Skip to content

Instantly share code, notes, and snippets.

@shuoros
Last active February 17, 2024 08:49
Show Gist options
  • Save shuoros/c64e0c82688859d1d728baa79844e2fd to your computer and use it in GitHub Desktop.
Save shuoros/c64e0c82688859d1d728baa79844e2fd to your computer and use it in GitHub Desktop.
A comprehensive guide to setting up and configuring an ubuntu server

Hello Ubuntu

As you buy a new ubuntu serve from any provider they gave you an IP and an intial password. To login to your server run this command on your local machine:

ssh root@<IP>

Then your system will ask you if you are sure to connect to this server, which you must answer yes. After establishing the first connection, the server will ask you to enter a new password for the server. You can generate a random password from here

Setup Security

User

If you are not given root access, skip this step

Why is it bad to log in as root?

It defeats the security model that's been in place for years. Applications are meant to be run with non-administrative security (or as mere mortals) so you have to elevate their privileges to modify the underlying system. For example, you wouldn't want that recent crash of Rhythmbox to wipe out your entire /usr directory due to a bug. Or that vulnerability that was just posted in ProFTPD to allow an attacker to gain a ROOT shell. It's just good practice on any operating system to run your applications on a user level and leave administrative tasks to the root user, and only on a per-need basis. source

Create new User

Use the adduser command to add a new user to your system:

adduser <name>

Note: Replace <name> with the name you want

You will be prompted to create and verify a password for the user.

Next, you’ll be asked to fill in some information about the new user. It is fine to accept the defaults and leave this information blank.

At the end use the usermod command to add the user to the sudo group:

usermod -aG sudo <name>

Now you can log into your server with your new user:

ssh <name>@<IP>

Avoid being prompted for a password by sudo

!!!You are responsible for the consequences of implementing this command. Please make sure that absolutely no one else has access to your computer except you!!!

In terminal run the visudo command to edit the sudoers file:

visudo

And add the following line to the sudoers list

<name> ALL = NOPASSWD : ALL

Login with SSH-Key

Generate new Key pair

If you currently do not have an SSH Key on your machine you can generate it with this command:

ssh-keygen

You will be asked if you want to choose a password for your key. If you wish, assign a password to it, otherwise leave it blank.

At the end copy your public key to your server:

ssh-copy-id -i ~/.ssh/id_rsa.pub <name>@<IP>

Then enter your password for the last time and from now on you can login to your server without password.

Disable root login

In this step, you will edit the sshd_config file to disable the root login and then restart the sshd daemon to read the configuration after the modifications.

Open the file sshd_config located in the /etc/ssh directory:

sudo nano /etc/ssh/sshd_config

Review the file, looking for the PermitRootLogin line:

PermitRootLogin yes

Change the value of the key PermitRootLogin from yes to no.

Save and close the file.

Next, you will restart the sshd daemon to read the configuration after the modifications you just made.

Use the following command to restart the daemon:

sudo systemctl restart sshd

Firewall

Firewalld is installed by default on some Linux distributions. However, it may be necessary for you to install firewalld yourself:

sudo apt install firewalld

Then enable the firewall service so it will start up automatically at boot:

sudo systemctl enable firewalld

Then verify that the service is running and reachable:

sudo firewall-cmd --state

output:

running

Allow traffic of http and https for interfaces in the “public” zone for this session by typing:

sudo firewall-cmd --zone=public --permanent --add-service=http
sudo firewall-cmd --zone=public --permanent --add-service=https
sudo firewall-cmd --reload

You can verify that this was successful by:

sudo firewall-cmd --zone=public --permanent --list-services

output:

dhcpv6-client http https ssh

Nginx

Install Nginx by typing the following yum command:

sudo apt install nginx

Then enable the nginx service so it will start up automatically at boot:

sudo systemctl enable nginx

Git

sudo add-apt-repository ppa:git-core/ppa
sudo apt update
sudo apt install git

Docker

https://docs.docker.com/engine/install/ubuntu/

Fix Docker Permission Denied

  1. Enter the command below to create the docker group on the system
sudo groupadd -f docker
  1. Type the following usermod command to add the active user to the docker group.
sudo usermod -aG docker $USER
  1. Apply the group changes to the current terminal session by typing:
newgrp docker

Java

https://sdkman.io/install

Node.JS

https://tecadmin.net/how-to-install-nvm-on-ubuntu-20-04/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment