🚀 Deep Guard Server Setup Guide

Ubuntu Server Setup For Nginx, PHP, MariaDB And Security Configuration

1
System Update And Nginx Installation
First, We'll Update System Packages And Install The Nginx Web Server. 
sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt-get install nginx -y
sudo apt install net-tools -y
2
PHP 8.1 Installation
We'll Install PHP 8.1 And Required Modules. 
sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt-get install php8.1-fpm -y
sudo apt-get install php8.1-pdo php8.1-mysql php8.1-curl -y
3
Additional Tools Installation
We'll Install vnstat For Network Traffic Monitoring. 
sudo apt-get install vnstat
4
MariaDB Installation And Configuration
We'll Install And Configure The MariaDB Database Server.

4.1 MariaDB Installation

sudo apt install mariadb-server -y

4.2 Root Password Setup

mariadb
Run The Following Command In The MariaDB Console :
ALTER USER 'root'@'localhost' IDENTIFIED BY 'KerryKing61';
exit

4.3 Secure Installation

sudo mysql_secure_installation
IMPORTANT : Enter Password : KerryKing61. Set "Disallow Root Login Remotely" To "NO". Set All Other Options To "YES".
5
Database And User Creation
We'll Create The DEEPGUARD Database And User.

5.1 MariaDB Login

mysql -u root -p
Password: KerryKing61

5.2 Database And User Creation

CREATE DATABASE HANGADELEN;
CREATE USER 'HANGADELEN'@'localhost' IDENTIFIED BY 'KerryKing61';
GRANT ALL PRIVILEGES ON *.* TO 'HANGADELEN'@'localhost';
FLUSH PRIVILEGES;
exit
6
Configure Sudo Permissions
We'll Grant Necessary Sudo Permissions To The www-data User. 
sudo visudo
Add The Following Lines To The Opened File :
www-data ALL=(ALL) NOPASSWD: /root/ufw.sh
www-data ALL=(ALL) NOPASSWD: /usr/sbin/ufw
www-data ALL=(ALL) NOPASSWD: /sbin/reboot
www-data ALL=(ALL) NOPASSWD: /usr/sbin/service nginx restart
www-data ALL=(ALL) NOPASSWD: /usr/sbin/service mysql restart
www-data ALL=(ALL) NOPASSWD: /usr/sbin/service php8.1-fmp restart
Save And Exit The File (Ctrl+X, Y, Enter)
7
Setup Cron Jobs
We'll Configure Automated Tasks. 
crontab -e
Add The Following Lines To The Opened File :
* * * * * /usr/bin/php /var/www/html/security/cron/cron.php && /usr/bin/php /var/www/html/security/cron/nginx-cron.php && /usr/bin/php /var/www/html/security/cron/referer-cron.php && /usr/bin/php /var/www/html/security/cron/logs-clear.php
*/10 * * * * /usr/sbin/service nginx reload
*/10 * * * * /usr/bin/php /var/www/html/security/cron/nginx-clear.php
0 3 * * 1 cd /usr/share/GeoIP && wget -O GeoLite2-Country.tar.gz "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=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&suffix=tar.gz" && wget -O GeoLite2-ASN.tar.gz "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=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&suffix=tar.gz" && tar -xzf GeoLite2-Country.tar.gz --strip-components=1 --wildcards '*/GeoLite2-Country.mmdb' && tar -xzf GeoLite2-ASN.tar.gz --strip-components=1 --wildcards '*/GeoLite2-ASN.mmdb' && rm -f GeoLite2-*.tar.gz && systemctl restart nginx >> /var/log/nginx/HANGADELEN/maxmind_logs.log 2>&1
0 */2 * * * /root/ufw.sh
Save And Exit The File
8
GeoIP Module Installation
We'll Install The Required Modules For Geographical IP Tracking. 
sudo apt install libnginx-mod-http-geoip2 mmdb-bin
9
Download GeoIP Databases
We'll Download And Configure MaxMind GeoIP Databases.

9.1 Create Directory

mkdir -p /usr/share/GeoIP
cd /usr/share/GeoIP

9.2 Download Databases

wget -O GeoLite2-Country.tar.gz "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=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&suffix=tar.gz"
wget -O GeoLite2-ASN.tar.gz "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=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&suffix=tar.gz"

9.3 Extract Files

tar -xzf GeoLite2-Country.tar.gz --strip-components=1 --wildcards '*/GeoLite2-Country.mmdb'
tar -xzf GeoLite2-ASN.tar.gz --strip-components=1 --wildcards '*/GeoLite2-ASN.mmdb'
rm -f GeoLite2-*.tar.gz
10
Upload Nginx Configuration Files
After Uploading The Provided Configuration Files To The Server, Update The Nginx Configuration Directory.
IMPORTANT : Make Sure To Upload The Provided /etc/nginx Configuration Files To Your Server Before Running The Permission Command!
Upload All Configuration Files To The /etc/nginx Directory On Your Server Using SFTP Or Your Preferred File Transfer Method.

10.1 Set Nginx Configuration Permissions

sudo chmod -R 777 /etc/nginx
11
Upload Nginx Log Files
After Uploading The Provided Log Files To The Server, Update The Nginx Log Directory.
IMPORTANT : Make Sure To Upload The Provided /var/log/nginx Files To Your Server Before Running The Permission Command!
Upload All Log Files To The /var/log/nginx Directory On Your Server Using SFTP Or Your Preferred File Transfer Method.

11.1 Set Nginx Log Directory Permissions

sudo chmod -R 777 /var/log/nginx
12
Final Step - Web Directory Permissions
Run This Command After Uploading All Necessary Web Files.
IMPORTANT : Only Run This Command After Uploading All Necessary Files To The /var/www/html Directory! 
sudo chmod -R 777 /var/www
13
Upload Script Files
Upload The god.sh And ufw.sh Script Files To The Server And Set Proper Permissions.
IMPORTANT : Upload The Provided god.sh And ufw.sh Files To The /root Directory Before Running Permission Commands!
Upload Both Script Files To The /root Directory On Your Server Using SFTP Or Your Preferred File Transfer Method.

13.1 Set Script File Permissions

sudo chmod 777 /root/god.sh
sudo chmod 777 /root/ufw.sh
14
Setup Log Monitor Service
Create And Configure A System Service For Nginx Log Monitoring.

14.1 Create Service File

sudo nano /etc/systemd/system/log-monitor.service
Add The Following Content To The File:
[Unit]
Description=Nginx Log Monitor
After=nginx.service

[Service]
Type=simple
ExecStart=/bin/bash /root/god.sh
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

14.2 Enable And Start Service

sudo systemctl daemon-reload
sudo systemctl enable log-monitor.service
sudo systemctl start log-monitor.service
15
Configure Nginx Service Optimization
Optimize Nginx Service For High Performance And Automatic Restart.

15.1 Edit Nginx Service Configuration

sudo systemctl edit nginx
Add The Following Content To The File:
[Service]
Restart=always
RestartSec=5
LimitNOFILE=65535

15.2 Configure System Limits

sudo nano /etc/security/limits.conf
Add The Following Lines To The End Of The File:
www-data soft nofile 65535
www-data hard nofile 65535
* soft nofile 65535
* hard nofile 65535
root soft nofile 65535
root hard nofile 65535

15.3 Configure PAM Session

sudo nano /etc/pam.d/common-session
Add The Following Line To The End Of The File:
session required pam_limits.so
16
Restart All Services
Restart All Services To Apply All Configuration Changes. 
sudo systemctl daemon-reload
sudo systemctl restart nginx
sudo systemctl restart mysql
sudo systemctl restart php8.1-fpm
Verify That All Services Are Running Properly With : sudo systemctl status nginx mysql php8.1-fpm log-monitor

🎉 Setup Complete!

Deep Guard Server Setup Has Been Completed Successfully.