<h2>Add a user, and give super user privilleges</h2>
<h2>Add a user, and give super user privilleges</h2>
<p>You want to avoid using root as much as possible in regular use, so a new user for yourself is a must</p>
<p>You want to avoid using root as much as possible in regular use, so a new user for yourself is a must</p>
<pre><code>adduser <USERNAME>
<pre><code>adduser $USERNAME$
usermod -aG sudo <USERNAME></code></pre>
usermod -aG sudo $USERNAME$</code></pre>
<p>*replace <USERNAME> with the user you want to create, e.g. nathan</p>
<p>*replace $USERNAME$ with the user you want to create, e.g. nathan</p>
<h2>(Local server) Set static IP</h2>
<h2>(Local server) Set static IP</h2>
<p>If the server is a physical PC in your home you will need to set a static IP, otherwise your router could assign a differnent IP on reboot, and this would mess with port forwarding, and internal DNS.</p>
<p>If the server is a physical PC in your home you will need to set a static IP, otherwise your router could assign a differnent IP on reboot, and this would mess with port forwarding, and internal DNS.</p>
<p><ahref="#">Set static IP for local server</a></p>
<h3>Port forwarding for local server</h3>
<p>If you've set the static IP for your local server, you'll also have an additional step when making public (internet served) services, as unlike a VPS your ISP will likely have all outbound ports disabled by default</p>
<p><ahref="#">Port forward your local server</a></p>
<h2>Secure ssh</h2>
<h2>Secure ssh</h2>
<p>Although this is optional, I recommend it, as SSH (secure shell) will be the primary means of access to the server.</p>
<p>Although this is optional, I recommend it, as SSH (secure shell) will be the primary means of access to the server.</p>
<p>UFW (Uncomplicated Firewall) is a simple to use firewall, that can be used to easily open/close ports on your server.</p>
<p>UFW (Uncomplicated Firewall) is a simple to use firewall, that can be used to easily open/close ports on your server.</p>
<p>We'll install ufw, deny access inwards to all ports, but allow our server to access any ports outwards. We will then manually allow inwards traffic to the SSH port we set, in this case 2020</p>
<p>We'll install ufw, deny access inwards to all ports, but allow our server to access any ports outwards. We will then manually allow inwards traffic to the SSH port we set, in this case 2020</p>
<pre><code>apt install ufw
<pre><code>apt install ufw</code></pre>
ufw deny incoming
<pre><code>ufw deny incoming&&
ufw allow outgoing
ufw allow outgoing&&
ufw allow 2020
ufw allow 2020&&
ufw enable</code></pre>
ufw enable</code></pre>
<p>If there are any other ports that need to be opened in the future this can be done with:</p>
<p>If there are any other ports that need to be opened in the future this can be done with:</p>
<pre><code>ufw allow <PORT></code></pre>
<pre><code>ufw allow <PORT></code></pre>
@ -92,8 +96,9 @@ ufw enable</code></pre>
<h2>Set hostname</h2>
<h2>Set hostname</h2>
<p>Setting the name for a server is an important step, but the name doesn't need to be serious</p>
<p>Setting the name for a server is an important step, but the name doesn't need to be serious</p>
<pre><code>vim /etc/hosts
<pre><code>vim /etc/hosts</code></pre>
vim /etc/hostname</code></pre>
<p>and</p>
<pre><code>vim /etc/hostname</code></pre>
<p>Within both of these files the hostname should be changed to the same thing</p>
<p>Within both of these files the hostname should be changed to the same thing</p>
@ -107,26 +112,51 @@ vim /etc/hostname</code></pre>
<h2>SSH into the server</h2>
<h2>SSH into the server</h2>
<p>This is a two part section, and I recommend using this every time you SSH into a server from a new PC</p>
<p>This is a two part section, and I recommend using this every time you SSH into a server from a new PC</p>
<pre><code>ssh <USER>@<HOST> -p 2020</code></pre>
<pre><code>ssh $USER$@$HOST$ -p 2020</code></pre>
<p>This will likely display a message asking to verify the key for the server. This is to prevent man-in-the-middle attacks, so I reccommend verifying this whenever asked.</p>
<p>This will likely display a message asking to verify the key for the server. This is to prevent man-in-the-middle attacks, so I reccommend verifying this whenever asked.</p>
<p>To check the key for the server, you need to run this command on the server.</p>
<p>To check the key for the server, you need to run this command on the server.</p>
<p>Replace <KEY> with the key the message is asking about. Then if key the server shows matches that on your PC you are SSHing from, type <strong>yes</strong> and hit enter</p>
<p>Replace $KEY$ with the key the message is asking about (e.g. ecdsa, rsa, ed25519). Then if key the server shows matches that on your PC you are SSHing from, type <strong>yes</strong> and hit enter</p>
<h2>TODO:(Optional) Fail2Ban</h2>
<h2>TODO:(Optional) Fail2Ban</h2>
<h2>TODO:(Optional) Unattended Upgrades</h2>
<h2>TODO:(Optional) Unattended Upgrades</h2>
<p>Updates to a server typically want to be done by a human in case things go wrong, but smaller updates can be set to be done automatically</p>
<p>Updates to a server typically want to be done by a human in case things go wrong, but smaller updates can be set to be done automatically</p>
<h2>TODO:(Optional) Setup User preferences</h2>
<h2>(Optional) Setup User preferences</h2>
<p>These are a few things I personally like to have on a basic server</p>
<p>These are a few things I personally like to have on a basic server. If you have your own preferences, dotfiles, or intend to use oh-my-zsh fell free to skip over this.</p>
<h3>Vi mode bash</h3>
<h3>Vi mode bash</h3>
<p><strong>Warning</strong> this is a preference you may not want to use if you're a beginner, and/or don't use VIM (text editor), as it sets the terminal to work more like VIM</p>
<p>Open your .bashrc file in your editor of choice<p>
<pre><code>vim ~/.bashrc</code></pre>
<p>Add the following to the bottom of the file</p>
<pre><code>set -o vi</code></pre>
<h3>Aliases</h3>
<h3>Aliases</h3>
<p>Instead of typing out long commands you can alias them, and type a shorthand version.I've written an <ahref="#">article about aliases</a> that explains setting up, and aliases I use. Below are some essentials for those that don't want to jump to another article.</p>
<pre><code>alias ll="ls -lhtr"
alias df="df -h"
alias lsm="ls -t -1"
alias count="find . -type f | wc -l"</code></pre>
<h3>Ctrl-L clear-screen</h3>
<h3>Ctrl-L clear-screen</h3>
<p>Sometimes a new system doesn't have this by default, and it's probably the thing I use most after ls.</p>
<p>Add, or create an .inputrc file</p>
<pre><code>vim ~/.inputrc</code></pre>
<p>Add the following line to the file</p>
<pre><code>"C-l": clear-screen</code></pre>
<h3>BashRC PS1</h3>
<h3>BashRC PS1</h3>
<p>This will make your terminal look a little nicer, and display a directory path, user, and hostname. A ridiculously useful feature if you're managing multiple servers, or virtual machines</p>
<p>This is also in the .bashrc file, so open that up</p>
<pre><code>vim ~/.bashrc</code></pre>
<p>Then add the following to the bottom of the file</p>
<p>If you want to customise your terminal, you can do so with <ahref="https://bashrcgenerator.com/"target="_blank"rel="noopener">.bashrc PS1 generator</a>.
<h2>Server maintance notes</h2>
<h2>Server maintance notes</h2>
<p>Keep the server up-to date as much as possible</p>
<p>Keep the server up-to date as much as possible</p>
Nathan Steel
4 years ago