Posted
Some basic setup commands & configs that I use for new Debian web servers.
change ssh port (and disable root login later):
nano /etc/ssh/sshd_config
service sshd restart
change hostname:
nano /etc/hostname
nano /etc/hosts
add new user (to replace root):
useradd -m USERNAME
passwd USERNAME
add new user to sudo:
usermod -aG sudo USERNAME
set bash as default:
chsh -s /bin/bash USERNAME
uncomplicated firewall
sudo apt-get install ufw
allow ssh:
sudo ufw allow 22/tcp
sudo ufw status verbose
other rules examples:
sudo ufw allow 1111:1115/tcp
sudo ufw allow 1116:1119/udp
sudo ufw allow 'Nginx Full'
delete a rule:
sudo ufw status numbered
sudo ufw delete 999
setup defaults:
sudo ufw default deny incoming
sudo ufw default allow outgoing
enable or disable ufw:
sudo ufw enable
sudo ufw disable
important: make sure you setup ssh access before enabling ufw.
fail2ban
sudo apt-get install fail2ban
check out the default jail:
sudo nano /etc/fail2ban/jail.conf
then create your local config:
sudo nano /etc/fail2ban/jail.local
[DEFAULT]
bantime = 3600
maxretry = 4
[sshd]
enabled = true
port = 22
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
reload fail2ban:
sudo fail2ban-client reload
check fail2ban status:
sudo fail2ban-client status
sudo fail2ban-client status sshd
nginx
symlink a site config:
sudo ln -s /etc/nginx/sites-available/some.domain.conf /etc/nginx/sites-enabled/
test nginx configs:
sudo nginx -t
reload nginx:
sudo systemctl reload nginx
obtain ssl cert via certbot:
sudo certbot certonly --nginx -d domain.com -d www.domain.com
certbot auto-renew via crontab:
sudo crontab -e
10 3 * * * /usr/bin/certbot renew --quiet
allow nginx through ufw:
sudo ufw allow 'Nginx Full'
node version manager (?)
install dependencies:
sudo apt-get update
sudo apt-get install build-essential libssl-dev
install nvm:
mkdir ~/temp && cd ~/temp
i like to have a temp directory in my home folder for cases like this where i'll have no use for the installer after it runs.
curl -sL https://raw.githubusercontent.com/creationix/nvm/v0.33.3/install.sh -o install_nvm.sh
bash install_nvm.sh
install and use latest lts release:
nvm ls-remote
nvm install 6.9.4
nvm use 6.9.4
github ssh
ssh-keygen -t ed25519 -C "your_email@example.com"
eval "$(ssh-agent -s)"
~/.ssh/config
:
Host github.com
User git
Hostname github.com
PreferredAuthentications publickey
IdentityFile /home/user/.ssh/id_rsa