Serving The Planet

My Best Practices Ubuntu 14.04 LTS Server Configuration at TransIP VPS

ubuntu-server-14-ltsRight … thus far things seem to work rather stable. Time for a little update how exactly I solved the WordPress Internal Server Error“-issue on my own self-hosted blog, as I dare to write a blogpost about it without the platform crashing Long answer very short: set up my own Linux webserver to bypass RAM limits of IC hosting. As running a WordPress site with 90+ plugins requires a different strategy

My Best Practices Server Configuration

And this is *not* a step-by-step guide, but rather a Best Practices log for personal purposes. Although other people might benefit from it too. As it took me 3 weeks to compile and get to the bottom of certain interesting issues.


correct file permissions:

File System Tweaks

  • swap file tweak: vm.swapiness=10 /etc/sysctl.conf
  • SSD tweaks: noatime in /etc/fstab
    tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0

Webmin installation

vi /etc/apt/sources.list
deb sarge contrib
deb sarge contrib
apt-get update
wget -q -O-  | sudo apt-key add -
apt-get update
apt-get install webmin
service apache2 restart

Firewall configuration

Simple iptables script

apt-get install iptables-persistent

Create firewall configuration script

iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
for i in `curl`; do iptables -I INPUT -p tcp -s $i --dport http -j ACCEPT; done
for i in `curl`; do iptables -I INPUT -p tcp -s $i --dport https -j ACCEPT; done
iptables -A INPUT -p tcp --dport http -j DROP
iptables -A INPUT -p tcp --dport https -j DROP
iptables -I INPUT 1 -p tcp --dport 22  -j ACCEPT
iptables -I INPUT 2  -p tcp --dport 10000 -j ACCEPT
iptables -P INPUT ACCEPT
iptables -A  INPUT -j DROP
invoke-rc.d iptables-persistent save

Additional notes:

  • Don’t bother to hack into port 22 of 10000. Obviously changed those to custom ports that I’m not going to disclose.
  • when you’re not using CloudFlare? You might want to add in these:
    iptables -I INPUT 3 -p tcp --dport 443 -j ACCEPT
    iptables -I INPUT 4 -p tcp --dport 80 -j ACCEPT
  • don’t forget to save your iptables, otherwise at a server reboot you will lose all settings.


Double check:

iptables -L --line-numbers
iptables -S


Enable Curl

Required by many Apps & WP Plugins

apt-get install php5-curl

EWWW image optimizer required apps:

apt-get install imagemagick php5-imagick
apt-get install libjpeg-progs
apt-get install graphicsmagick
apt-get install gifsicle
wget &&\
tar -xf pngout-20150319-linux.tar.gz &&\
rm pngout-20150319-linux.tar.gz &&\
cp pngout-20150319-linux/x86_64/pngout /bin/pngout &&\
rm -rf pngout-20150319-linux

also checkout:

Monitoring apps

apt-get install htop
apt-get install iotop

Install PHP cache

(might cause conflicts with W3 WP cache)

edit /etc/php5/apache2/php.ini

and change: “;opcache.enable=0” to “opcache.enable=1”

php5enmod opcache
service apache2 restart

Install PECL / Pear

Required for WordPress SSH FTP:

apt-get install php-pear
apt-get install php5-dev
apt-get install libcurl3-openssl-dev
apt-get install libpcre3-dev
apt-get install zlib1g-dev
apt-get libcurl4-openssl-dev
apt-get libevent-dev
pecl install pecl_http
vi /etc/php5/cli/php.ini

mind you! not /etc/php5/apache2/php.ini … or do both when in doubt. I know phpinfo uses apache2 but for this to work properly it has to be /etc/php5/cli/php.ini at first.

You might also like:   The Best 15 Teamviewer Alternatives of 2021 incl. Zoom User Review
add “"
add ""
add ""

Restart apach again to make php5 loads properly. Then add the same lines to /etc/php5/apache2/php.ini


  • “upload_max_filesize=2MB” to 32MB … affects other uploads
  • “post_max_size=8M” to 32MB .. affects wordpress xml uploads
  • “zlib.output_compression = off” to on
  • “zlib.output_compression_level = -1” to 9
  • upload_tmp_dir = /tmp
apt-get purge php5-apcu

Tune MySQLd

apt-get install mysqltuner

Troubleshooting commands

  • htop
  • top
  • oistat mhx 2 # apt-get install sysstat
  • ltrace -p PID # trace library calls
  • strace -p PID # trace system calls
  • vmstat 2
  • tail /var/log/apache2/error.log #

mod_cloudflare for apache:

NTP: Synchronize system clock

apt-get install ntp ntpdate ntp-doc
sudo ntpdate
sudo service ntp start

Leap second bug:

Security Hardening Best Practices

Speed up static resources:

Troubleshooting Bibliography

PhpMyAdmin 404

Server load / Browser Socket issues

W3TC issues

and might add upon this article later …

About Earnie Rhyker

tech pioneer | intellectual BadAss | ethical lifehacker | WordPress developer & Polyglot | information activist | blogger | added value services provider | multimedia enthusiast | senior linux server administrator | geek | bitcoin investor | laptop entrepreneur | tech support guru | open source contributor | hackintosh fanatic | charity donator | accredited top MLM networker & internet marketer 2014-2016 @ BFH | Growth Hacker

View All Posts

, , ,

Serving The Planet
Scroll Up
error: Content is DCMA protected !!