Getting started
(Linode: Getting Started)
(Digital Ocean: Additional Recommended Steps for New Ubuntu 14.04 Servers)
- Sign up
- Add a Linode
- Select
Linode 2048
- Select
Location
- Click
Add this Linode!
- Click
linodexxxxxxx
- Click
Deploy an Image
- Cofigure deployment
- Image
Ubuntu 16.04 LTS
- Deployment Disk Size max
- Swap Disk
512MB
- Root Password
••••••••
- Click
Deploy
- Boot
- SSH
- Click
Remote Access
tab
- Click SSH Access link
ssh root@xxx.xxx.xxx.xxx
- Click
Allow
to open in Terminal
- Terminal should open (first run has some additional Allows and yeses)
- Enter password in Terminal
- Update software via ssh
apt-get update && apt-get upgrade
- Choose a newhostname and set it
hostnamectl set-hostname newhostname
- Update /etc/hosts
nano /etc/hosts
- Add IP address and newhostname separated by a tab below:
127.0.0.1 localhost
127.0.1.1 ubuntu.members.linode.com
xxx.xxx.xxx.xxx newhostname
- Exit
^X
- Save
y
- File Name to Write: /etc/hosts
↩︎
- Setup timezone (I like UTC)
dpkg-reconfigure tzdata
- Arrow around, ↩︎, ⎋
- Setup NTP network time synchronisation
Securing the server
(Linode: Securing Your Server)
- Login
ssh root@xxx.xxx.xxx.xxx
- Password
- Add a limited user account
adduser example_user
- Password
- Retype password
- Enter Full name
- Room number
- Work phone number
- Home phone number
- Other
- Is the info correct?
Y
- Add user to admin group
adduser example_user sudo
- Logout
exit
- Login again, but as the new user
ssh example_user@xxx.xxx.xxx.xxx
- Password
- Harden SSH access
- Create an ssh directory on the Linode machine
mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/
- (open a new Terminal window)
- Check if you have an RSA key-pair on your local Mac
ls ~/.ssh/id_rsa*
If NOT,
ssh-keygen -b 4096
- Copy the public key from your Mac to the Linode machine
scp ~/.ssh/id_rsa.pub example_user@xxx.xxx.xxx.xxx:~/.ssh/authorized_keys
- Swap back to linode terminal
- Set permissions on the Linode machine
sudo chmod 700 -R ~/.ssh && chmod 600 ~/.ssh/authorized_keys
- Logout
exit
- Login again, as the new user
ssh example_user@xxx.xxx.xxx.xxx
(no password required)
- Edit SSH Daemon Options
sudo nano /etc/ssh/sshd_config
- Password
- Disallow root logins over SSH: change
PermitRootLogin yes
to PermitRootLogin no
- Maybe disable SSH password authentication: change
PasswordAuthentication yes
to PasswordAuthentication no
- Restart SSH Daemon
sudo systemctl restart sshd
- Automatic updates (Ubuntu: Automatic Updates)
- Install package
sudo apt install unattended-upgrades
- Make schedule
sudo nano /etc/apt/apt.conf.d/10periodic
Add lines:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
Exit ^X
Save y
Write ↩︎
- Setup notifications
sudo apt install apticron
- Enable firewall
sudo ufw allow proto tcp from any to any port 22
sudo ufw enable
- Use Fail2Ban to block multiple unsuccessful login attempts
(Linode: Using Fail2ban to Secure Your Server)
- Install Fail2ban
sudo apt-get install fail2ban
- Configure fail2ban
cd /etc/fail2ban
- Copy fail2ban.conf file and # all lines
sed 's/\(^[[:alpha:]]\)/# \1/' fail2ban.conf | sudo tee fail2ban.local &> /dev/null
- Copy jail.conf file and # all lines
sed 's/\(^[a-z tab]\)/# \1/' jail.conf | sudo tee jail.local &> /dev/null
Point a domain name at your new IP
(Linode: DNS Manager Overview)
(Linode: Common DNS Configurations)
- Login to your domain registrar and change the zone file (DNS management) to point to Linode’s name servers.
- ns1.linode.com
- ns2.linode.com
- ns3.linode.com
- ns4.linode.com
- ns5.linode.com
- Create a new domain zone
- Login to Linode Manager
- Click on
DNS Manager
tab
- Click
Add a domain zone
- Domain
your domain
- SOA Email
A good email address
- Insert Default Records
Yes, ...
- Click
Add a Master Zone
Mini series
- Setting up a server at Linode
- Install Let’s Encrypt to Create SSL Certificates on Ubuntu
- Setting up MongoDB on Ubuntu
- Setting up nginx on Ubuntu for parse-server
- Setting up parse-server on Ubuntu