Linux/Virtual Server Setup Guide
< Linux
Step 1: Prepare local linux terminal
- Install Windows Subsystem for Linux / Ubuntu
- Open local linux terminal and complete initial setup
Step 2: Generate Cloud VM (Hetzner, Netcup,...)
- Install latest Ubuntu LTS
- Set username / password
- Write down information required for next steps:
- VM IP, VM username, VM password
Step 3: Adjust DNS entries
- Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6)
- Verify from the local terminal that the DNS entry is pointing to the correct ip
nslookup {hostname}
Step 4: Set up VM
- Open local linux terminal
- Connect to VM:
ssh {user}@{hostname} sudo bash
Install basics
apt update apt install mc aptitude nmap plocate
Uninstall snapd
apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup \ dbus lvm2 mdadm multipath-tools netbase open-iscsi pollinate ssh-import-id \ sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core \ udev xfsprogs ntfs-3g snapd apt purge ubuntu-server-minimal snap remove lxd core20 core22 snapd apt purge snapd ntfs-3g apt autoremove
Install fail2ban
apt install fail2ban cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local systemctl enable fail2ban systemctl restart fail2ban
Add swapfile
fallocate -l 4G /swapfile chmod 600 /swapfile mkswap /swapfile swapon /swapfile echo '/swapfile none swap sw 0 0' >> /etc/fstab sysctl vm.swappiness=10 cat /proc/sys/vm/swappiness
Install Docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" sudo apt update apt-cache policy docker-ce sudo apt install docker-ce
Install munin-node
apt install munin-node # get ip of docker0 interface ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1
- edit /etc/munin/munin-node.conf
... # allow ^127\.0\.0\.1$ # allow ^::1$ # # cidr_allow 127.0.0.1/32 # cidr_allow 192.0.2.0/24 # cidr_deny 192.0.2.42/32 # Which address to bind to; # host * host 172.17.0.1 # output of previous ip addr command # host 127.0.0.1
- remove unnecessary plugins
cd /etc/munin/plugins rm df_inode diskstats if_docker0 if_err_docker0 if_err_eth0 interrupts rm irqstats open_files open_inodes proc_pri vmstat entropy fw_packets
- prepare docker plugins
cd /etc/munin/plugin-conf.d echo $'[docker_*]\ngroup docker\nenv.DOCKER_HOST unix://run/docker.sock' > docker
- add docker plugins (docker_cpu, docker_memory)
Install wireguard
apt install wireguard
- /etc/sysctl.conf
net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
- reload sysctl
sudo sysctl -p
- get wireguard config
git clone https://git.com:repository /etc/wireguard
- Enable systemd service
sudo systemctl enable wg-quick@wg0.service sudo systemctl start wg-quick@wg0.service sudo systemctl status wg-quick@wg0.service
further hints: Linux/wireguard
Optimize terminal looks
git clone https://gitea.marcluerssen.de/linux-public/.dotfiles.git cd .dotfiles sudo ./install.sh