<p>I set this website up as a means to share information to educate, and help people, as well as to easily point people to my answers for common questions.</p>
<h2>What do you do?</h2>
<p>I'm currently employed as a web developer, and I enjoy it to an extent. I love solving problems, optimising sites, and creating designs/experiences, but building the guts, not so much.</p>
<p>I'm currently taking some time away from work, but looking for places I believe I'd be a good fit. I love solving problems, optimising sites, and creating designs/experiences, so I'm kind of a developer at heart.</p>
<p>Outside of work I practise minimalism, frugalism (to an extent), and work towards Financial Independance (FI/RE). I also love the idea of OneBagging, self-sufficiency, and travelling, so these are things I'm trying to work towards.</p>
<pclass="intro">To avoid needing to remember an IP, this guide will help to link your domain name to your server.</p>
<pclass="intro">To avoid needing to remember an IP, this guide will help to link your domain name to your server. It assumes you have already <ahref="/guides/get-a-domain-name">attained a domain name</a>.</p>
<h2>Login to your domain name registrar</h2>
<p>Login to the registrar, and select the domain name you want to point at your server.</p>
<h2>Find the section for DNS</h2>
<p>The domain name should have a section named, "DNS", "Custom DNS records", or something similar to this. Find, and open it, there should be a bunch of boxes and an option to add a new record</p>
<p>The domain name should have a section named, "DNS", "Custom DNS records", or something similar to this. Find, and open it, there should be a bunch of boxes and an option to add a new record.</p>
<h2>Add the A record</h2>
<p>There will likely be many option for adding records, but all we need is to add a singular A record</p>
<p>Find the box that allows you to "Add a new record" and input the below, changing <IP> and <DOMAIN> with your IP address, and domain name</p>
<pre><code></code></pre>
<p>Find the box that allows you to "Add a new record" and input the below, changing <IP> and <DOMAIN> with your IP address, and domain name.</p>
<p>If there are not multiple boxes, but instead a single box to input your record into, this will be what you add instead</p>
<pre><code></code></pre>
<pre><code><DOMAIN> A 86400 <IP></code></pre>
<h2>Wait for propagation</h2>
<p>Now there's a bit of a waiting game, as you need to wait for the new DNS record to propagate (get updated) for all nameservers. This can be anywhere from instantly to 72 hours, but typically takes an hour or two.</p>
<h3>Check your domain has propagated</h3>
<p>Pinging the domain name will let you know when the IP has propagated, as when the ping command shows your IP, you're all set</p>
<p>Pinging the domain name will let you know when the IP has propagated, as when the ping command shows your IP, you're all set.</p>
<pclass="intro">PHP is one of the highest used programming languages for websites, and it allows you to add practically any functionality you'd ever want to your sites.</p>
<p>This will use nginx's fastcgi-php.conf snippet which is more secure by deafult than many other php/nginx configs because it 404s if the files doesn't exist. Read Neal Poole's<ahref="https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/"target="_blank"rel="noopener">Don't trust the tutorials</a> for more info.</p>
<p>This will use nginx's fastcgi-php.conf snippet which is more secure by default than many other php/nginx configs because it 404s if the requested file doesn't exist. Read Neal Poole's<q><ahref="https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/"target="_blank"rel="noopener">Don't trust the tutorials</a></q> for more info.</p>
<p>Create a PHP file e.g. <strong>filename.php</strong> in the website's directory, and add the snippet below into it</p>
<pre><code><?php phpinfo(); ?></code></pre>
<p>Create a PHP file e.g. <strong>filename.php</strong> in the website's directory, and add the snippet below into it.</p>
<pre><code><?php phpinfo(); ?></code></pre>
<p>Go to that webpage in your browser e.g. <strong>domain.co.uk/filename.php</strong>, and if php is working you should see a dump of your PHP's version, headers, etc.</p>
<h2>Make nginx use index.php as homepage/root</h2>
<p>Now we'll set nginx to load up index.php as the root of the website, if it exists. Open the site's config with an editor</p>
<p>Now we'll set nginx to load up index.php as the root of the website, if it exists. Open the site's config with an editor.</p>
<p>Change the index line to read as below. This will then tell the server to load index.php, and if it doesn't exists, load index.html in it's stead</p>
<p>Change the index line to read as below. This will then tell the server to load index.php, and if it doesn't exists, load index.html in its stead.</p>
<p>Written by <ahref="https://aney.co.uk"target="_blank"rel="noopener">@aney</a> with <ahref="https://danluu.com/web-bloat/"target="_blank"rel="noopener">web bloat</a> in mind | <ahref="https://github.com/Aney/website"target="_blank"rel="noopener">Source Code</a></p>
<p>Written by <ahref="https://aney.co.uk"target="_blank"rel="noopener">@aney</a> with <ahref="https://danluu.com/web-bloat/"target="_blank"rel="noopener">web bloat</a> in mind | <ahref="https://github.com/Aney/website"target="_blank"rel="noopener">Source Code</a>.</p>
<p>Head to your <WEBSITE/IP>/adminer.php, and you should load into the adminer login. Using your mysql/mariaDB credentials, you can then login, and use the GUI to manage your database(s)</p>
<p>Head to your <strong><WEBSITE/IP>/adminer.php</strong>, and you should load into the adminer login. Using your mysql/mariaDB credentials, you can then login, and use the GUI to manage your database(s)</p>
<h2>Make it a directory, not a file</h2>
<p>Instead of accessing /adminer.php?<ARGUMENTS>, we can make it look like /adminer/<ARGUMENTS></p>
<p>Instead of accessing <strong>/adminer.php?<ARGUMENTS></strong>, we can make it look like <strong>/adminer/<ARGUMENTS></strong></p>
<p>A domain name, as many will know is what people typing into their browser, e.g. google.com, facebook.com, etc.</p>
<p>The primary use for these is to have a memorable thing for users, instead of needing to type the IP address of the server</p>
<p>A domain name, as many will know is what you type into a browser to access a website. Without a domain name, everyone accessing your server/website would need to be entering the IP address.</p>
<h2>Choose a registrar</h2>
<p>First thing is to choose a registrar (who you are leasing the domain from). You can search for "domain name registrars" and find who is cheapest. So long as they handle DNS (which all I've used do) you're good.</p>
<p>First thing is to choose a registrar (who you are leasing the domain from). You can search for "domain name registrars" and find who is cheapest. So long as they handle DNS (which most do) you're good.</p>
<p>I'm currently using <ahref="https://tsohost.com"target="_blank"rel="noopener">tsohost.com</a>, as they're pretty cheap, and besides a few little issues, it works for me.</p>
<h2>Choose a domain name</h2>
<p>On the registrar's website there will be a section to purchase a domain. Upon clicking this you'll likely be greeted with a searchbar, search for whatever domain you'd like here, and they'll let you know if it's available, and what similar domains there are</p>
<p>On the registrar's website there will be a section to purchase a domain. Upon clicking this you'll likely be greeted with a searchbar, search for whatever domain you'd like here, and they'll let you know if it's available, and what similar domains there are.</p>
<p>Select the domain(s) you wish, and add it/them to your cart.</p>
<h2>Purchase your domain name</h2>
<p>Simply checkout, and make your way through the process</p>
<p>Simply checkout, and make your way through the process. Tada, you now have a domain name!</p>
<p>Next up you'll need to <ahref="/guides/add-domain-to-server">link your server and domain name</a> with DNS.</p>
<pclass="intro">If you want to start getting into server hosting, system administration, or just want to get a basic minecraft/web server up for you and your friends, then welcome. We all start somewhere, and I would love if I could get your foot in the door.</p>
<h2>Notice</h2>
<p>This is heavily a WIP, so I'll be adding to this guide whenever I get time, and will update it's readibility, and correct/add anything missing once it's 'complete'. If I didn't put it up in an unfinished state, it would never go live, so bear with.</p>
<h2>Basic Server setup</h2>
<ul>
<li>Get a server and <ahref="/guides/server-install-debian.html">Install Debian</a></li>
<li><ahref="/guides/initial-server-setup.html">Basic Debian Server setup (with some security)</a></li>
<li>TODO:<ahref="/guides/get-a-domain-name.html">Get a domain name</a></li>
<li><ahref="/guides/get-a-domain-name.html">Get a domain name</a></li>
<li><ahref="/guides/add-domain-to-server.html">Connect your server and domain name</a></li>
<li>TODO:Port Forwarding (home server)</li>
</ul>
<p>Now you officially own, and have setup a server. Currently all you can do is SSH into it though, so let's get some services on there</p>
<h2>Virtualisation</h2>
<p>Virtual machines allow you to use your server as multiple servers at once, with different operating systems, services, files, etc. If you're self-hosting this is a great way to separate concerns, having one system for each distinct task.</p>
<p>Virtual machines allow you to use your server as multiple servers at once, with different operating systems, services, files, etc. If you're self-hosting this is a great way to separate concerns, having one system for each distinct task.</p>
<p>This section assumes you have a fresh Debian 11 install on a server (either physical or VPS)</p>
<p>It will cover installing the essentials for access, and basic security so you don't need to worry in the future. This section may seem a little daunting for a first-time linux user, but most of it is copy/paste, hopefully with enough description to understand what is being done. Just remember not to copy the $/root$ they're there to show what user/directory we're in. </p>
<p>This section assumes you have a fresh Debian install on a server (either physical or VPS)</p>
<p>It will cover installing the essentials for access, and basic security so you don't need to worry in the future. This section may seem a little daunting for a first-time linux user, but most of it is copy/paste, hopefully with enough description to understand what is being done.</p>
</section>
<section>
<p>This first section will be done on the physical PC, or on the VPS via their website, or SSH'd as root if that's the option given.</p>
<h2>Login</h2>
<p>Perhaps silly, but login as your user with root priveleges or the root user if a user isn't currently setup.</p>
<p>For the first few steps it's written as if you're logged in as root, if you followed my <ahref="/guides/server-install-debian.html"target="_blank"rel="noopener">install guide</a>, this won't have a password, so we'll change user with the following command</p>
<pre><code>sudo su -</code></pre>
<p>Now just follow along with the remainder of the guide. If you wish not to change users you could also just add sudo in-front of the commands to run them as root that way.</p>
<h2>Update the OS</h2>
<p>Even with a fresh install of Debian from the latest ISO, there may be some updates you're missing, and it's a good idea to have these, especially in case they're security updates.</p>
@ -48,13 +54,14 @@
<h2>Install essential packages</h2>
<p>These are packages that are needed for accessing, and controlling the server</p>
<pre><code>apt install sudo ssh</code></pre>
<pre><code>apt install sudo ssh -y</code></pre>
<h3>Some useful packages too</h3>
<pre><code>apt install vim htop wget curl tmux</code></pre>
<pre><code>apt install vim htop wget curl tmux -y</code></pre>
<h2>Add a user, and give super user privilleges</h2>
<p>You want to avoid using root as much as possible in regular use, so a new user for yourself is a must</p>
<p>This can be ignored if my guide was followed, or you already have a user setup. Some VPS just have root however, so I believe this should be included.</p>
<p>The reason for a new account instead of using root, basically comes down to security. If you want multiple people on the server too, it's best to have a unique account for each.</p>
<p>*replace $USERNAME$ with the user you want to create, e.g. nathan</p>
<h2>(Local server) Set static IP</h2>
<p>If the server is a physical PC in your home you will need to set a static IP, otherwise your router could assign a differnent IP on reboot, and this would mess with port forwarding, and internal DNS.</p>
<p><ahref="#">Set static IP for local server</a></p>
<h3>Port forwarding for local server</h3>
<p>If you've set the static IP for your local server, you'll also have an additional step when making public (internet served) services, as unlike a VPS your ISP will likely have all outbound ports disabled by default</p>
<p><ahref="#">Port forward your local server</a></p>
<p>If the server is a physical PC in your home you will need to set a static IP, otherwise your router could assign a different IP on reboot, and this would mess with port forwarding, and internal DNS.</p>
<p>If you're using a VPS, this step can be ignored.</p>
<p><ahref="#"target="_blank"rel="noopener">Set static IP for local server</a></p>
<h2>Secure ssh</h2>
<p>Although this is optional, I recommend it, as SSH (secure shell) will be the primary means of access to the server.</p>
<p>Although this is optional, I recommend it, as SSH (secure shell) will likely be the primary means of access to the server. You don't want to be next to it whenever you've got a change to make.</p>
<p>Open the following file with your editor of choice, I use vim.</p>
<pre><code>vim /etc/ssh/sshd_config</code></pre>
<p>Within the editor you will need to search for <strong>PermitRootLogin</strong> and set it to <strong>no</strong>, this prevents ssh as root</p>
<p>Search for <strong>Port</strong> and set it to a different port to 22, a port over 1024 prevents basic nmap scans, and therefor a lot of bruteforcing, so let's go with 2020 so it's easy to remember</p>
<p>Below the <strong>Port</strong> line, add a new line with<strong>Protocol 2</strong> this enables ssh2, which is more secure</p>
<p>Search for <strong>Port</strong> and set it to a different port than 22, a port over 1024 prevents basic nmap scans, and therefor a lot of bruteforcing, so let's go with 2020 as it's easy to remember</p>
<p>Below the <strong>Port</strong> line, add a new line and write<strong>Protocol 2</strong> this enables ssh2, which is more secure than the standard ssh protocol.</p>
<p>(Optional) Comment/Add a <strong>#</strong> to the beginning of the <strong>passwordlogin</strong> line. This will prevent sshing to the server from any PC that doesn't have it's SSH key on the server already. I recommend only doing this if your sshkeys are on the server, or you're comfortable adding them.</p>
<p>UFW (Uncomplicated Firewall) is a simple to use firewall, that can be used to easily open/close ports on your server.</p>
<p>We'll install ufw, deny access inwards to all ports, but allow our server to access any ports outwards. We will then manually allow inwards traffic to the SSH port we set, in this case 2020</p>
<p>We'll install ufw, deny access inwards to all ports, but allow our server to access any ports outwards. We will then manually allow traffic to the SSH port we set, in this case 2020.</p>
<pre><code>apt install ufw</code></pre>
<pre><code>ufw default deny incoming &&
ufw default allow outgoing &&
ufw default allow 2020 &&
ufw allow 2020 &&
ufw enable</code></pre>
<p>If there are any other ports that need to be opened in the future this can be done with:</p>
<p>Setting the name for a server is an important step, but the name doesn't need to be serious</p>
<p>Setting the name for a server is not an important step, but it's nice to have each server easily identifable.</p>
<p>Simply change the hostname within the two files below. Ensure they share the same name between files.</p>
<pre><code>vim /etc/hosts</code></pre>
<p>and</p>
<pre><code>vim /etc/hostname</code></pre>
<p>Within both of these files the hostname should be changed to the same thing</p>
</section>
<section>
<p>This next section can be done via a terminal, or an SSH client e.g. PuTTY for Windowss. For the sake of the guide, this assume you're using a Unix terminal</p>
<h2>Create an SSH key</h2>
<p>We'll create an ed25519 ssh-key, as it's more secure, and performant than the defaultrsa</p>
<pre><code>ssh-keygen -t ed25519</code></pre>
<hr>
<p>This next section is to be done via a terminal, or an SSH client e.g. PuTTY for Windows. This part of the guide is written for a Unix terminal.</p>
<h2>SSH into the server</h2>
<p>This is a two part section, and I recommend using this every time you SSH into a server from a new PC</p>
<p>This is a two part section, and I recommend using this every time you SSH into a server from a new PC.</p>
<pre><code>ssh $USER$@$HOST$ -p 2020</code></pre>
<p>This will likely display a message asking to verify the key for the server. This is to prevent man-in-the-middle attacks, so I reccommend verifying this whenever asked.</p>
<p>To check the key for the server, you need to run this command on the server.</p>
<p>This will likely display a message asking to verify the key for the server. This is to prevent man-in-the-middle attacks, so I recommend verifying this whenever asked.</p>
<h3>Verify SSH</h3>
<p>To verify, you'll need to run the following command on the server.</p>
<p>Then if the key the server shows matches that on your PC's SSH prompt, type <strong>yes</strong> and hit enter from your PC.</p>
<h2>SSH without a password</h2>
<p>To be more secure, and to SSH faster we can setup an SSH key, and use that for user authentication.</p>
<h3>Create an SSH key</h3>
<p>We'll create an ed25519 ssh-key, as it's more secure, and performant than the default rsa.</p>
<pre><code>ssh-keygen -t ed25519</code></pre>
<p>Replace $KEY$ with the key the message is asking about (e.g. ecdsa, rsa, ed25519). Then if key the server shows matches that on your PC you are SSHing from, type <strong>yes</strong> and hit enter</p>
<h3>Copy the SSH key onto the server</h3>
<p>From the terminal there's a nifty command to copy ssh keys to a server.</p>
<p>Now simply run the same ssh command as before, and you shouldn't get a password prompt.</p>
<pre><code>ssh $USER$@$HOST$ -p 2020</code></pre>
<h2>(Optional) Fail2Ban</h2>
<p>Fail2ban is used to periodically check server logs, and bans IPs that appear to be trying to brute-force into your server. It's only "required" for servers exposed to the internet.</p>
<pre><code>apt install fail2ban -y</code></pre>
<pre><code>systemctl enable fail2ban</code></pre>
<p>There's a lot of options for fail2ban, this just installs it. For a little more detail checkout <ahref="https://wiki.crowncloud.net/?How_To_Protect_SSH_With_Fail2Ban_on_Debian_12"target="_blank"rel="noopener">Crownclouds fail2ban guide</a>.</p>
<h2>TODO:(Optional) Unattended Upgrades</h2>
<p>Updates to a server typically want to be done by a human in case things go wrong, but smaller updates can be set to be done automatically</p>
<p>Updates to a server typically want to be done by a human in case things go wrong, but smaller updates can be set to be done automatically.</p>
<p>The above downlads, and starts unattended-upgrades with some good defaults, but if you want a some more details check cyberciti's<ahref="https://www.cyberciti.biz/faq/how-to-keep-debian-linux-patched-with-latest-security-updates-automatically/"target="_blank"rel="noopener">unattended upgrades guide</a>.</p>
<h2>(Optional) Setup User preferences</h2>
<p>These are a few things I personally like to have on a basic server. If you have your own preferences, dotfiles, or intend to use oh-my-zsh fell free to skip over this.</p>
@ -148,21 +175,6 @@ alias df="df -h"
alias ta="tmux attach || tmux new"
alias ipe="curl ifconfig.co"</code></pre>
<h3>Ctrl-L clear-screen</h3>
<p>Sometimes a new system doesn't have this by default, and it's probably the thing I use most after ls.</p>
<p>Add, or create an .inputrc file</p>
<pre><code>vim ~/.inputrc</code></pre>
<p>Add the following line to the file</p>
<pre><code>"C-l": clear-screen</code></pre>
<h3>BashRC PS1</h3>
<p>This will make your terminal look a little nicer, and display a directory path, user, and hostname. A ridiculously useful feature if you're managing multiple servers, or virtual machines</p>
<p>This is also in the .bashrc file, so open that up</p>
<pre><code>vim ~/.bashrc</code></pre>
<p>Then add the following to the bottom of the file</p>
<p>If you want to customise your terminal, you can do so with <ahref="https://bashrcgenerator.com/"target="_blank"rel="noopener">.bashrc PS1 generator</a>.
<h2>Reads shouldn't write!</h2>
<p>Another personal opinion, and change is to enable noatime, and nodiratime. Be careful with this change! And ignore if you followed my Debian install guide, as they're already enabled.</p>
<p>Basically without these, when a file is opened (read) on your filesystem, a write is invoked to update the time it was opened, which causes unwanted writes, and CPU cycles.</p>
<p>Run the above command, and follow the instructions, if you don't want to then follow mine.</p>
<p>Press enter for the current password, and again when asked if you want to set a root password. Enter the password, then press enter for everything else.
<h2>Create Admin user</h2>
<pre><code>sudo mysql</code></pre>
<pre><code>GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;</code></pre>
<pre><code>GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY '<DESIRED_PASSWORD>' WITH GRANT OPTION;</code></pre>
<pre><code>FLUSH PRIVILEGES;</code></pre>
<pre><code>exit;</code></pre>
<h2>Test it works</h2>
<p>Simply try logging in as the admin account.</p>
<pre><code>mysql -u admin -p</code></pre>
<p>It should ask for a password, so enter your <strong>DESIRED_PASSWORD</strong>, and if you get mysql access, it's successful.</p>
<h2>(Optional) Make it easier to access on command line</h2>
<p>If you're working with a terminal, when calling <code>mysql</code> you'll need to enter a password each time. You can store the passwordwith a special .cnf file, making it faster to get into writing SQL.</p>
@ -56,9 +61,9 @@
<pre><code>vim ~/.my.cnf</code></pre>
<p>Add the following, with your credentials</p>
<pre><code>[mysql]
user=<USERNAME>
password=<PASSWORD></code></pre>
<p>The above can be used for mysqldump, mysqladmin, and others too, by replacing the <code>[mysql]</code> block</p>
user=<USERNAME>
password=<PASSWORD></code></pre>
<p>The above can be used for mysqldump, mysqladmin, and others too, by replacing the <code>[mysql]</code> block, with the related. e.g. <code>[mysqldump]</code>.</p>
On VM turning cache off essentially acts like accessing the drive itself. No exactly a passthrough, but decent enough
http://www.linux-kvm.org/page/Tuning_KVM
</section>
</main>
<footer>
<hr/>
<p>Written by <ahref="https://aney.co.uk"target="_blank"rel="noopener">@aney</a> with <ahref="https://danluu.com/web-bloat/"target="_blank"rel="noopener">web bloat</a> in mind | <ahref="https://github.com/Aney/website"target="_blank"rel="noopener">Source Code</a></p>
<p>First thing is to get the install media setup. If you know how to burn an ISO, go ahead and get that done, I'll wait for you in the next section. If not follow below.</p>
<p>Download the latest debian ISO from the <a>debian website</a>, at the time of writing it's <a>this release</a>, but get it from their page.</p>
<p>Download <a>Balena Etcher</a> for your device (Windows, MacOS, Linux), and install it</p>
<p>Download the latest debian ISO from the <ahref="https://www.debian.org/distrib/"target="_blank"rel="noopener">debian distrubution page</a>, at the time of writing it's <ahref="https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.2.0-amd64-netinst.iso"target="_blank"rel="noopener">this release</a> (assuming you're installing on a 64bit PC), but get it from their page.</p>
<p>Download <ahref="https://etcher.balena.io/"target="_blank"rel="noopener">Balena Etcher</a> for your device (Windows, MacOS, Linux), and install it</p>
<p>Then open Etcher (with an empty USB plugged in), select the USB, and the downloaded ISO image, then hit run.</p>
<p>When finished remove the USB and plug it into the PC you want to install Debian to</p>
@ -61,48 +61,68 @@
<h2>Localisation</h2>
<p>As if you are filling out an online form, simply ensure the boxes are correct to your language, location (sets time, and download servers), and keyboard layout.</p>
<h2>Network, and server name</h2>
<p>If you're using DHCP, this can be...</p>
TODO
<h3>Hostname</h3>
<p>What you wish to call your server, I like to give names that are quirky, but still kinda explain what they do. For example, my webserver is "spiderverse", and my NAS is "lilnas", etc.</p>
<p>What you wish to call your server, I like to give names that are quirky, but still kinda explain what they do. For example, some names I've used are "spiderverse" for a web server, and "lilnas" for a NAS, etc.</p>
<h3>Domain name</h3>
<p>Leave this as default, and hit continue.</p>
<p>Leave this as default "home", and hit continue.</p>
<h2>Create User</h2>
<h2>Set up users and password</h2>
<p>The first thing you'll see is a screen asking for a root password.</p>
<h3>Don't set a root password</h3>
<p>This will ask for a root password. Do not enter a password, and simply git the <strong>Enter</strong> key, then again when it asks for the password the second time. A root user with a password is a vulnerability, so we're avoiding this.</p>
<p>Simply hit the <strong><kbd>Enter</kbd></strong> key, then again when it asks for the password the second time. A root user with a password is a vulnerability, so we're avoiding this.</p>
<h3>Create your user (admin account)</h3>
<p>Now enter your username, and password as the installer requests. This account will be added to the sudo group, making it an admin with access to root, and root commands.</p>
<p>Now enter your username, and password as the installer requests.</p>
<p>This account will be added to the sudo group, making it an admin with that can act as the root user.</p>
<h2>Disk Partitioning</h2>
<p>For this I am assume you're using a new drive, or at least one that you don't want any of the data on it</p>
<h3>Auto-partitioning</h3>
<p>You can do this, and it's recommended if you're new to linux. Once you've got the hang of it, you can always re-install your server from scratch (I recommend this a couple of times).</p>
<p>Also select to have all files in one partition, as it's the simplest option.</p>
<p>Finish Partitioning, and done.</p>
<h3>Guided/Auto-partitioning</h3>
<p>You can do this, and it's recommended if you're new to linux. Once you've got the hang of it, you can always re-install your server from scratch (I recommend this a couple of times if it's non-integral).</p>
<p>Select <em>Guided - use entire disk</em> then select the drive you want to boot from.</p>
<p>Then select <em>All files in one partition (recommended for new users)</em>, as it's the simplest option.</p>
<h3>Manual Partitioning</h3>
<p>For a little more control over the partitioning, this is the option. If you are a beginner I'd just go with auto for now, but follow this if you desire.</p>
TODO
<h3><del>Manual Partitioning</del></h3>
<p>I've opted to leave this out, as it's a beginner guide. If you're reading this though I typically don't create a swap partition, but the guided installer does. It's no problem, but following this guide makes it redundant.</p>
<h3>Preferences</h3>
<h3>Skip Swap (for now)</h3>
<h3>(Optional) Preferences</h3>
<p>With your disk partitioned select the partion that has a <strong>/</strong> at the far right, and hit <kbd>Enter</kbd>.</p>
<p>Go to <em>Mount Options</em>, and select (using <kbd>Space</kbd>) <em>noatime</em>, and <em>nodiratime</em>. Then hit <kbd>Enter</kbd>, and select <em>Done setting up the partition</em>.</p>
<h2>Scan Additional Media</h2>
<p>Unless you've addition drivers, etc. (You probably don't) hit <strong>No</strong></p>
<h3>Finalising Partitioning</h3>
<p>Simply hit <kbd>Enter</kbd> on <em>Finish partitioning and write changes to disk</em> at the bottom of the page.</p>
<p>Another screen will appear to verify you wish to partition, hit <em>Yes</em>, and it'll begin partitioning. Give it a little time.</p>
<h2>Configure Mirror</h2>
<h3>Configure the package manager</h3>
<p>A simple one, select your country, hit enter to the top selection, hit enter again when it asks for a proxy (unless you know what you're doing), and sorted.</p>
<h2>Popularity Contest</h2>
<p>I typically select <em>No</em> here, but read what it is and select for yourself.</p>
<h2>Software Selection</h2>
<h2>Install Grub Boot Loader</h2>
<p>Now tasksel will load up, and ask if you want any software installed during setup.</p>
<p>I choose to deselect everything pre-selected (the ones with asterisks), however for a new setup keeping <em>standard system utilities</em> is a-ok.</p>
<p>If you're after a GUI experience you can select <em>Xfce</em> as it's pretty lightweight, however I'd recommend going with no GUI for a server.</p>
<p>Once you've selected what to install, hit <kbd>Enter</kbd>.</p>
<h2>Reboot, and enjoy!</h2>
<p>Reboot your server, and tada!</p>
<h2>Setup Swap</h2>
<p>I mentioned earlier I don't setup a swap partition, and that it'd be redundant if you follow this guide, so here we go.</p>
<p>Swap sizes vary per PC as different services use more RAM, etc. A decent(ish) rule of thumb is to set half your RAM size as the swap size, but to be honest 8GB will likely suffice.</p>
<p>Then press <kbd>esc</kbd>, followed by <kbd>shift</kbd>+<kbd>Z</kbd><kbd>Z</kbd>.</p>
<h2>Next steps</h2>
<p>Now that you've got a basic Debian install, you'll need to configure, and install a few things. I've written a little something, somthing like that, so check <ahref="/guides/initial-server-setup.html">how to setup a new server install</a></p>
<pclass="intro">A bridge network is a means to connect/bridge different networks together to act like a single network. In this case, it allows any connections to the bridge network to get their own internal IPs, as if plugged into the network directly, and work as you'd expect a completely new physical PC to work. i.e. Accessble to other clients outside of the host.</p>
<pclass="intro">A bridge network is a means to connect/bridge different networks together to act as a single network. In this case, it allows any virtual connections to the bridge network to get their own internal IPs, as if plugged into the network directly.</p>
<p>First we need to find the network we want to bridge to the VMs</p>
<pre><code>ip a</code></pre>
<h2>Find the network device to bridge</h2>
<p>First we need to find the network device we want to bridge to the VMs.</p>
<pre><code>ip link</code></pre>
<p>You'll likely have a device called something similar to <strong>enp1s0</strong>, or <strong>eth0</strong>.</p>
<h2>Bridge it</h2>
<h2>Create the bridge network</h2>
<p>This will be familiar to those who have <ahref="/guides/set-static-ip.html">set a static ip</a> on linux, as it's essentially the same, with a few additional lines related to bridging</p>
<p>This can be done by editing <strong>/etc/network/interfaces</strong></p>
<h3>Remove interface from interfaces file</h3>
<p>First step is to remove any references to your network device from <strong>/etc/network/interfaces</strong>, if this file is untouched there will likely be two lines at the bottom.</p>
<pre><code>sudo vim /etc/network/interfaces</code></pre>
<p>And setting the following lines<p>
<h3>Change existing port to manual</h3>
<p>There will already exist some lines with your chosen network adapter, such as</p>
<pre><code>iface enp2s0 inet auto</code></pre>
<p>Change this to contain manual instead</p>
<pre><code>iface enp2s0 inet manual</code></pre>
<h3>Static Bridge</h3>
<p>If you want your server to have a static IP use this</p>
<h3>Create a new bridge interface</h3>
<p>Now create a file in the <strong>/etc/network/interfaces.d/</strong> directory, with the name of your bridge (I like <strong>br0</strong>).</p>
<h4>Static IP</h4>
<pre><code>auto br0
iface br0 inet static
bridge_ports enp2s0 # which port(s) to bridge together
address 192.168.0.100 # Static IP
netmask 255.255.255.0
network 192.168.0.1
iface br0 inet static # Name the same as your file (br0)
address 192.168.0.100
broadcast 192.168.0.255
gateway 192.168.0.1
bridge_stp off # New
bridge_fd 0 # New
bridge_maxwait 0 # New
dns-nameservers 8.8.8.8 8.8.1.1</code></pre>
<h3>Dynamic Bridge</h3>
<p>If instead you wish your server to have a dynamic IP (not recommended). A bridged network can be set, with a dynamic DHCP set IP</p>
netmask 255.255.255.0
gateway 192.168.0.1 # Normally your router's IP
dns-nameservers 192.168.0.1 8.8.8.8 8.8.4.4 # Don't set if resolveconf is installed, comment if internet borked
bridge_ports enp1s0 # Your device name
bridge_stp off # Disable Spanning Tree Protocol
bridge_waitport 0 # No delay before a port becomes available
bridge_fd 0 # No forwarding delay (Connects to network immediately)</code></pre>
<h4>Dynamic IP</h4>
<pre><code>iface br0 inet dhcp
bridge_ports enp2s0</code></pre>
<h2>Create Virtual Network</h2>
<p>To make it easier to manage with VMs, this new bridge can be made into a Virtual Network.</p>
<p>Open up a text-editor, and create a file called <strong>bridged-network.xml</strong></p>
<pre><code>vim bridged-network.xml</code></pre>
<h2>(Optional) Create Virtual Network</h2>
<p>To make it easier to manage with VMs, this new bridge can also be made into a Virtual Network (Basically so you can select it from a dropdown).</p>
<h3>Create XML file</h3>
<p>Open up a text-editor, and create a file called <strong>br0.xml</strong>, named after the bridge itself.</p>
<p>If this creates the bridge, but claims to have failed, restart your PC</p>
<p>This may claim to have failed, but if checking with <strong>ip link</strong> shows the bridge, reboot. Essentially the bridge has been brought up, and it's trying to bring it up again (and can't), then throws an error.</p>
<pre><code>sudo reboot</code></pre>
<h3>Check it's there</h3>
<p>Run another check for networks, and you should now see br0</p>
<pre><code>ip a</code><pre>
<p>Run some checks and you should now see br0, with an IP4 address.</p>
<pclass="intro">This is an intro, you gotta believe me</p>
<h2>Heading</h2>
<pclass="intro">Virtualisation is the act of creating a virtualised computer (guest), inside another computer (the host) by sharing the hardware. This allows a single host the ability to run all your services, whilst keeping a level of <ahref="/guides/vm-seperation-of-concerns">SoC</a>.</p>
<h2>Enable in the BIOS</h2>
<p>To run virtual machines, certain flags in the bios need to be set. If you don't want to bring down an existing server to check, then check the next section first.</p>
<ul>
<li>Reboot your PC</li>
<li>At the BIOS splashscreen, press your motherboard's prefered key (typically <kbd>ESC</kbd>, <kbd>F3</kbd>, or <kbd>F12</kbd>).</li>
<li>Find and enable the virtualisation setting(s).
<ul>
<li>One of VT-x, AMD-V, SVM, or Vanderpool.</li>
<li>One of Intel VT-d, or AMD IOMMU (if available)</li>
</ul>
</li>
</ul>
<h2>Check Virtualisation is enabled</h2>
<p>Double check to make sure your server can be used for virtualisation, if you've enabled it in the BIOS it should be good. Just run one of the following command</p>
<p>There are two different session types for VMs, user, and system sessions. If you are using a desktop, and intend to virtualise other desktop OSs I recommend user sessions. If you're setting up a server hypervisor, then use System sessions.</p>
<h3>User Session</h3>
<p>A user session VM is what I recommend for personal PCs, laptops, etc. as it's the best option for desktop virtualisation (e.g. a Kali install for l33t hackers).</p>
<h2>Why not use a dedicated server for each concern?</h2>
<p>You can! No-one's going to stop you, but unless each concern <em>requires</em> (i.e. needs the dedicated hardware/isolation) its own dedicated server, it's hugely redundant. Again NAS as an example, would be good for a dedicated machine, as it'll be safer if there's no additional chance it goes down due to failure of an unrelated service.</p>
<p>Virtual Machines are wonderful, as they allow you to make use of more powerful/high spec machines while minimising the wasted usage...</p>
