Skip to main content

Debian

Environment used for this tutorial: Debian 12/x86_64

Disabling UFW

First disable the ufw firewall

ufw disable

Installing Nginx

For Nginx installation, we use the official Nginx DEB source.

Install the necessary software

apt install curl wget gnupg2 ca-certificates lsb-release sudo

Add the official Nginx PGP Key

curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

Write the official Nginx source configuration to nginx.list

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list

Set the official Nginx sources to have higher priority than the system built-in sources

echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx

Then update the APT cache

apt update

Install Nginx

apt install nginx

Finally, start the Nginx service and set it to boot up.

systemctl start nginx
systemctl enable nginx

Installing PHP

Debian 12 (bookworm) comes with an older version of PHP, so we'll install it using the PHP repository at packages.sury.org/php

To add the Debian DPA for packages.sury.org/php, you can follow these steps:

1.Import the repository’s GPG key:

wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg

2.Add the repository to your system’s software sources:

echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list

3.Update your package lists:

apt update

Then install the required PHP modules

apt install php8.3-{bcmath,bz2,cli,common,curl,fpm,gd,igbinary,mbstring,mysql,opcache,readline,redis,xml,yaml,zip}

Start the php-fpm service and set it to boot

systemctl start php8.3-fpm
systemctl enable php8.3-fpm

Installing MariaDB

MariaDB comes with a comprehensive DEB repository, just like the Nginx repository, so we need to install the necessary packages and import the GPG key.

apt install apt-transport-https curl
mkdir -p /etc/apt/keyrings
curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp'

Edit the /etc/apt/sources.list.d/mariadb.sources file and write the following configuration to it

X-Repolib-Name: MariaDB
Types: deb
URIs: https://deb.mariadb.org/11.4/debian
Suites: bookworm
Components: main
Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp

Update the APT cache

apt update

Install MariaDB 11.4

apt install mariadb-server

Start the MariaDB service and set it to boot

systemctl start mariadb
systemctl enable mariadb

Run the initial setup of MariaDB

mariadb-secure-installation

Installing Redis

NeXT-Panel relies on Redis for many of its functions, so you need to install redis-server.

Import the GPG Key

curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg

Write the official Redis source configuration to redis.list

echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list

Update the APT cache

apt update

Install redis-server

apt install redis

Start the redis-server service and set it to start at boot time

systemctl start redis-server
systemctl enable redis-server

Deploying the NeXT Panel

The first thing to do is to change the user that Nginx is running under, the default is nginx, and you need to change it to www-data.

Change the user in /etc/nginx/nginx.conf from

user nginx;

to

user www-data;

Add the Nginx vhost file

nano /etc/nginx/conf.d/website-domain-you-set.conf

Then write the following configuration, taking care to change the path to the website files and the website domain name

server {  
listen 80;
listen [::]:80;

root /path/to/your/site/public; # your site file path + /public
index index.php;
server_name example.com # The domain name of the site you're setting up.

location / {
try_files $uri /index.php$is_args$args;
}

location ~ \.php$ {
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_pass unix:/run/php/php-fpm.sock;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
}
}

Restart Nginx

systemctl restart nginx

Once the web hosting setup is complete, go to the root folder of the website you setup and execute the following command:

wget https://github.com/SSPanel-NeXT/NeXT-Panel/releases/download/24.5.1/NeXT-Panel-24.5.1.zip
unzip NeXT-Panel-24.5.1.zip .

The NeXT-Panel-24.5.1.zip in this case represents the latest released version of the NeXT-Panel, you should replace the version number with the latest one in the Release page.

Then set the overall permissions for your web directory

chmod -R 755 *
chown -R www-data:www-data *

Then we start the database part of the creation operation by first logging into MariaDB Server

mariadb -u root -p

Enter the password you just set during installation and create a database with the encoding utf8mb4_unicode_ci and any name you want, using sspanel as an example.

MariaDB [(none)]> CREATE DATABASE sspanel CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

Then create a local database user and restrict the user's privileges to the newly created database, using sspanel as the user name and sspanel-password as the user's password.

MariaDB [(none)]> CREATE USER 'sspanel'@'localhost';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON sspanel.* TO 'sspanel'@'localhost' IDENTIFIED BY 'sspanel-password';
MariaDB [(none)]> FLUSH PRIVILEGES;

Next, edit the site configuration file to include the database connection information you just set up, and then read the rest of the configuration instructions to customize the site.

cp config/.config.example.php config/.config.php
cp config/appprofile.example.php config/appprofile.php
nano config/.config.php

Next, perform the following site initialization setup

php xcat Migration new
php xcat Tool importSetting
php xcat Tool createAdmin
sudo -u www-data /usr/bin/php xcat ClientDownload

NeXT-Panel relies on the Maxmind GeoLite2 database to provide IP geolocation information, first you need to configure the maxmind_account_id and maxmind_license_key options in config/.config.php and then execute the following command:

php xcat Tool updateGeoIP2

Use crontab -e command to configure cron job for the panel:

*/5 * * * * /usr/bin/php /path/to/your/site/xcat Cron

Improving System Security and Performance

Disable some dangerous PHP Functions

sed -i 's@^disable_functions.*@disable_functions = passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,readlink,symlink,popepassthru,stream_socket_server,fsocket,popen@' /etc/php/8.3/fpm/php.ini
sed -i 's@^disable_functions.*@disable_functions = passthru,exec,system,chroot,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_restore,dl,readlink,symlink,popepassthru,stream_socket_server,fsocket,popen@' /etc/php/8.3/cli/php.ini

You need to restart the PHP-FPM service after modifying it.

systemctl restart php8.3-fpm

Enable OPcache and JIT

In /etc/php/8.3/fpm/conf.d/10-opcache.ini add the following configuration

zend_extension=opcache.so
opcache.file_cache=/tmp
opcache.interned_strings_buffer=64
opcache.jit=on
opcache.jit_buffer_size=256M
opcache.max_accelerated_files=65535
opcache.memory_consumption=512
opcache.revalidate_freq=60
opcache.validate_permission=on
opcache.validate_root=on

You also need to restart the PHP-FPM service after modifying it.

systemctl restart php8.3-fpm