search

Ubuntu Server Setup

All the steps required to build an Ubuntu app server with SSH, Firewall, Nginx, SSL, Node, Postgres

Note: we will be using new user 'ifactory' to make it easier to copy and paste commands

hashtag
1. Pre-Steps

  1. Have a a PuttyGen Public .pub (uploaded to Ubuntu server) and Private.ppk (stored on your PC) SSH key setup.

  2. Deploy an Ubuntu server on AWS, Azure, Digital Ocean, Linode, OVH or Australian dedicated/VPS provider.

  3. Basic understanding of the nano editor: https://www.nano-editor.org/dist/latest/cheatsheet.htmlarrow-up-right

  • CTRL-U paste

  • CTRL-O to save

  • CTRL-X to exit

  • CTRL-Z to minmise Nano then 'fg' to re-maximise

  1. SSH into server with the root user created by cloud provider.

hashtag
2. Update Server

Update Ubuntu packages.

$ apt update             [ inform server about lastest updates available ]
$ apt list --upgradeable [ returns a list of upgradable packages. run after: $ apt update ]
$ apt upgrade            [ Install latest updates ]

hashtag
3. Set Server Hostname, IP and Domain

https://www.linode.com/docs/guides/getting-started/arrow-up-right

Set the server hostname - its just a generic handle and not a domain name

Add line in Nano editor and add server public IP and domain name:

hashtag
4. Set Server Timezone

hashtag
5. Security

install Fail2ban to limit failed SSH requests:

Uncomment and add to ignoreip office IP address, ban time, max retry etc.

Then write out file.

Install Fail2Ban: https://www.linode.com/docs/guides/using-fail2ban-to-secure-your-server-a-tutorial/arrow-up-right

hashtag
6. Unattended Upgrades

https://www.linode.com/docs/guides/how-to-configure-automated-security-updates-ubuntu/arrow-up-right

hashtag
7. Setup Firewall

Turn on firewall and open to HTTP, HTTPS, OpenSSH

Additonal commands

https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commandsarrow-up-right

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04arrow-up-right

https://www.linode.com/docs/security/securing-your-server/arrow-up-right

hashtag
8. Setup Non-Root User

Setup a non Root user, grant Sudo and open firewall to OpenSSH

Related Commands:

hashtag
9. Add New Users SSH Key

Requires you have already created an ssh-rsa Public privata key pair using PuttyGen.

https://www.digitalocean.com/community/questions/ubuntu-16-04-creating-new-user-and-adding-ssh-keysarrow-up-right

hashtag
10. Set Permissions on New User Home directory

hashtag
11. Setup Visual Studio Code SSH Access

Visual Studio Code (VS Code) can work off a remote development server with these steps:

  1. In VS Code, install the Microsoft extension 'Remote - SSH'

  2. If your SSH server access is with a PuttyGen .ppk key, you may need to convert to the OpenSSH format:

  • Open PuttyGen.

  • Load the .ppk key using 'Load' button.

  • Select from top navigation > Conversions > Export OpenSSH key ( force new file format ).

  • When prompted save file: my-ssh-key.open-ssh.ppk to differetiate from existing standard my-ssh-key.ppk.

  1. In VS Code select the 'Remote Explorer' icon in side navigation and select '+' to add a new SSH target.

hashtag
12. Disable SSH Password Authentication - OPTIONAL

It is safer to only allow SSH conections via a key and not a password. Before disabling password authentication, make sure that you either have SSH key-based authentication configured for the root account on this server, or preferably, that you have SSH key-based authentication configured for an account on this server with sudo access.

https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-serverarrow-up-right

PreviousPostmanNextSettings

Last updated