Skip to content

Instantly share code, notes, and snippets.

@jp1337

jp1337/Debian Setup.md

Last active January 13, 2020 19:31
Show Gist options
  • Save jp1337/870ffd9f04ef7104207815bf9d89c150 to your computer and use it in GitHub Desktop.
Save jp1337/870ffd9f04ef7104207815bf9d89c150 to your computer and use it in GitHub Desktop.
Download ZIP
Debian server setup
Raw
Debian Setup.md

Debian server setup

Description

This my type of setting up a debian non-gui root server. Use this at your own risk! I use debian for a long time and added some configuration that prevented some errors. If you have questions or suggestions please contact me.

At installing time of the server I use the DVD-Image and set up the server using a full qualified domain name. When it comes to partitioning the server I always use the entire disk as one partition. This is because I don't want to think about placing any files into the wrong partition. Also I mostly use the opt folder instead of the home folder to place some scripts or software.

Setup Steps

Here You can find the setup steps listed by packages.

passwd

If you have selected the correct password on installation process you can skip this step. Normally I use root user and a login user. You can change password for a specific user with passwd username. Change password for root user and the second user. You should use a password generator like keepass for that step.

SSH

Please do not use root for login user. This is very insecure and not recommended.

While installing Debian you are asked to add another user next to root. You can set a password while installing Debian. I use this user for logging in into my server.

Please log in with the second user and change user to root using the command su -.

APT sources

  1. Please change the content of /etc/apt/sources.list with the following lines:
# Stable Main
deb http://ftp.de.debian.org/debian/ stable main
deb-src http://ftp.de.debian.org/debian/ stable main

# Security Updates Stable Main
deb http://security.debian.org/ stable/updates main
deb-src http://security.debian.org/ stable/updates main

# Stable Updates Main
deb http://ftp.de.debian.org/debian/ stable-updates main
deb-src http://ftp.de.debian.org/debian/ stable-updates main
  1. Execute apt-get clean to clean the downloaded packages.
  2. Execute apt-get update to redownload the new package list.
  3. Execute apt-get dist-upgrade to upgrade the server packages to the lase stable version.

Cron-APT: Automatic software update

For automatic software packate update debian has to use the package cron-apt. This is easy and it can send e-mails to you with the updated packages.

  1. apt install cron-apt
  2. nano /etc/cron-apt/config
  3. Paste this:
APTCOMMAND=/usr/bin/apt-get
MAILTO="[email protected]"
MAILON="upgrade"
SYSLOGON="always"
  1. For installing the updates automatically you have to remove -d in /etc/cron-apt/action.d/3-download

Install Updates and reboot using UnattendedUpgrades

  1. install requirements: apt-get install unattended-upgrades apt-listchanges powermgmt-base

  2. Configure Software using a configuration file and a text editor nano /etc/apt/apt.conf.d/50unattended-upgrades

  3. uncomment and/or change the following lines:

        "origin=Debian,codename=${distro_codename}-updates";
        "origin=Debian,codename=${distro_codename}-proposed-updates";
...
        Unattended-Upgrade::Mail "root"; <<-- root added here
...
        Unattended-Upgrade::Automatic-Reboot "false"; <<-- set to true for automatic reboots
  1. test configuration using: unattended-upgrade -d

Exim4: Smarthost (E-Mail)

  1. Install exim4 using apt install exim4
  2. Configure the exim4-config package using the command dpkg-reconfigure exim4-config
  3. In the graphical window choose the third entry mail sent by smarthost; no local mail Debian Exim4 Smarthost Step 1
  4. Enter the hostname of the server. (Usually this should be done automatically) Debian Exim4 Smarthost Step 2
  5. Enter 127.0.0.1 ; ::1 because there will be no local E-Mail so there won't be incoming SMTP Connections. Debian Exim4 Smarthost Step 3
  6. Leave this empty. The hostname will be added automatically. Debian Exim4 Smarthost Step 4
  7. Enter the hostname again. (This should be done automatically) Debian Exim4 Smarthost Step 5
  8. Enter the smarthost where the Mails should be sent to. If you want secure access add SSL/TLS Port at the end. Example hostname::587 Debian Exim4 Smarthost Step 6
  9. Keep number of DNS-queries minimal? No Debian Exim4 Smarthost Step 7
  10. Split configuration into small files? No Debian Exim4 Smarthost Step 8
  11. If the server requires credentials you can add them using nano /etc/exim4/passwd.clientand the format target.mail.server.example:login:password
  12. Restart Exim4 using service exim4 restart
  13. You can control the logfile using tail -n 20 /var/log/exim4/mainlog
  14. Send a test E-Mail using echo "test" | mail -s "testmail" [email protected]
  15. To redirect all E-Mail of root to your E-Mail Address edit aliases using nano /etc/aliases
  16. Add the line root:[email protected], save and execute newaliases to rebuild the file.
  17. Test the E-Mail sending to root using echo "test" | mail -s "testmail" root

NTP: Set up the correct time settings.

The correct server time is super important for log files and many applications. Mostly the server is just using the hardware time. If there is a power loss or the time is not correct there will be many problems.

  1. Set your timezone using the command dpkg-reconfigure tzdata (to view the current timezone execute ls -l /etc/localtime)
  2. Install NTP using apt install ntp.
  3. Configure NTP using nano /etc/ntp.conf.
  4. You can keep the debian ntp server or replace them with the official NTP Server using:
server 0.de.pool.ntp.org
server 1.de.pool.ntp.org
server 2.de.pool.ntp.org
server 3.de.pool.ntp.org
  1. Sync the time manually using ntpd -q -g. (you need to stop the ntp daemon before and start afterwards)
  2. Write the current time to your hardware clock using hwclock --systohc.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment