search

Digital Ocean - steps

hashtag
Initial Server Setup with Ubuntu 16.04

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04arrow-up-right

https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-ubuntu-14-04-serversarrow-up-right

Purpose: To increase the security and usability of your server.

You need ip address of your server & password.

hashtag
1. Create a New User to prevent using ROOT everyday

ROOT is too powerful to use everyday.

$ ssh root@your_server_ip // login as root

$ adduser UserName
$ usermod -aG sudo UserName // add user to sudo group

hashtag
2. Add Public Key Authentication

set up public key authentication for your new user.

$ ssh-copy-id UserName@your_server_ip

hashtag
3. Disable Password Authentication

New user can only use SSH keys to log in, not password.

hashtag
4. Test

Test it before you logout!!!

Open new command line and try to login again.

hashtag
5. Set Up a Basic Firewall

https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-serverarrow-up-right

Ubuntu 16.04 servers can use the UFW firewall to make sure only connections to certain services are allowed.

UFW: Uncomplicated Firewall, is a front-end to iptables.

Firewall denies traffic to every port except for ports/services you have approved.

https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commandsarrow-up-right

https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-serverarrow-up-right

When needing IP restriction: sudo ufw allow from 192.168.255.255.

hashtag
6. Configure Timezones and Network Time Protocol

https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-12-04arrow-up-right

It may begin to cause issues if the virtual server has to work with external machines.

  • Emails sent out from a misconfigured server may arrive 3 minutes in another.

  • users granted access only at certain times of the day, may find themselves blocked because of a time mismatch.

Servers can be synced using the NTP protocol.

  • ntp daemon: automatically, slowly shift the server clock to match.

  • To run ntpdate which automatically matches the time. ntpdate is not an action that should be taken regularly, but one time only.

hashtag
7. create swap

see swap section.

hashtag
8. Take a Snapshot of your Current Configuration

case by case scenario.

hashtag
SWAP

https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04arrow-up-right

To increase the responsiveness of your server and guarding against out of memory errors => to add some swap space.

Swap = an area on a HD that can temporarily store data when RAM is no longer sufficient for data.

Use Swap on spinning HDs, not SSD. (SSD will be degraded by Swap.)

hashtag
Check information

Suggested Swap sapce ~= 1 ~ 2 * RAM

hashtag
Create a Swap File

hashtag
Make the Swap File Permanent

...

PreviousStream & MultipartNextSecurity - SSH/firewall/VPN

Last updated