Skip to content

Instantly share code, notes, and snippets.

@shinyamagami

shinyamagami/setting_up_a_linode_server.md

Forked from mnem/00-setting-up-a-scaleway-ghost-server.md
Last active May 23, 2019 22:32
Show Gist options
  • Save shinyamagami/22827029b48825066a3d25b7101b1af6 to your computer and use it in GitHub Desktop.
Save shinyamagami/22827029b48825066a3d25b7101b1af6 to your computer and use it in GitHub Desktop.
Download ZIP
Setting up ghost on linode
Raw
setting_up_a_linode_server.md

Server image

Ubuntu 18.04 Bionic Beaver.

Setup server

Add a new user who isn't root, but who can sudo:

  1. Update all the things: apt-get update && apt-get dist-upgrade && apt-get autoremove
  2. Reboot, just in case: shutdown -r now
  3. Delete the perplexing plaintext root password file: rm /root/.pw
  4. Change the root password to a STRONG password: passwd
  5. Add a user rather than working as root: adduser foo
    1. Give them a nice strong password.
  6. usermod -aG sudo foo
  7. Login as the new user: su - foo
  8. Setup the authorized_keys for the new user. From your local machine:
    1. ssh-keygen -o -a 100 -t ed25519
    2. Copy the public key into the authorized_keys
  9. Check that you can login as the new user from your local machine.
  10. The rest of the guide assume you have logged in as the user you created above.
  11. Secure the sshd config:
    1. sudo nano /etc/ssh/sshd_config
    2. Port 22 => Port <something random above 1024>
    3. PermitRootLogin without-password => PermitRootLogin no
    4. ChallengeResponseAuthentication yes => ChallengeResponseAuthentication no
    5. #PasswordAuthentication yes => PasswordAuthentication no
    6. Save and exit
    7. Restart sshd: sudo service ssh restart
    8. BEFORE LOGING OUT OF THE CURRENT SESSION: check you can log in from your local machine with the new settings.
  12. Install postfix for local mail:
    1. sudo apt-get install mailutils postfix
    2. Select local only configuration
  13. Send a test mail: echo 'Test message' | mail -s 'This is a test message' root
  14. Install mutt for reading the mail: sudo apt-get install mutt
  15. Check the test mail was delivered: sudo mutt
  16. Install archivemail so that we can regularly archive all the cron mails we'll now get: sudo apt-get install archivemail
    1. Test archive mail works: sudo /usr/bin/archivemail -nd 28 /var/mail/root
    2. Install it as a cron job:
      1. sudo crontab -e
      2. @daily /usr/bin/archivemail -d 28 /var/mail/root
  17. Install a firewall:
    1. sudo apt-get install ufw
    2. The next instructions are from: https://community.online.net/t/how-to-configures-iptables-with-input-rules-with-dynamic-nbd/303/22
    3. sudo nano /etc/default/ufw
      1. Set the default INPUT policy to ACCEPT: DEFAULT_INPUT_POLICY="ACCEPT"
    4. Append a drop-all rule to the INPUT chain: sudo nano /etc/ufw/after.rules, add this line just before the final COMMIT line: -A ufw-reject-input -j DROP
    5. Disable UFW logging (this seems to cause issuses with Scaleway's default kernel): sudo ufw logging off
    6. Allow OpenSSH access: sudo ufw allow <the new SSH port number you set above>
    7. Enable the firewall: sudo ufw enable

Setup ghost

Based on https://docs.ghost.org/docs/install

  1. Make sure everything is up to date: sudo apt-get update && sudo apt-get upgrade
  2. Add the tools to add PPAs, if not already there: sudo apt-get install software-properties-common
  3. Install nginx: sudo apt-get install nginx
  4. Allow nginx through the firewall: sudo ufw allow 'Nginx Full'
  5. Disable the default nginx website:
    1. sudo rm /etc/nginx/sites-enabled/default
    2. sudo nginx -s reload
  6. Install MySQL: sudo apt-get install mysql-server
    1. Use a strong root password
  7. Add the nodesource apt repo: curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash
  8. Install node: sudo apt-get install nodejs
  9. Install ghost-cli: sudo npm i -g ghost-cli
  10. Create the base documents folder: sudo mkdir -p /var/www/ghost
  11. Chown it: sudo chown foo:foo /var/www/ghost
  12. Move to that folder: cd /var/www/ghost
  13. Install ghost: ghost install
    1. Full guide to the installer questions: https://docs.ghost.org/docs/cli-install#section-prompts

Setting up tarsnap

Backups are important, m'kay? I like to use tarsnap because it can be set up in such a way that you can lose control of your server but the backups remain unreadable to the intruder.

  1. TODO
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment