this server also runs Murmur (mumble-server), a git repository, several Minecraft servers (community for them is on Legends of a World Unbent), etc.
So, given that:
- If there is something you want to setup that you would like me to add.
- If there is something confusing about the instructions, or I have missed a step.
- If I am doing something incorrectly.
- Or any other suggestion
Please feel free to sign up to the forums] and let me know.
History of this guide
Back in 2009, my main forum (Elliquiy) had gone from outgrowing its shared hosting, to outgrowing its vps, which was then running Debian Etch. I got a Core2 Duo server with 4GB of RAM, installed Debian Lenny on it, and went about documenting everything that I had done. I published the result to my forums as 'The Elliquiy LAMP Stack'.
There were some problems with this.
1) Elliquiy has the 'distinction' of likely being the only site where this XKCD strip applied to the joke. That is, it's not safe for work. At least e-mail was unaffected.
2) Even ignoring that it is five years old, it was still my first non-virtual Debian stack open to the Internet. The traffic that nearly brought it down is normal operations some days.
A few servers and who knows how many VPSes later, I updated the documentation when I moved to Squeeze, but for various reasons, never got around to publishing it.
A few more servers and dropping my last VPS later, I updated the documentation to Wheezy. The following, with some server/purpose specific modifications, is currently running on three servers.
My two main servers are at HostVenom in Chicago, running a Master/slave setup, and the third server is at Hivelocity in Tampa, which functions as a remove backup and hosts my smaller sites. Having been through a dozen reputable hosting companies, these two have been doing well enough for me for the past year.
In any case, these servers are used to host highly committed communities, with a wide array of technical abilities and situations. If something goes wrong, I generally hear about it fairly quickly, and can work to resolve it accordingly.
Next up after this is probably a performance troubleshooting guide.
Hardware and Hosting
Linux Core
The following assumes you have Wheezy installed and partitioned to your specifications - either by your host or by yourself via a remote KVM as above.
- Network (Wheezy)
- OpenSSH (6.0)
- Packages (Wheezy)
- Sysctl.conf (Wheezy)
- Iptables (1.4)
- Security (Wheezy)
- User Management (Wheezy)
Software Stack
- Unbound (1.4) - While I use a DNS service for my authoritative DNS servers, having a local DNS server is extremely handy. In addition to being almost a requirement for any mailserver, it can speed up some website functions immensely.
- MySQL (5.5) - Getting the database going early is often a priority.
- Nginx (1.4) - Webserver of champions. I do have some older documentation for Apache, but at this point I cannot afford to consider switching back.
- PHP (5.4) - FPM and the ancient fastcgi method are covered.
Mail Setup and Stack
- MySQL must be setup first for the following configuration, and a working DNS resolver such as Unbound is highly recommended.
- Packages used: opendkim opendkim-tools spamc libmail-dkim-perl libmail-spf-perl libio-socket-inet6-perl clamav-docs clamav-freshclam clamav-daemon clamav-milter clamav dovecot-imapd dovecot-mysql postfix postfix-mysql postfix-pcre
- We're setting up Postfix as a site.
- Mail Setup (Wheezy)
- Mail Tables (MySQL)
- OpenDKIM (2.6)
- Mail and DNS - Once we know what our domains are and have our DKIM key (from OpenDKIM), we can configure our DNS properly.
- Spamassassin (3.3) - I've tried others, supposedly for the performance benefits, but honestly, with a handful of custom rules, and a solid postfix configuration, very little spam makes it through.
- ClamAV (0.98) - Antivirus IMO should be approached from the viewpoint that it gives a chance for you to avoid the repercussions of your mistakes. Often a small one, but if not intrusive, still better than zero.
- Postfix (2.9) - My preferred MTA of choice.
- Dovecot (2.1)
- Mail Reputation Management