Digital Ocean - steps

Initial Server Setup with Ubuntu 16.04

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04

https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-ubuntu-14-04-servers

Purpose: To increase the security and usability of your server.

You need ip address of your server & password.

1. Create a New User to prevent using ROOT everyday

ROOT is too powerful to use everyday.

$ ssh root@your_server_ip // login as root

$ adduser UserName
$ usermod -aG sudo UserName // add user to sudo group

2. Add Public Key Authentication

set up public key authentication for your new user.

$ ssh-copy-id UserName@your_server_ip

3. Disable Password Authentication

New user can only use SSH keys to log in, not password.

4. Test

Test it before you logout!!!

Open new command line and try to login again.

5. Set Up a Basic Firewall

https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server

Ubuntu 16.04 servers can use the UFW firewall to make sure only connections to certain services are allowed.

UFW: Uncomplicated Firewall, is a front-end to iptables.

Firewall denies traffic to every port except for ports/services you have approved.

https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands

https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server

When needing IP restriction: sudo ufw allow from 192.168.255.255.

6. Configure Timezones and Network Time Protocol

https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-12-04

It may begin to cause issues if the virtual server has to work with external machines.

  • Emails sent out from a misconfigured server may arrive 3 minutes in another.

  • users granted access only at certain times of the day, may find themselves blocked because of a time mismatch.

Servers can be synced using the NTP protocol.

  • ntp daemon: automatically, slowly shift the server clock to match.

  • To run ntpdate which automatically matches the time. ntpdate is not an action that should be taken regularly, but one time only.

7. create swap

see swap section.

8. Take a Snapshot of your Current Configuration

case by case scenario.

SWAP

https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04

To increase the responsiveness of your server and guarding against out of memory errors => to add some swap space.

Swap = an area on a HD that can temporarily store data when RAM is no longer sufficient for data.

Use Swap on spinning HDs, not SSD. (SSD will be degraded by Swap.)

Check information

Suggested Swap sapce ~= 1 ~ 2 * RAM

Create a Swap File

Make the Swap File Permanent

...

PreviousStream & MultipartNextSecurity - SSH/firewall/VPN

Last updated

Was this helpful?