Setting up a server at Linode

Getting started

(Linode: Getting Started)
(Digital Ocean: Additional Recommended Steps for New Ubuntu 14.04 Servers)

  1. Sign up
  2. Add a Linode
    • Select
      Linode 2048
    • Select
      Location
    • Click
      Add this Linode!
  3. Click linodexxxxxxx
  4. Click Deploy an Image
  5. Cofigure deployment
    • Image Ubuntu 16.04 LTS
    • Deployment Disk Size max
    • Swap Disk 512MB
    • Root Password ••••••••
    • Click Deploy
  6. Boot
    • Click Boot
    • Confirm boot
  7. SSH
    • Click Remote Access tab
    • Click SSH Access link ssh root@xxx.xxx.xxx.xxx
    • Click Allow to open in Terminal
    • Terminal should open (first run has some additional Allows and yeses)
    • Enter password in Terminal
  8. Update software via ssh apt-get update && apt-get upgrade
  9. Choose a newhostname and set it hostnamectl set-hostname newhostname
  10. Update /etc/hosts
    • nano /etc/hosts
    • Add IP address and newhostname separated by a tab below:
      127.0.0.1 localhost
      127.0.1.1 ubuntu.members.linode.com

      xxx.xxx.xxx.xxx newhostname
    • Exit ^X
    • Save y
    • File Name to Write: /etc/hosts ↩︎
  11. Setup timezone (I like UTC)
    • dpkg-reconfigure tzdata
    • Arrow around, ↩︎, ⎋
  12. Setup NTP network time synchronisation
    • sudo apt-get install ntp

Securing the server

(Linode: Securing Your Server)

  1. Login
    • ssh root@xxx.xxx.xxx.xxx
    • Password
  2. Add a limited user account
    • adduser example_user
    • Password
    • Retype password
    • Enter Full name
    • Room number
    • Work phone number
    • Home phone number
    • Other
    • Is the info correct? Y
  3. Add user to admin group
    • adduser example_user sudo
  4. Logout exit
  5. Login again, but as the new user
    • ssh example_user@xxx.xxx.xxx.xxx
    • Password
  6. Harden SSH access
    • Create an ssh directory on the Linode machine
      mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/
    • (open a new Terminal window)
    • Check if you have an RSA key-pair on your local Mac
      ls ~/.ssh/id_rsa*
      If NOT,
      ssh-keygen -b 4096
    • Copy the public key from your Mac to the Linode machine
      scp ~/.ssh/id_rsa.pub example_user@xxx.xxx.xxx.xxx:~/.ssh/authorized_keys
    • Swap back to linode terminal
    • Set permissions on the Linode machine
      sudo chmod 700 -R ~/.ssh && chmod 600 ~/.ssh/authorized_keys
    • Logout
      exit
    • Login again, as the new user
      ssh example_user@xxx.xxx.xxx.xxx
      (no password required)
  7. Edit SSH Daemon Options
    • sudo nano /etc/ssh/sshd_config
    • Password
    • Disallow root logins over SSH: change PermitRootLogin yes to PermitRootLogin no
    • Maybe disable SSH password authentication: change PasswordAuthentication yes to PasswordAuthentication no
    • Restart SSH Daemon sudo systemctl restart sshd
  8. Automatic updates (Ubuntu: Automatic Updates)
    • Install package sudo apt install unattended-upgrades
    • Make schedule sudo nano /etc/apt/apt.conf.d/10periodic
      Add lines:
      APT::Periodic::Update-Package-Lists "1";
      APT::Periodic::Download-Upgradeable-Packages "1";
      APT::Periodic::AutocleanInterval "7";
      APT::Periodic::Unattended-Upgrade "1";
      Exit ^X
      Save y
      Write ↩︎
    • Setup notifications sudo apt install apticron
  9. Enable firewall
    sudo ufw allow proto tcp from any to any port 22
    sudo ufw enable
  10. Use Fail2Ban to block multiple unsuccessful login attempts
    (Linode: Using Fail2ban to Secure Your Server)
  11. Install Fail2ban
    sudo apt-get install fail2ban
  12. Configure fail2ban
    • cd /etc/fail2ban
    • Copy fail2ban.conf file and # all lines
      sed 's/\(^[[:alpha:]]\)/# \1/' fail2ban.conf | sudo tee fail2ban.local &> /dev/null
    • Copy jail.conf file and # all lines
      sed 's/\(^[a-z tab]\)/# \1/' jail.conf | sudo tee jail.local &> /dev/null

Point a domain name at your new IP

(Linode: DNS Manager Overview)
(Linode: Common DNS Configurations)

  1. Login to your domain registrar and change the zone file (DNS management) to point to Linode’s name servers.
    • ns1.linode.com
    • ns2.linode.com
    • ns3.linode.com
    • ns4.linode.com
    • ns5.linode.com
  2. Create a new domain zone
    • Login to Linode Manager
    • Click on DNS Manager tab
    • Click Add a domain zone
    • Domain your domain
    • SOA Email A good email address
    • Insert Default Records Yes, ...
    • Click Add a Master Zone

Mini series

  1. Setting up a server at Linode
  2. Install Let’s Encrypt to Create SSL Certificates on Ubuntu
  3. Setting up MongoDB on Ubuntu
  4. Setting up nginx on Ubuntu for parse-server
  5. Setting up parse-server on Ubuntu