peteris.rocks

Ubuntu Server Setup

Last updated on

Ubuntu Server 14.04 LTS

Hostname

HOSTNAME=hostname
sudo sed -i "s/127.0.1.1\s+`hostname`/127.0.1.1\t$HOSTNAME/" /etc/hosts  # todo
echo $HOSTNAME | sudo tee /etc/hostname
sudo hostname $HOSTNAME
bash

New user

USER=ubuntu
# create user, its own group and add to the users group
sudo useradd -d /home/$USER -m $USER -g users -s /bin/bash
# doesn't ask for a password for sudo
echo "$USER ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers
# login as user
sudo su - $USER
# change password
# passwd

SSH

You will only be able to log in as a non-root user using public key authentication. The default ssh port is changed from 22 to 9922.

# set up ssh key auth for user
mkdir ~/.ssh && chmod 700 ~/.ssh
echo "ssh-rsa AAAAAAAAAAA" >> ~/.ssh/authorized_keys

# regenerate keys
sudo rm -rf /etc/ssh/ssh_host_*
sudo dpkg-reconfigure openssh-server

# change default port
sudo sed -ie 's/Port.*[0-9]$/Port 9922/gI' /etc/ssh/sshd_config
# disable ipv6
sudo sed -ie 's/#ListenAddress 0.0.0.0$/ListenAddress 0.0.0.0/gI' /etc/ssh/sshd_config
# disable root login
sudo sed -ie 's/PermitRootLogin\s*yes\s*$/PermitRootLogin no/gI' /etc/ssh/sshd_config
# disable password authentication
sudo sed -ie 's/#PasswordAuthentication yes$/PasswordAuthentication no/gI' /etc/ssh/sshd_config
# restart ssh
sudo restart ssh

MOTD

Message of the Day (MOTD) is the welcome message you see when you log into your server.

sudo rm /etc/motd
echo "Welcome to my server" | sudo tee /etc/motd

Timezone

echo "UTC" | sudo tee /etc/timezone
sudo dpkg-reconfigure --frontend noninteractive tzdata

NTP

sudo apt-get install ntp -y

# disable ipv6
echo "NTPD_OPTS='-4 -g'" | sudo tee /etc/default/ntp
sudo sed -ie 's/restrict -6/#restrict -6/gI' /etc/ntp.conf
sudo sed -ie 's/restrict ::1/#restrict ::1/gI' /etc/ntp.conf
sudo service ntp restart

Swap

sudo fallocate -l 4G /swapfile
sudo chown root:root /swapfile
sudo chmod 0600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo " /swapfile       none    swap    sw      0       0" | sudo tee -a /etc/fstab
echo vm.swappiness = 10 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p

Disable IPv6

echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

# check running services
sudo netstat -nlput

ulimits

TODO

Update

sudo sed -i "s/us\.archive\.ubuntu/mirrors.digitalocean/g" /etc/apt/sources.list
sudo apt-get update
sudo apt-get dist-upgrade -y
sudo apt-get autoremove -y

# misc utilities
sudo apt-get install screen tmux htop unzip git -y

Firewall

sudo apt-get install iptables-persistent -y
sudo iptables -I INPUT 1 -i lo -j ACCEPT
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d 1.2.3.4 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 9922 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1234 -s 1.2.3.4 -j ACCEPT
sudo iptables -A INPUT -j REJECT
sudo iptables-save > /etc/iptables/rules.v4

node.js

curl -sL https://deb.nodesource.com/setup_5.x | sudo -E bash -
sudo apt-get install -y nodejs

nginx

sudo add-apt-repository ppa:nginx/stable -y # or development
sudo apt-get update
sudo apt-get install nginx -y

MySQL

sudo add-apt-repository ppa:ondrej/mysql-5.6 -y
sudo apt-get update
# todo: debconf
sudo apt-get install mysql-server -y
sudo mysqladmin -u root password XXXXXXX

PHP

sudo add-apt-repository ppa:ondrej/php5 -y
sudo apt-get update
sudo apt-get install php5-fpm php5-cli php5-mysql php5-xcache -y

Mono

curl -s http://download.mono-project.com/repo/xamarin.gpg | sudo apt-key add -
echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/xamarin.list
sudo apt-get update
sudo apt-get -y install mono-complete

Pypy

sudo apt-get install python-software-properties software-properties-common -y -f
sudo add-apt-repository ppa:pypy/ppa -y
sudo apt-get update
sudo apt-get install pypy -y
sudo apt-get install python-pip python-dev build-essential -y
sudo pip install boto configobj --upgrade
sudo apt-get install libmysqlclient-dev python-dev -y
sudo pip install mysql-python --upgrade

Java

sudo apt-get install -y python-software-properties debconf-utils
sudo add-apt-repository -y ppa:webupd8team/java
sudo apt-get update
echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | sudo debconf-set-selections
sudo apt-get install -y oracle-java8-installer