Linux Web Server Setup

Some basic setup commands & configs that I use for new Debian web servers.

• ufw
• fail2ban
• nginx
• nvm

#change ssh port (and disable root login later):

nano /etc/ssh/sshd_config
service sshd restart

#change hostname:

nano /etc/hostname
nano /etc/hosts

#add new user (to replace root):

useradd -m USERNAME
passwd USERNAME

#add new user to sudo:

usermod -aG sudo USERNAME

#set bash as default:

chsh -s /bin/bash USERNAME

---

#uncomplicated firewall

sudo apt-get install ufw

#allow ssh:

sudo ufw allow 22/tcp
sudo ufw status verbose

#other rules examples:

sudo ufw allow 1111:1115/tcp
sudo ufw allow 1116:1119/udp
sudo ufw allow 'Nginx Full'

#delete a rule:

sudo ufw status numbered
sudo ufw delete 999

#setup defaults:

sudo ufw default deny incoming
sudo ufw default allow outgoing

#enable or disable ufw:

sudo ufw enable
sudo ufw disable

important: make sure you setup ssh access before enabling ufw.

---

#fail2ban

sudo apt-get install fail2ban

#check out the default jail:

sudo nano /etc/fail2ban/jail.conf

#then create your local config:

sudo nano /etc/fail2ban/jail.local

[DEFAULT]
bantime = 3600
maxretry = 4

[sshd]
enabled = true
port = 22

[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https

#reload fail2ban:

sudo fail2ban-client reload

#check fail2ban status:

sudo fail2ban-client status
sudo fail2ban-client status sshd

---

#nginx

#symlink a site config:

sudo ln -s /etc/nginx/sites-available/some.domain.conf /etc/nginx/sites-enabled/

#test nginx configs:

sudo nginx -t

#reload nginx:

sudo systemctl reload nginx

#obtain ssl cert via certbot:

sudo certbot certonly --nginx -d domain.com -d www.domain.com

#certbot auto-renew via crontab:

sudo crontab -e

10 3 * * * /usr/bin/certbot renew --quiet

#allow nginx through ufw:

sudo ufw allow 'Nginx Full'

---

#node version manager (?)

#install dependencies:

sudo apt-get update
sudo apt-get install build-essential libssl-dev

#install nvm:

mkdir ~/temp && cd ~/temp

i like to have a temp directory in my home folder for cases like this where i'll have no use for the installer after it runs.

curl -sL https://raw.githubusercontent.com/creationix/nvm/v0.33.3/install.sh -o install_nvm.sh

bash install_nvm.sh

#install and use latest lts release:

nvm ls-remote
nvm install 6.9.4
nvm use 6.9.4

---

#github ssh

ssh-keygen -t ed25519 -C "your_email@example.com"

eval "$(ssh-agent -s)"

~/.ssh/config:

Host github.com
  User git
  Hostname github.com
  PreferredAuthentications publickey
  IdentityFile /home/user/.ssh/id_rsa