How To Install Survloop on an Ubuntu 20.04 Server

For now, this installation process has only been tested on a fresh DigitalOcean Droplet of any size with Ubuntu 20.04. Near the bottom of the Create Droplet page, you need to add an SSH Key for the root user — not a password. (The following instructions assume you are using the default SSH Key on your local computer.)

If you plan to associate your installation with a domain name, and want to install an SSL certificate below (with EFF's CertBot), then open up DigitalOcean's Networking tab now. Add your domain for DNS management, with A records for "@" and "www" pointing to your new Droplet's IP address.

It generally seems best to take advantage of DigitalOcean's Managed Databases. It's easiest to create one first, assign your Droplet as a Trusted Source, and create a new database for this installation. The auto-install scripts below assume an external database. The list of All Commands below does include instructions to install a MYSQL server within your new Droplet instead.


In your new server, pull down a copy of the Survloop installation scripts. Then run the first script to create a super user to be used instead of the root account. This will restrict SSH access to your IP, or that of your VPN tunnel.

When prompted, enter your new super user's strong password — and copy it somewhere super duper safe, like a password manager. This first installation script will configure your SSH access to a custom port number. Be sure to securely copy this port number too.

This script includes an installation of Fail2ban, and disables some unneeded networking tools. If you have a YubiKey, then you can optionally enter your token for UFA. Press your YubiKey USB button, and delete all but the first 12 characters for this token. (SSH Public key+MFA with Yubikey on Ubuntu 20.04 LTS)

% ssh root@server.ip.address

# git clone http://github.com/rockhopsoft/install-scripts
# bash install-scripts/src/ubuntu20/survloop/01-create-user.sh
# reboot

Give the server a minute or two to reboot. Then log back into the server with your new super user, and enter sudo mode before running the second script. The second script will install your server's LEMP stack, Laravel, and Survloop.

% ssh superusername@server.ip.address -p custom_ssh_port

$ sudo su

# bash /root/install-scripts/src/ubuntu20/survloop/02-survloop.sh

Midway through the second script, you should press Enter to the defaults for installing PEAR. Then you will need to edit Laravel's root .env file. Enter login info to a secure database:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=survloop
DB_USERNAME=dbuser
DB_PASSWORD=dbpass

To save and overwrite using nano editor, type: [Ctrl+X], [Y], [Return]

Then you can respond to the Advanced Intrusion Detection Environment (AIDE) installation prompts first with the default (Internet Site), and second your server's domain...

General type of mail configuration: Internet Site
System mail name: survloop.org

The last step in this script could take a several minutes, “Running aide --init...”. But if everything went well enough, then you should see a something intentional when opening your server's IP address in your browser.

Create Non-Root User

I'm calling this user survuser, but you can call it anything. This is a summary of Digital Ocean's Initial Server Setup with Ubuntu 20.04.

# ssh root@server.ip.address
$ adduser survuser
$ usermod -aG sudo survuser
$ ufw allow OpenSSH
$ ufw enable

And copy your SSH Key from your root user to your new one:

$ rsync --archive --chown=survuser:survuser ~/.ssh /home/survuser

Then exit as root, and log back in as your non-root user.

$ exit
# ssh survuser@server.ip.address

Install LEMP Stack

This is a summary of How To Install Linux, Nginx, MySQL, PHP (LEMP stack) on Ubuntu 20.04

Run this series of commands, accepting defaults, and confirmations by pressing the Enter key...

$ sudo apt update
$ sudo apt install nginx
$ sudo ufw allow 'Nginx HTTP'
$ sudo add-apt-repository universe
$ sudo apt install php-fpm php-mysql php-mbstring php-xml php-bcmath php7.4-zip php7.4-gd ghostscript

This is a good time to associate your domain with the server, which is described in Step 3 of the tutorial.

$ sudo systemctl reload nginx


Installing MYSQL Server

Only do this is you are not using another Managed Database, like the ones DigitalOcean offers. When you create a MYSQL password, be sure to copy and securely save it.

$ sudo apt install mysql-server
$ sudo mysql_secure_installation
During the MYSQL install, I choose to...
  • n - No thanks, password plugin
  • strong-password - Needs to be copied and saved somewhere safe
  • y - Remove anonymous user
  • y - Disallow root login remotely
  • y - Remove test database
  • y - Reload privelege tables
$ sudo mysql
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'super_strong_password';
mysql> FLUSH PRIVILEGES;
mysql> exit

Setup Server's Domain

Swap out example.com with your domain, if you want to set one up now.

$ sudo nano /etc/nginx/sites-available/example.com

Add the following content, which was taken and slightly modified from the default server block configuration file, to your new server block configuration file (swap out domain):

server {
        listen 80;
        root /var/www/example.com/public;
server_name example.com www.example.com server.ip.address; index index.php index.html index.htm index.nginx-debian.html;

add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";

charset utf-8;

location / {
try_files $uri $uri/ /index.php?$query_string;
}

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }

error_page 404 /index.php;

location ~ .php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}

location ~ /.(?!well-known).* {
deny all;
} }
You can read more about these settings in the original DigitalOcean instructions. Save and close the file. Create a link for it, and remove the default:

$ sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
$ sudo unlink /etc/nginx/sites-enabled/default

You can quickly double-check for any syntax errors by running this:

$ sudo nginx -t

Then reboot Nginx once more:

$ sudo systemctl reload nginx

Test That PHP Is Running (optional)

Create a new file in the default public root:

nano /var/www/example.com/public/info.php

Type "see a bunch of details about your PHP installation, and save the file:

e.g. http://111.111.111.111/info.php

Create Swap File (optional)

If you use DigitalOcean's cheapest and smallest default Droplet, then you will need to create some more temporary memory to complete the install process. This method has worked for me:

$ sudo /bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=1024
$ sudo /sbin/mkswap /var/swap.1
$ sudo /sbin/swapon /var/swap.1

Install Pear & Composer

Run this series of commands, accepting defaults, and confirmations by pressing the Enter key:

$ sudo apt-get install php-pear pkg-config php-xml php7.4-xml php-dev
$ sudo wget http://pear.php.net/go-pear.phar
$ php go-pear.phar
$ sudo apt-get install curl
$ curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

Create A Database

Only perform this step if installing a MYSQL database within this Droplet.

Enable Remote MYSQL Connection (>=v5.7)

$ nano /etc/mysql/mysql.conf.d/mysqld.cnf

Comment out the line for bind-address, set it to 0.0.0.0, or increase security with your own IP address.

Down the line, you might want a GUI to play with your databases. I've enjoyed Sequel Pro.

Give your new SSH connection an appropriate name, and use your Droplet's IP address for the hosts. Copy the MYSQL root password you created while installing the core packages above.

Finally, link your SSH Key in your operating system, "~/.ssh/id_rsa.pub". This can sometimes be challenging since this is a hidden folder which you may need to work to reveal.

 

Once you are connected, use the drop-down in the top-left corner to "Add Database...". Give your database an appropriate name, and write it down for later.

Install Laravel

Run this series of commands, accepting defaults, and confirmations by pressing the Enter key:

$ sudo rm -R /var/www/html/example.com
$ sudo composer create-project laravel/laravel /var/www/example.com 8.0.*
$ sudo chown -R $USER:$USER /var/www/example.com $ cd /var/www/example.com $ composer update $ php artisan key:generate $ nano .env

While editing Laravel's .env file, enter your domain name for the APP_URL, and database connection info:

APP_URL=https://example.com

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=newdatabasename
DB_USERNAME=root
DB_PASSWORD=strongpassword

Finally just clear the cache...

php artisan cache:clear

Install SSL Certificate

Thanks to the EFF's Certbot, you can now get this step down quickly and easily... for free!! Just run these commands:

$ sudo apt-get update
$ sudo snap install --classic certbot
$ sudo certbot --nginx

Not sure this should be needed, but it helped my problems:

$ sudo ufw allow 'Nginx Full'
$ sudo ufw delete allow 'Nginx HTTP'
$ sudo nginx -t
$ sudo systemctl reload nginx






Frequently Update Ubuntu, etc

$ sudo apt-get update
$ sudo apt update && sudo apt dist-upgrade
$ sudo apt install update-manager-core
$ sudo do-release-upgrade
$ composer update
$ php artisan cache:clear