Debian 9 Server Basics: From Install to WordPress

I still remember my first Debian 9 server setup.
I thought, “How hard can it be?” Installed it, rebooted… and then spent an hour wondering why I couldn’t even apt-get install anything because my repo wasn’t set, time was wrong, and SSH wasn’t installed.

If you’re in that boat right now, this guide is for you.

This is a practical, step-by-step walkthrough based on a Debian 9 server tutorial series: from install, network, and repos, all the way to Apache/Nginx, MariaDB, PHP, WordPress, SSL, and backups.
I’ll keep it focused, so you can get a working server without drama.


1. Decide Your Debian 9 Install Type

This affects anyone about to install Debian 9 for use as a server.
You basically have two main options mentioned in the series:

  • Install Debian 9 Desktop
  • Install Debian 9 Minimal Server

For a production server, minimal server is usually safer.
Less bloat, less attack surface, fewer updates to worry about.
Desktop install is fine if this is a lab box or you really want a GUI.

Use an official Debian mirror, verify the ISO, and keep a local copy so you don’t re-download for every reinstall.

Basic install flow:

  1. Download the correct Debian 9 ISO.
  2. Write it to USB (e.g. with Rufus/Etcher on your main machine).
  3. Boot from USB and run through the installer.
  4. For server use, choose minimal packages where possible.

Once you’re done, you should have a booting Debian 9 machine, either with a desktop or just a console.


2. Initial Checks: Version, Repos, and Network

After install, don’t rush into Apache or WordPress.
Get the basics solid first: version, repository, and networking.

Check Debian Version

Always confirm what you’re actually running before following any guide.
This helps you avoid copy-pasting wrong instructions later.

Set Debian 9 Repositories

If your repository is not configured correctly, apt will fail or be outdated.

For a safe workflow:

  1. Backup the current sources list:
  2. Make a copy of /etc/apt/sources.list before editing.
  3. This lets you roll back if you break it.
  4. Configure repositories for Debian 9.
  5. Run an update to test:
  6. If apt-get update runs cleanly, you’re good.

Configure Network

For most small servers:

  • Set a static IP on your server.
    Dynamic IP for a server is asking for trouble when services suddenly move.
  • Make sure gateway and DNS are correct.
  • Test with ping (local network, then outside, like ping to a known host).

If you’re using virtual machines or complex network lab:

  • Configure virtual network interfaces as described in the series.
  • This is handy for hosting multiple networks on one NIC or for lab VLANs.

Only move on once:

  • You can resolve hostnames.
  • apt-get update works.
  • You can reach the server by IP from your local machine.

3. Basic Server Hardening: SSH, Users, Time

Next in the series: SSH, users, and time zone/NTP.
This is the boring part, but it saves you headaches later.

Install SSH Server

You want SSH so you don’t have to sit at the physical console all day.

Basic idea:

  1. Install the SSH server package.
  2. Confirm the service is running.
  3. Test login from another machine using an SSH client.

Safety tips:

  • Don’t expose SSH to the internet without at least strong passwords.
  • For production, use key-based auth and non-default ports if needed.

Create a Non-Root User

Never live in root.

Steps you’ll generally follow:

  1. Add a new user.
  2. Set a strong password.
  3. Add the user to appropriate groups (for sudo/admin work, if configured).
  4. Log out of root and start using this normal user.

This reduces accidental rm -rf / type disasters.

Time Zone and NTP Client

Time matters for logs, SSL, cron, and debugging.

Basic flow:

  1. Set the correct time zone for your region.
  2. Enable and configure an NTP client so time syncs automatically.
  3. Confirm that the system clock is correct.

Don’t skip this.
Wrong time can break SSL certificates and confuse log analysis.


4. File Sharing and Access: Samba, NFS, FTP

Samba Server

Use Samba if you have Windows clients.

Typical pattern:

  1. Install Samba packages.
  2. Configure shares in the Samba config file.
  3. Set permissions on shared directories.
  4. Add Samba users if needed.
  5. Test access from Windows.

Be careful with permissions:

  • Don’t share system directories.
  • Use dedicated directories with controlled access.

NFS Server

Use NFS if you have Linux/Unix clients on a LAN.

Basic idea:

  1. Install NFS server.
  2. Define export paths and allowed clients.
  3. Set directory ownership and permissions.
  4. Reload/export configuration.
  5. Mount from client and test.

Keep it on a trusted network.
NFS is usually for internal use, not over the public internet.

FTP Server with vsftpd

FTP is older but still used for some workflows.

Steps usually go like this:

  1. Install vsftpd.
  2. Configure authentication and access modes (anonymous vs local users).
  3. Restrict access to home directories or specific folders.
  4. Test using an FTP client.

Again: be strict with permissions.
For modern sites, SFTP (over SSH) is usually safer than plain FTP.


5. Web Stack: Apache, Nginx, MariaDB, PHP, DNS

You don’t have to install everything, but here’s how I’d approach it.

Choose a Web Server: Apache or Nginx

Apache and Nginx are both covered.
Many WordPress setups start with Apache because .htaccess is familiar.
Nginx is also great, especially as a reverse proxy.

Basic pattern for each:

  1. Install the web server.
  2. Confirm it’s running (check service status and open in a browser).
  3. Set up your document root and a simple test page.
  4. Configure virtual hosts / server blocks for your domain(s).

Test locally first (via IP or hosts file) before changing public DNS.

Install MariaDB (Database Server)

MariaDB is a drop-in replacement for MySQL in most use cases.

Flow usually looks like:

  1. Install MariaDB server and client packages.
  2. Secure the installation (set root password, remove test DB, etc.).
  3. Create a database and user for your application (e.g. WordPress).
  4. Test connection from the server.

Always use unique database users per app.
Don’t reuse the root DB user for your websites.

Install PHP

This is required for WordPress and many web apps.

Basic steps:

  1. Install PHP and required extensions (e.g. for databases, image handling, etc.).
  2. Ensure PHP is correctly connected to Apache or Nginx.
  3. Apache: usually via mod_php.
  4. Nginx: typically via PHP-FPM.
  5. Create a small phpinfo test file in your web root.
  6. Visit it in the browser to confirm PHP is executing.

Remove that phpinfo file once you’re done; it leaks environment info.

DNS Server

Running your own DNS is more advanced but useful for LAN labs or self-hosted zones.

Expected flow:

  1. Install a DNS server package.
  2. Configure zones and records for your domains.
  3. Point your local machines’ DNS to this server.
  4. Test with tools (dig, nslookup) from clients.

For public-facing DNS, you usually use a registrar/hosting DNS.
A local DNS server is great for internal development environments.


6. WordPress, SSL, Nextcloud, Remote Desktop, Backups

Once your base stack is ready, now we hit the real world apps.

Install WordPress on Debian 9

This guide builds on Apache/Nginx + PHP + MariaDB.
Typical sequence you’ll follow:

  1. Create a database and user for WordPress in MariaDB.
  2. Download WordPress and place it in your web root.
  3. Set correct file permissions and ownership (web server user).
  4. Configure your virtual host / server block for the domain.
  5. Run the WordPress web installer and fill DB details.

Safety notes:

  • Don’t leave wp-config-sample.php or leftover install files.
  • Keep permissions as tight as possible while allowing updates.

Let’s Encrypt SSL Wildcard

Wildcard certificates cover *.domain.com under one cert.

General flow:

  1. Use an ACME client (like Certbot) that supports wildcard.
  2. Complete DNS-based validation (TXT records in your DNS).
  3. Install the certificate on Apache/Nginx.
  4. Update your virtual hosts/server blocks to use HTTPS.

Always make a backup of your web server config before editing.
One misplaced semicolon or directive can take all sites down.

Nextcloud Server

Nextcloud is your self-hosted file sync and share platform.

Combined stack usually requires:

  1. Web server (Apache or Nginx) + PHP.
  2. Database (MariaDB).
  3. Nextcloud code in a dedicated directory.
  4. Configured virtual host with proper PHP settings.

Useful as a private cloud for your team or family.
Keep storage and backup in mind from day one.

Remote Desktop Server

This is useful if you installed the desktop version or you need GUI access.

Flow usually is:

  1. Install remote desktop server software.
  2. Allow incoming connections (check firewall if in use).
  3. Configure user access.
  4. Connect from a client using an RDP/VNC-like tool.

Use strong passwords and consider VPN if exposed over the internet.
Remote desktop open to the world is a magnet for brute-force attempts.

Backups: Website and Database

This one is critical and too many people only learn it after losing data.

You should back up at least:

  • Website files (WordPress folder, uploads, etc.).
  • Databases (MariaDB dumps).

Safe habit:

  1. Stop writing operations if possible (or schedule during low traffic).
  2. Dump databases to files.
  3. Archive website directories.
  4. Copy backups off the server (remote storage, another VPS, NAS).
  5. Test restore on a staging server occasionally.

A backup you never tested is just a hopeful zip file.


7. Putting It All Together Without Losing Your Mind

There’s a lot in that Debian 9 series, but you don’t need everything at once.
Here’s a simple order that works well for most small WordPress/Nextcloud setups:

  1. Install Debian 9 (minimal server preferred).
  2. Set repositories, network, SSH, users, and time/NTP.
  3. Install and configure your web server (Apache or Nginx).
  4. Install MariaDB and PHP.
  5. Install WordPress and/or Nextcloud.
  6. Add SSL (Let’s Encrypt wildcard if needed).
  7. Add Samba/NFS/FTP only if you truly need them.
  8. Set up regular website + database backups.

Whenever you’re changing configs:

  • Backup the file first.
  • Make small changes.
  • Reload/restart services and test immediately.

That approach has saved me from more than a few self-inflicted outages.

If this worked for you, keep CrushEdge handy for the next fix.

No Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.