I quickly write up the following in order for me and others who are walking on the same path of running WordPress optimized private server with Linode (LN) and ServerPilot (SP) – perfect match for the highest performance with the lowest server load. Compared with Ramnode, Linode’s server manager offers a lot of more functions from one central place. Ramnode’s free cPanel DNS Server (one for each account) is separate from its server manager and the server’s IP has to be manually added which takes an effort to figure out how it works.
Get a VPS from Linode
(1) Order a VPS from Linode: If you start fresh with Linode, click here and use this promo code DOCS10 at Linode’s website and order the smallest VPS from them – do not start big, stay small. They have a total of 9 locations for their datacenters for you can pick (3 in Asia Pacific, 4 in North America and 2 in Europe). Starting small means more locations to spread your multiple websites. Even later on you want to resize it to a higher configuration, Linode allows you to do that without changing the Server IP and other things – this is nice!
(2) Deploy an Image: Once you place the order, your server will be ready in about a few minutes – you can see this happening within the Linode Manager. Since this is a fresh server, you need to install an operating system by clicking the “Deploy an Image” link. ServerPilot works with Ubuntu Server 16.04 LTS (Long Term Support) – so make sure you pick this – click here to read more about this on SP’s site.
During the process of deploying Ubuntu Server 16.04 LTS image, you will be given a chance to choose a root password – write this down as you will need it later.
Note: With Ramnode, you can also install Ubuntu Server 16.04 LTS but that can only be accomplished via CDROM which means you have to intervene and go through the whole installation process. Ramnode’s image deployment is limited and the highest Ubuntu Server is Ubuntu 14.04 x86_64 Server Minimal.
(3) Reboot Your New VPS: You must do this before you can proceed to the next step.
(4) Install Linode Longview Agent: Longview is a set of tools to display your server’s performance within Linode’s Manager. This step is optional as both Linode and ServerPilot’s control panels already can display some basic graphics about the server. But Longview offers more to display. Note that you need to choose whether to install Longview Agent now or not as once you proceed to the next section of steps, there is no way you can add Longview again later on.
(5) Jot down Your Server IP: Click the “Remote Access” link from your server’s dashboard inside Linode Manager, you will see something like this…
SSH Access ssh firstname.lastname@example.org
The non-bold part is a SSH command to let you login to your server using its IP xx.xxx.xx.xx – you will need this dedicated IP of your server for the next section.
Once you have this IP, you can login to your server via SSH to set hostname, time zone, etc. Please see this article for more info.
Set Up Your New Server with ServerPilot
ServerPilot (SP) is an addon control panel that helps you to manage your sites and databases. Unlike ISPconfig, cPanel, DirectAdmin and many other systems, ServerPilot runs on their own server, which is basically off your server but connects to your server. This way your server runs faster and lighter. Click here to learn more about ServerPilot.
(1) Sign up or Login to ServerPilot: If you do not have an account with them, click here to sign up a free account. If you already have an account with them, login and then click “Servers” and then you will see a green button “+ Connect Server” – click that button to proceed to the next step.
(2) One-Click to Connect Your Server from ServerPilot: You need three things to set up your server with ServerPilot: Your server’s dedicated IP, root password and SFTP password for a user account called “serverpilot” that will be set up during this one-click process. Don’t loose them.
(3) Add Your First App for the Server: ServerPilot setup takes only a minute or two. As soon as this finishes, you can add your domain site as an app – that is how SP calls it. Once you add a new domain site to the system, more setting options can be available to your server. For example, a Linode server may be shown as “localhost” at SP. You can choose to rename it to something like “linode1” or “lnserver1” – it is just a label and will not have any effect on your server.
Upon adding a new app to the server, you are given the chance to install WordPress with one mouse click – you just need to enter the site Title, admin username and password, then SP will set up your WordPress site with the highest database security behind the scene.
(4) Make It Easy to Connect to Your Server: Once SP connects to your server, it does not need the root password anymore. For security reasons, you should change it or disable root login altogether with the SSH public key authentication. The reason is, you now have a new username called “serverpilot” and its password to use for SSH and SFTP logins. SSH public key authentication will allow you to connect easily to your server from the command line without entering a password.
To learn how to do it, click here to read this wonderful article entitle “How to Use SSH Public Key Authentication” at SP site.
(5) Harden Up Your Server Security Further: Make sure you have finished the SSH public key authentication and it truly works without asking you a password for SSH and SFTP login – this means that you test it by opening a new terminal and make sure the SSH login without a password works OK. Then you can edit the ssh configuration file by running this command nano /etc/ssh/sshd_config as superuser to disable root login like this:
Note that even root login is disabled, you can still use the root password for the following command, that is to change from a normal user to the superuser:
To harden the server even more, we can disable the SSH password authentication altogether by running this command nano /etc/ssh/sshd_config as superuser again and make the following section to be like this:
# Change to no to disable tunnelled clear text passwords
After the above is done, you can run the following command as superuser to commit the changes:
service ssh restart
No need to do anything further as ServerPilot has already done it during their one-click setup process.