Announcement

Collapse
No announcement yet.

How to setup your new VPS Ubuntu server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to setup your new VPS Ubuntu server

    Every time you purchase a new Linux VPS, you need to go ahead and set it up for use. Even though we manage to do one server a month, we always seem to forget one thing or the other. So we decided to write down the things that we do. I thought it would be a good thing to share it with everybody as well, so that we could get a few comments about what weíre doing wrong, and people who do it the first time can probably pick up a few things from here.

    If you havenít purchased a server yet, I would suggest you go read The Guide to VPS Servers first.
    I have a fascination with Ubuntu and I think itís the easiest to work with, so Iím going to go ahead and assume that youíre working on the same too.
    Okay, now that you have a server, letís start setting it up.
    # Update Ubuntu to get the latest packages
    NOTE
    $ aptitude update
    $ aptitude safe-upgrade
    $ aptitude install htop
    $ locale-gen en_US.UTF-8
    $ update-locale LANG=en_US.UTF-8


    # Set the hostname
    Information
    $ vi /etc/hostname
    Here you need add your hostname, for example vxtindia.com


    # Add the admin group and user
    Information
    $ adduser admin
    $ visudo
    You need to add the following here
    %admin ALL=(ALL) ALL


    # Add the other users
    Information
    $ adduser admin2
    $ usermod -a G admin admin2
    $ adduser deploy
    $ adduser deploy2
    $ usermod -a -G deploy deploy2
    It's also a good idea to add this for each user
    $ vi .bashrc
    and the add the following at the end of the file
    - PS1='\[\033[0;35m\]\u@\h\[\033[0;33m\] \w\[\033[00m\]: '


    # Install Git (if you donít use it, please start now)
    Information
    aptitude install git-core

    # Edit SSH Config to make it more secure
    Information
    $ vi /etc/ssh/sshd_config
    Once inside, make sure that the following values match
    Port 8888
    Protocol 2
    UseDNS no
    Once you're done run the command below
    $ /etc/init.d/ssh reload


    # Install Apache2
    Information
    $ aptitude install apache2
    $ vi /etc/apache2/apache2.conf
    Once inside, make sure the following values are set
    KeepAliveTimeout 5
    Timeout 30
    MaxKeepAliveRequests 400
    $ vi /etc/apache2/conf.d/servername.conf
    Set the following here
    ServerName vxtindia.com
    $ vi /etc/apache2/conf.d/security
    Set the following here
    ServerTokens Minimal
    ServerSignature Off
    $ apache2ctl restart
    $ aptitude install lynx


    # Install MYSQL
    Information
    $ aptitude install mysql-server mysql-client

    # Install phpmyadmin
    $ aptitude install phpmyadmin
    # Install PHP
    Information
    $ aptitude install php5 php5-json php5-cli php5-mysql php5-dev php5-curl php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl
    $ apache2ctl restart


    # Install postfix
    Information
    $ aptitude install postfix telnet mailutils
    Set/Choose the following options here
    Internet Site
    System Mail Name = vxtindia.com
    Note: postfix log files are at /var/log/mail.info, /var/log/mail.warn, /var/log/mail.err, /var/log/mail.log
    Note: postfix config files are at /etc/postfix
    $ vi /etc/postfix/main.cf
    Set the hostname here
    myhostname = vxtindia.com
    $ vi /etc/mailname
    Set it again here
    vxtindia.com
    $ postfix reload
    $ vi /etc/aliases
    Note: save it to external email where server can report abuse
    postmaster: abuse@vxtindia-external.com
    Note: Change reverse DNS by going to https://www.linode.com/members/linode/rdns.cfm
    vxtindia.com


    # Install Munin (Master)
    Information
    $ aptitude install munin munin-node
    $ vi /etc/munin/munin.conf
    It should like the following
    dbdir /var/lib/munin
    htmldir /var/cache/munin/www
    logdir /var/log/munin
    rundir /var/run/munin
    contact.vxtindia.command mail -s "Munin notification" server@vxtindia.com
    [vxtindia.com]
    address 127.0.0.1
    use_node_name yes
    $ chown -R munin /var/cache/munin/www/
    $ vi /etc/munin/munin-node.conf
    Set the following
    host 127.0.0.1
    $ service munin-node restart
    Note: You can also use /etc/init.d/munin-node restart
    $ vi /etc/apache2/sites-enabled/000-default
    Here you set the following
    Alias /munin /var/cache/munin/www
    <Directory /var/cache/munin/www>
    Options FollowSymLinks
    AllowOverride AuthConfig
    Order allow,deny
    Allow from all
    </Directory>
    $ apache2ctl restart
    $ vi /var/cache/munin/www/.htaccess
    Make sure the following are there
    AuthUserFile /var/cache/munin/.htpasswd
    AuthGroupFile /dev/null
    AuthName "Munin"
    AuthType Basic

    <Limit GET>
    require valid-user
    </Limit>
    $ cd /var/cache/munin
    $ htpasswd -c .htpasswd admin


    # Install Munin (Slave)
    Information
    $ aptitude install munin-node
    $ vi /etc/munin/munin-node.conf
    Add the following
    allow ^72\.14\.190\.63$
    host 69.164.194.243
    $ vi /etc/iptables.up.rules
    Add the following
    # Munin
    -I INPUT -p tcp --dport 4949 -m state --state NEW,ESTABLISHED -j ACCEPT
    -I OUTPUT -p tcp --dport 4949 -m state --state ESTABLISHED -j ACCEPT
    $ iptables-restore < /etc/iptables.up.rules
    $ /etc/init.d/munin-node restart

    Note: Add details to the master
    $vi /etc/munin/munin.conf
    [a1.88things.com]
    address 69.164.194.243
    user_node_name yes
    $ vi /etc/iptables.up.rules
    -I OUTPUT -p tcp --dport 4949 -m state --state NEW,ESTABLISHED -j ACCEPT
    -I INPUT -p tcp --dport 4949 -m state --state ESTABLISHED -j ACCEPT
    $ iptables-restore < /etc/iptables.up.rules
    $ /etc/init.d/munin-node restart


    # Install Munin Plugins
    Information
    $ aptitude install libwww-perl
    $ munin-node-configure --suggest
    $ ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/apache_accesses
    $ ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/apache_processes
    $ ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/apache_volume
    $ ln -s /usr/share/munin/plugins/ip_ /etc/munin/plugins/ip_


    # Setting up IPtables
    Information
    $ iptables -F
    Add this
    $ vi /etc/iptables.up.rules
    *filter

    # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
    -A INPUT -i lo -j ACCEPT
    -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

    # Accepts all established inbound connections
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    # Allows all outbound traffic
    # You can modify this to only allow certain traffic
    -A OUTPUT -j ACCEPT

    # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
    -A INPUT -p tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp --dport 443 -j ACCEPT

    # Allows SSH connections
    #
    # THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
    #
    -A INPUT -p tcp -m state --state NEW --dport 8888 -j ACCEPT

    # Allow ping
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

    # log iptables denied calls
    -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

    # Reject all other inbound - default deny unless explicitly allowed policy
    -A INPUT -j REJECT
    -A FORWARD -j REJECT

    COMMIT
    $ iptables-restore < /etc/iptables.up.rules
    $ vi /etc/network/if-pre-up.d/iptables
    Add this to the file
    #!/bin/sh
    /sbin/iptables-restore < /etc/iptables.up.rules
    $ chmod +x /etc/network/if-pre-up.d/iptables
    $ /etc/init.d/ssh restart


    # Install Fail2ban
    Information
    $ aptitude install fail2ban
    $ cd /etc/fail2ban/
    $ cp jail.conf jail.local
    $ vi jail.local
    Add this
    destemail = someaddress@vxtindia.com
    mta = mail
    $ service fail2ban restart


    This constitutes your basic server setup. There are a ton of more things that you can do, but for setting up a development server, this should be more than enough.
    If you are still curious, here are a few more things you should have a look at
    1. LogRotate (Part 1, Part 2)
    2. VirtualHosts (Part 1, Part 2)
    3. WordPress Backup (1, 2, 3, 4, 5, 6)
    4. Hosting Git (1, 2, 3, 4)
    Do you have more things that you do, please let me know in the comments

  • #2
    1. LogRotate ===============>>>> Part 1
    http://www.cs-allocccam.com/showthre...-Ubuntu-part-1

    Comment

    Working...
    X