VadimBrodsky · October 11, 2020 00:26
diff --git a/new-server.sh b/new-server.sh
 # Add user
 # https://www.digitalocean.com/community/tutorials/how-to-create-a-new-sudo-enabled-user-on-ubuntu-20-04-quickstart
 adduser vadim
 usermod -aG sudo vadim

 # Copy over the keys
 # https://askubuntu.com/questions/1218023/copying-ssh-key-from-root-to-another-user-on-same-machine
 sudo cp /root/.ssh/authorized_keys /home/$USER/.ssh/authorized_keys
 sudo chown -R $USER:$USER /home/$USER/.ssh
 sudo chmod 600 /home/$USER/.ssh/authorized_keys

 # Disable ssh access for root
 # https://www.cyberciti.biz/faq/howto-limit-what-users-can-log-onto-system-via-ssh/
 vi /etc/ssh/sshd_config

 PermitRootLogin no
 AllowUsers vadim

 sudo rm /root/.ssh/authorized_keys
 service ssh restart

 # Install portainer
 docker swarm init --advertise-address IP
 docker volume create portainer_data
 docker run -d -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce

 # Dont allow docker to modify iptables
 # https://www.mkubaczyk.com/2017/09/05/force-docker-not-bypass-ufw-rules-ubuntu-16-04/
 echo "{
 \"iptables\": false
 }" > /etc/docker/daemon.json
 sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw
 ufw reload
 # Docker has the IP of 172.17.0.1 (can be found easily with ifconfig for docker0 interface), we run
 iptables -t nat -A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE

 # Firewall
 sudo ufw default deny incoming
 sudo ufw default allow outgoing
 sudo ufw allow ssh
 sudo ufw allow http
 sudo ufw allow https
 sudo allow 9000
 sudo ufw enable
	# Add user
	# https://www.digitalocean.com/community/tutorials/how-to-create-a-new-sudo-enabled-user-on-ubuntu-20-04-quickstart
	adduser vadim
	usermod -aG sudo vadim

	# Copy over the keys
	# https://askubuntu.com/questions/1218023/copying-ssh-key-from-root-to-another-user-on-same-machine
	sudo cp /root/.ssh/authorized_keys /home/$USER/.ssh/authorized_keys
	sudo chown -R $USER:$USER /home/$USER/.ssh
	sudo chmod 600 /home/$USER/.ssh/authorized_keys

	# Disable ssh access for root
	# https://www.cyberciti.biz/faq/howto-limit-what-users-can-log-onto-system-via-ssh/
	vi /etc/ssh/sshd_config

	PermitRootLogin no
	AllowUsers vadim

	sudo rm /root/.ssh/authorized_keys
	service ssh restart

	# Install portainer
	docker swarm init --advertise-address IP
	docker volume create portainer_data
	docker run -d -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce

	# Dont allow docker to modify iptables
	# https://www.mkubaczyk.com/2017/09/05/force-docker-not-bypass-ufw-rules-ubuntu-16-04/
	echo "{
	\"iptables\": false
	}" > /etc/docker/daemon.json
	sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw
	ufw reload
	# Docker has the IP of 172.17.0.1 (can be found easily with ifconfig for docker0 interface), we run
	iptables -t nat -A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE

	# Firewall
	sudo ufw default deny incoming
	sudo ufw default allow outgoing
	sudo ufw allow ssh
	sudo ufw allow http
	sudo ufw allow https
	sudo allow 9000
	sudo ufw enable