Some generic first steps to run on any new Linux(/Ubuntu) server.
Please read the content for more information.
Last active
December 5, 2021 01:38
-
-
Save NiklasGollenstede/f0634db6b7bdf500a2e82a0fff4e6289 to your computer and use it in GitHub Desktop.
Initial setup for new Linux servers
ARCHIVED: I use NixOS now, wich is set up and configured completely differently.
This is to continue the setup of a new Linux(/Ubuntu) server once the OS itself is installed and SSH root login works with SSH keys. That could for example be a fresh cloud instance, or a Raspberry PI.
If a root password is set, remove it with passwd -dl root.
Now paste/run:
# { (. <(cat << "#EOF" # copy from after the first #
#!/usr/bin/bash
set -eux
## update
export DEBIAN_FRONTEND=noninteractive
apt-get update
yes '' | apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --allow-downgrades --allow-remove-essential --allow-change-held-packages full-upgrade
apt-get auto-remove -y
## enable automatic updates
apt-get install -y unattended-upgrades update-notifier-common
perl -i -pe 's/("\${distro_id}(:\${distro_codename}"|ESM))/\/\/$1/' /etc/apt/apt.conf.d/50unattended-upgrades
cat << 'EOF' > /etc/apt/apt.conf.d/20auto-upgrades # enable updates
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
EOF
## install tools
apt-get install -y git net-tools software-properties-common
curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs
## enable ufw (firewall)
apt-get install ufw # not installed everywhere
ufw allow OpenSSH # don't lock out SSH
ufw --force enable # skip ssh warning
## remove spam from the motd welcome message
chmod -x /etc/update-motd.d/00-header /etc/update-motd.d/10-help-text /etc/update-motd.d/50-motd-news /etc/update-motd.d/80-livepatch || true
systemctl disable motd-news.service || true; systemctl disable motd-news.timer || true
#EOF
)); }- set a hostname (
hostnamectl set-hostname $newHostName) and/or the time zone (dpkg-reconfigure tzdata) - lock down the
sshd_config - create a non-privileged login user
- set up
dockerto later host apps - set up
nginx,acme-dns, andtraefikfor secure web hosting
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment