hendisantika/STEPS_AFTER_PROVISIONING_UBUNTU.md

Last active May 27, 2025 01:49

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/hendisantika/377084b390b4fa3bad577592ac832806.js"></script>
Save hendisantika/377084b390b4fa3bad577592ac832806 to your computer and use it in GitHub Desktop.

Download ZIP

BASIC SETUP SERVER

Raw

STEPS_AFTER_PROVISIONING_UBUNTU.md

Getting Started

Create droplet with Ubuntu 24.04
ssh root@[DROPLET IP ADDRESS]
Get password from your email
Change password on first login
adduser deployer
Enter password and other information
usermod -aG sudo deployer

Locking Down to SSH Key only (Extremely Important)

In your local machine, ssh-keygen
Generate a key, if you leave passphrase blank, no need for password
ls ~/.ssh to show files in local machine
Get the public key, cat ~/.ssh/id_rsa.pub
Copy it
cd ~/.ssh and vim authorized_keys
Paste key
Repeat steps for deployer user
su deployer then mkdir ~/.ssh fix permissions chmod 700 ~/.ssh
vim ~/.ssh/authorized_keys and paste key
chmod 600 ~/.ssh/authorized_keys to restrict this from being modified
exit to return to root user

Disable Password from Server

sudo vim /etc/ssh/sshd_config
Find PasswordAuthentication and set that to no
Turn on PubkeyAuthentication yes
Turn off ChallengeResponseAuthentication no
Reload the SSH service sudo systemctl reload ssh
Test new user in a new tab to prevent getting locked out

Setting Up Firewall

View all available firewall settings
sudo ufw app list
Allow on OpenSSH so we don't get locked out
sudo ufw allow OpenSSH
Enable Firewall
sudo ufw enable
Check the status
sudo ufw status

Install Linux, Nginx, MySQL, PHP

Nginx

sudo apt update enter root password
sudo apt install nginx enter Y to install
sudo ufw app list For firewall
sudo ufw allow 'Nginx HTTP' to add NGINX
sudo ufw status to verify change
Visit server in browser

MySQL

sudo apt install mysql-server enter Y to install
sudo mysql_secure_installation to run automated securing script
Press N for VALIDATE PASSWORD plugin
Set root password
Remove anonymous users? Y
Disallow root login remotely? N
Remove test database and access to it? Y
Reload privilege tables now? Y
sudo mysql to enter MySQL CLI
SELECT user,authentication_string,plugin,host FROM mysql.user; to verify root user's auth method
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'STRONG_PASSWORD_HERE'; to set a root password
SELECT user,authentication_string,plugin,host FROM mysql.user; to verify root user's auth method
FLUSH PRIVILEGES; to apply all changes
mysql -u root -p to access db from now on, enter password STRONG_PASSWORD_HERE

Docker

You can follow this link
Allow MySQL Remote
AWS CLI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment