Digital Ocean - steps
Initial Server Setup with Ubuntu 16.04
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
Purpose: To increase the security and usability of your server.
You need ip address of your server & password.
1. Create a New User to prevent using ROOT everyday
ROOT is too powerful to use everyday.
$ ssh root@your_server_ip // login as root
$ adduser UserName
$ usermod -aG sudo UserName // add user to sudo group
2. Add Public Key Authentication
set up public key authentication for your new user.
$ ssh-copy-id UserName@your_server_ip
3. Disable Password Authentication
New user can only use SSH keys to log in, not password.
sudo nano /etc/ssh/sshd_config
# in `sshd_config`
PasswordAuthentication no
# the following lines are needed, but they should already be a default.
PubkeyAuthentication yes
ChallengeResponseAuthentication no
4. Test
Test it before you logout!!!
Open new command line and try to login again.
$ ssh UserName@your_server_ip
5. Set Up a Basic Firewall
Ubuntu 16.04 servers can use the UFW firewall to make sure only connections to certain services are allowed.
UFW: Uncomplicated Firewall, is a front-end to iptables.
Firewall denies traffic to every port except for ports/services you have approved.
# see a list of allowed connections.
$ sudo ufw app list
# check status
$ sudo ufw status
# add service to ufw
$ sudo ufw allow OpenSSH
$ sudo ufw enable
# SSH - port 22
$ sudo ufw allow ssh
# conventional HTTP web server - port 80
$ sudo ufw allow 80/tcp
# web server with SSL/TLS enabled - port 443
$ sudo ufw allow 443/tcp
# SMTP email enabled - port 25
$ sudo ufw allow 25/tcp
# review your selections
$ sudo ufw show added
# If everything looks good, you can enable the firewall by:
$ sudo ufw disable
$ sudo ufw enable
https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands
When needing IP restriction: sudo ufw allow from 192.168.255.255
.
6. Configure Timezones and Network Time Protocol
https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-12-04
It may begin to cause issues if the virtual server has to work with external machines.
Emails sent out from a misconfigured server may arrive 3 minutes in another.
users granted access only at certain times of the day, may find themselves blocked because of a time mismatch.
Servers can be synced using the NTP protocol.
ntp daemon: automatically, slowly shift the server clock to match.
To run
ntpdate
which automatically matches the time.ntpdate
is not an action that should be taken regularly, but one time only.
# Configure Timezones
$ sudo dpkg-reconfigure tzdata
# Configure NTP Synchronization
$ sudo apt-get update
$ sudo apt-get install ntp
7. create swap
see swap section.
8. Take a Snapshot of your Current Configuration
case by case scenario.
SWAP
https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04
To increase the responsiveness of your server and guarding against out of memory errors => to add some swap space.
Swap = an area on a HD that can temporarily store data when RAM is no longer sufficient for data.
Use Swap on spinning HDs, not SSD. (SSD will be degraded by Swap.)
Check information
# shows system memory usage
$ free -m
# available space
$ df -h
Suggested Swap sapce ~= 1 ~ 2 * RAM
Create a Swap File
# allocate 4G for SWAP
$ sudo fallocate -l 4G /swapfile
# check status
$ ls -lh /swapfile # => -rw-r--r--
# SWAP should only be used by system
$ sudo chmod 600 /swapfile
$ ls -lh /swapfile # => -rw-------
# set up the swap space
$ sudo mkswap /swapfile
# enable SWAP
$ sudo swapon /swapfile
# check
$ free -m
Make the Swap File Permanent
...
Last updated
Was this helpful?