Linux Web Server Setup

Posted

Some basic setup commands & configs that I use for new Debian web servers.

change ssh port (and disable root login later):

nano /etc/ssh/sshd_config
service sshd restart

change hostname:

nano /etc/hostname
nano /etc/hosts

add new user (to replace root):

useradd -m USERNAME
passwd USERNAME

add new user to sudo:

usermod -aG sudo USERNAME

set bash as default:

chsh -s /bin/bash USERNAME

uncomplicated firewall

sudo apt-get install ufw

allow ssh:

sudo ufw allow 22/tcp
sudo ufw status verbose

other rules examples:

sudo ufw allow 1111:1115/tcp
sudo ufw allow 1116:1119/udp
sudo ufw allow 'Nginx Full'

delete a rule:

sudo ufw status numbered
sudo ufw delete 999

setup defaults:

sudo ufw default deny incoming
sudo ufw default allow outgoing

enable or disable ufw:

sudo ufw enable
sudo ufw disable

important: make sure you setup ssh access before enabling ufw.

fail2ban

sudo apt-get install fail2ban

check out the default jail:

sudo nano /etc/fail2ban/jail.conf

then create your local config:

sudo nano /etc/fail2ban/jail.local

[DEFAULT]
bantime = 3600
maxretry = 4

[sshd]
enabled = true
port = 22

[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https

reload fail2ban:

sudo fail2ban-client reload

check fail2ban status:

sudo fail2ban-client status
sudo fail2ban-client status sshd

nginx

symlink a site config:

sudo ln -s /etc/nginx/sites-available/some.domain.conf /etc/nginx/sites-enabled/

test nginx configs:

sudo nginx -t

reload nginx:

sudo systemctl reload nginx

obtain ssl cert via certbot:

sudo certbot certonly --nginx -d domain.com -d www.domain.com

certbot auto-renew via crontab:

sudo crontab -e

10 3 * * * /usr/bin/certbot renew --quiet

allow nginx through ufw:

sudo ufw allow 'Nginx Full'

node version manager (?)

install dependencies:

sudo apt-get update
sudo apt-get install build-essential libssl-dev

install nvm:

mkdir ~/temp && cd ~/temp

i like to have a temp directory in my home folder for cases like this where i'll have no use for the installer after it runs.

curl -sL https://raw.githubusercontent.com/creationix/nvm/v0.33.3/install.sh -o install_nvm.sh

bash install_nvm.sh

install and use latest lts release:

nvm ls-remote
nvm install 6.9.4
nvm use 6.9.4

github ssh

ssh-keygen -t ed25519 -C "your_email@example.com"

eval "$(ssh-agent -s)"

~/.ssh/config:

Host github.com
  User git
  Hostname github.com
  PreferredAuthentications publickey
  IdentityFile /home/user/.ssh/id_rsa