AI Checklist Generator

From the makers of Manifestly Checklists

Home > advanced setup ubuntu server from zero

advanced setup ubuntu server from zero

Initial Server Setup

  • Visit the official Ubuntu website.
  • Select the 'Server' option.
  • Choose the latest LTS version for stability.
  • Verify system requirements for compatibility.
  • Navigate to the download page.
  • Click on the download link for the selected version.
  • Save the ISO file to a convenient location.
  • Verify the integrity of the downloaded ISO.
  • Insert a USB drive (at least 4GB).
  • Open Rufus or Etcher application.
  • Select the USB drive and the downloaded ISO.
  • Start the process to create a bootable drive.
  • Insert the bootable USB drive into the server.
  • Restart the server and enter BIOS/UEFI settings.
  • Change boot order to prioritize USB drive.
  • Save changes and exit BIOS/UEFI.
  • Select 'Install Ubuntu Server' from the menu.
  • Choose 'Install' to begin the installation process.
  • Follow the guided prompts for installation.
  • Allow the installation to complete.
  • Choose your preferred language from the list.
  • Select the correct keyboard layout for your region.
  • Configure network settings: DHCP or static IP.
  • Confirm network configuration settings.
  • Select 'Storage Configuration' during installation.
  • Choose between LVM, RAID, or standard partitioning.
  • Create partitions based on your requirements.
  • Confirm and apply the storage configuration.
  • Enter a username for the new user account.
  • Choose a strong password and confirm it.
  • Optionally, add the user to the sudo group.
  • Complete the user setup process.

System Updates and Upgrades

  • Open terminal.
  • Run command: sudo apt update.
  • Wait for the process to complete.
  • Check for any errors.
  • In terminal, execute: sudo apt upgrade -y.
  • Review the list of packages to be upgraded.
  • Confirm the upgrade process.
  • Wait for the upgrade to finish.
  • Run command: sudo apt dist-upgrade -y.
  • This will handle changing dependencies.
  • Review changes and confirm.
  • Ensure all packages are updated.

Firewall Configuration

  • Open terminal.
  • Update package list with `sudo apt update`.
  • Install UFW using `sudo apt install ufw`.
  • Verify installation with `ufw version`.
  • Open terminal.
  • Run `sudo ufw enable`.
  • Check status with `sudo ufw status`.
  • Ensure it shows 'active' status.
  • Open terminal.
  • Execute `sudo ufw allow ssh`.
  • Verify rule with `sudo ufw status`.
  • Ensure SSH is listed as allowed.
  • Open terminal.
  • Run `sudo ufw allow http` for HTTP.
  • Run `sudo ufw allow https` for HTTPS.
  • Check rules with `sudo ufw status`.

SSH Configuration

  • Update package index with `sudo apt update`.
  • Install OpenSSH server using `sudo apt install openssh-server`.
  • Check installation status with `systemctl status ssh`.
  • Enable SSH to start on boot with `sudo systemctl enable ssh`.
  • Open the file with `sudo nano /etc/ssh/sshd_config`.
  • Review existing configurations for adjustments.
  • Make desired changes to settings such as port or root login.
  • Save changes and exit the editor.
  • Locate the line `#Port 22` in the config file.
  • Uncomment it by removing the `#` and change `22` to your desired port.
  • Ensure the new port is allowed in your firewall settings.
  • Save the file and exit the editor.
  • Find the line `#PermitRootLogin yes` in the config file.
  • Change `yes` to `no` to disable root login.
  • Save the changes and exit the editor.
  • Consider creating a separate user with sudo privileges.
  • Add `AllowUsers username1 username2` to the config file.
  • Replace `username1` and `username2` with actual usernames.
  • This restricts SSH access to specified users only.
  • Save the changes and exit the editor.
  • Execute `sudo systemctl restart ssh` to apply changes.
  • Check the service status with `systemctl status ssh`.
  • Ensure there are no errors in the configuration.
  • Test SSH connection from a client machine.

User Management

  • Open terminal on the server.
  • Run 'sudo adduser username'.
  • Follow prompts to set password and user details.
  • Confirm user creation and set permissions.
  • Open terminal on the server.
  • Run 'sudo usermod -aG sudo username'.
  • Replace 'username' with actual user's name.
  • Verify by checking '/etc/sudoers' file.
  • Open terminal on the client machine.
  • Run 'ssh-keygen' and follow prompts.
  • Choose a file location or press Enter for default.
  • Ensure private key is stored securely.
  • Open terminal on the client machine.
  • Run 'ssh-copy-id username@server_ip'.
  • Replace 'username' with actual user and 'server_ip' with server's IP.
  • Enter user password when prompted.

Software Installation

  • Update package list with `sudo apt update`.
  • Install packages using `sudo apt install` command.
  • Include vim for text editing, htop for system monitoring.
  • Add git for version control, curl for data transfer.
  • Ensure system is updated with `sudo apt update`.
  • Install Apache using `sudo apt install apache2`.
  • Install MySQL server with `sudo apt install mysql-server`.
  • Add PHP and necessary modules with `sudo apt install php libapache2-mod-php php-mysql`.

Backup and Recovery

  • Choose a backup tool based on your needs.
  • For `rsync`, use `rsync -av --delete /source /destination`.
  • For `tar`, use `tar -cvzf backup.tar.gz /directory`.
  • For `Duplicity`, follow its documentation for encrypted backups.
  • Open the crontab editor with `crontab -e`.
  • Add a new line for the backup command.
  • Use format `* * * * * /path/to/backup-command`.
  • Save and exit to activate the cron job.

Monitoring and Logging

  • Update package list with `sudo apt update`.
  • Install Netdata using the command provided.
  • Access the Netdata dashboard via your web browser.
  • Configure alerts and notifications as needed.
  • Explore additional plugins for enhanced monitoring.
  • Install Fail2ban using the command provided.
  • Edit the configuration file at `/etc/fail2ban/jail.local`.
  • Enable the SSH jail by uncommenting the `sshd` section.
  • Start and enable the Fail2ban service with `sudo systemctl start fail2ban`.
  • Monitor logs using `fail2ban-client status`.

Final Checks and Security Enhancements

  • Run command to list all installed services.
  • Identify services that are not needed for your server.
  • Disable unnecessary services using: sudo systemctl disable .
  • Mask any critical services that should not be started accidentally.
  • Run update command to fetch package information.
  • Upgrade all packages to the latest versions.
  • Set a schedule for regular checks using a cron job.
  • Review release notes for critical updates.
  • Install unattended upgrades package using the command provided.
  • Configure it by editing /etc/apt/apt.conf.d/50unattended-upgrades.
  • Enable automatic updates for security packages.
  • Test the setup to ensure it functions as expected.

Documentation and Notes

  • Create a markdown file for easy formatting.
  • Include server purpose, IP address, and hostname.
  • List installed packages with version numbers.
  • Note configuration file locations and settings.
  • Use comments to describe each section.
  • Log changes in the same markdown file.
  • Include date and reason for each change.
  • Use version control for tracking updates.
  • Summarize changes in a changelog section.
  • Regularly review and update the record.
Download CSV Download JSON Download Markdown Use in Manifestly