Ubuntu Server Initial Setup

ubuntu-server-post-install.md

Server Setup Instructions

Login via SSH

ssh root@IP
# enter password and hit Return

Set the Hostname

nano /etc/hostname

Note: If the server has a domain, put the full domain name; otherwise, write a name of choice.

Add the hostname in the hosts file with IP 127.0.1.1:

nano /etc/hosts

Tip: If your hostname is a subdomain, add the subdomain with a space like:

127.0.1.1    server.domain.com server

Set DNS Servers

nano /etc/resolv.conf

In most cases:

nameserver 1.1.1.1
nameserver 8.8.8.8

Enable TCP BBR

nano /etc/sysctl.conf

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

sysctl -p

Add a Local User

adduser yaser

Add user to sudo group:

usermod -aG sudo yaser

replace yaser!

Update the Server

apt update && apt dist-upgrade -y

Then reboot to apply changes:

reboot

Add SSH Keys to Server

In local OS run:

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

Then connect:

ssh server.domain.com

or you can create a local config:

nano .ssh/config

then add your server details

Host server
  HostName 123.586.789.012
  User yaser

easy connect:

ssh server

Disable root login:

sudo nano /etc/ssh/sshd_config

Set PermitRootLogin to no.

Restart ssh:

sudo systemctl restart ssh

Warning: Before closing the terminal, open another terminal and verify that SSH is working.

Set Timezone (Optional)

sudo timedatectl set-timezone Asia/Tehran

Install Some Packages

sudo apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common htop git bash-completion rsync make zip -y

Set Up UFW for Ubuntu

sudo apt install ufw -y

Allow necessary ports:

sudo ufw allow 22/tcp
sudo ufw allow 80
sudo ufw allow 443

Enable UFW:

sudo ufw enable

Install Fail2ban

sudo apt install fail2ban

check the status

systemctl status fail2ban