Ubuntu 18.04 in Azure – Pt. 3: Virtual Hosts

Create a new directory.
sudo mkdir /var/www/<yourdomain>
sudo chown -R $USER:$USER /var/www/<yourdomain>

Make a placeholder webpage in HTML.
sudo nano /var/www/<yourdomain>/index.html
<html>
<head>
<title>Welcome to Your_Domain!</title>
</head>
<body>
<h1> Success! The your_domain server block is working!</h1>
</body>
</html>

Make a new Apache configuration file.
sudo nano /etc/apache2/sites-available/<yourdomain>.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName <yourdomain>
ServerAlias www.<yourdomain>
DocumentRoot /var/www/<yourdomain>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

sudo a2ensite <yourdomain>.conf
sudo a2dissite 000-default.conf
sudo systemctl restart apache2

Ubuntu 18.04 in Azure – Pt. 2: LAMP

Now that we’re sufficiently protected from all the bad h4x0r5 in the world, it’s time to install Apache, MySQL, and PHP for our upcoming (and obviously already completed) WordPress install.

sudo apt install apache2 -y
sudo ufw allow in “Apache Full”

Be sure, at this point, to create a firewall rule in Azure> Networking to enable inbound communication on 80 and 443.

Once Apache is installed and allowed to communicate, it is time to install MySQL.

sudo apt install mysql-server -y
sudo mysql_secure_installation
VALIDATE PASSWORD PLUGIN=Y
Create applicable password as prompted.
Press Y and <enter> for remaining prompts.
sudo mysql
mysql> ALTER user ‘root’@’localhost’ IDENTIFIED WITH mysql_native_password BY ‘<new very secure password>’
mysql> FLUSH PRIVILEGES
mysql> exit

Last but not least, time to install PHP.

sudo apt install php libapache2-mod-php php-mysql
Move index.php to the first position after DirectoryIndex within /etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c>
DirectoryIndex
index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>

sudo systemctl restart apache2

FIN. I love LAMP.

Image result for I love LAMP

Ubuntu 18.04 in Azure – Pt. 1: Setup and A/V

Getting this server running this blog I’m typing on now was the culmination of a few different blogs scattered around the good ol’ interwebz. This will be my combination of the steps to achieve where I am today.

Step 1 – Create Azure VM

Not going to spoonfeed creating a virtual machine in Azure. There are plenty of other blogs around for that.

This VM is using the default recommendation of 2vCPU, 8GB of RAM with 30GB HDD. I did select HDD to help reduce costs for the VM seeing as it is just a blog, largely static.

I selected Ubuntu 18.04 as the OS to install and allowed SSH, 22, inbound from everywhere initially using the Setup Wizard.

Rather than mess with IP-based access rules, since I am on a dynamic IP, I choose to just disable SSH whenever I am not actively using it. This also helps to completely eliminate brute-force risks.

As another tinfoil-hat-esque security measure, create a custom non-root username that is equally difficult to guess as its password; assuming you’re not using certificate-based SSH.

Step 2 – Update Ubuntu 18.04

In true Microsoft fashion, like Windows 10 telling you “looking for updates…installing updates” then greeting you with a Feature Update on first boot, a new Ubuntu 18.04 server still requires updates. Run the obligatory sudo apt update && upgrade -y command and let it run. Go grab a coffee…or a cider!

Downeast Original Blend Cider

Step 3 – Install A/V

Seeing as I do work for ESET, and they are the ones footing the bill for this Azure instance, I would be remiss if I did not install our newest release for testing. That way I can say these resource I’m hogging for my new, top-of-the-charts blog are “for research purposes”. #GameTheSystemKids

wget https://download.eset.com/com/eset/apps/business/era/agent/latest/agent-linux-x86_64.sh
chmod +x ./agent-linux-x86_64.sh
sudo ./agent-linux-x86_64.sh \
–skip-license \
–hostname=<ESMC FQDN Here> or <ESMC IP Here>
\
–port=2222 (default, change accordingly) \
–webconsole-user=Username \
–webconsole-password=Password \
–webconsole-port=2223 (default, change accordingly)


If all values are correct, confirm the server-provided certificate and complete the install of the management agent.

Since ESET File Security for Linux 7.x is not yet released to the installation repository, we must install it manually.
wget https://download.eset.com/com/eset/apps/business/efs/linux/latest/efs.x86_64.bin
chmod +x ./efs.x86_64.bin
sudo ./efs.x86_64.bin

Complete the install as prompted. Make note of the provided Username:Password combination at completion of install. Due to a known issue, the password cannot be changed by policy so definitely make a note of it. The password can be changed locally within the WebUI after install but you need that initial password for first-time login.

That’s it for Part 1.