Linux/Virtual Server Setup Guide: Difference between revisions

From Wiki
 
(22 intermediate revisions by the same user not shown)
Line 25: Line 25:
<pre>
<pre>
ssh {user}@{hostname}
ssh {user}@{hostname}
sudo bash
</pre>
</pre>
</blockquote>
</blockquote>
Line 38: Line 39:
<blockquote>
<blockquote>
<pre>
<pre>
apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup dbus \
apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup \
lvm2 mdadm multipath-tools netbase ntfs-3g open-iscsi pollinate snapd ssh-import-id \
dbus lvm2 mdadm multipath-tools netbase open-iscsi pollinate ssh-import-id \
sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core udev xfsprogs
sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core \
udev xfsprogs ntfs-3g snapd
apt purge ubuntu-server-minimal
apt purge ubuntu-server-minimal
snap remove lxd core20 core22 snapd
snap remove lxd core20 core22 snapd
Line 61: Line 63:
<blockquote>
<blockquote>
<pre>
<pre>
sudo fallocate -l 4G /swapfile
fallocate -l 4G /swapfile
sudo chmod 600 /swapfile
chmod 600 /swapfile
sudo mkswap /swapfile
mkswap /swapfile
sudo swapon /swapfile
swapon /swapfile


add to /etc/fstab
echo '/swapfile none swap sw 0 0' >> /etc/fstab
/swapfile none swap sw 0 0


sudo sysctl vm.swappiness=10
sysctl vm.swappiness=10
cat /proc/sys/vm/swappiness
cat /proc/sys/vm/swappiness
</pre>
</pre>
Line 89: Line 90:
<pre>
<pre>
apt install munin-node
apt install munin-node
# get ip of docker0 interface
ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1
ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1
</pre>
</pre>
</blockquote>
</blockquote>


* /etc/munin/munin-node.conf
* edit /etc/munin/munin-node.conf
<blockquote>
<blockquote>
<pre>
<pre>
Line 106: Line 109:
# Which address to bind to;
# Which address to bind to;
# host *
# host *
host 172.17.0.1                # output of ip addr command
host 172.17.0.1                # output of previous ip addr command
# host 127.0.0.1
# host 127.0.0.1
</pre>
</pre>
</blockquote>
</blockquote>
 
* remove unnecessary plugins
<blockquote>
<blockquote>
<pre>
<pre>
cd /etc/munin/plugins
cd /etc/munin/plugins
rm df_inode diskstats entropy fw_packets if_docker0 if_err_docker0 if_err_eth0 interrupts
rm df_inode diskstats if_docker0 if_err_docker0 if_err_eth0 interrupts
rm irqstats open_files open_inodes proc_pri vmstat
rm irqstats open_files open_inodes proc_pri vmstat entropy fw_packets
</pre>
</blockquote>
* prepare docker plugins
<blockquote>
<pre>
cd /etc/munin/plugin-conf.d
echo $'[docker_*]\ngroup docker\nenv.DOCKER_HOST unix://run/docker.sock' > docker
</pre>
</blockquote>
* add docker plugins (docker_cpu, docker_memory)
<blockquote>
<pre>
 
</pre>
</pre>
</blockquote>
</blockquote>
Line 122: Line 138:
<blockquote>
<blockquote>
<pre>
<pre>
apt install wireguard
</pre>
</blockquote>
* /etc/sysctl.conf
<blockquote>
<pre>
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
</pre>
</pre>
</blockquote>
</blockquote>


== Optimize terminal looks ==
* reload sysctl
<blockquote>
<blockquote>
<pre>
<pre>
sudo sysctl -p
</pre>
</pre>
</blockquote>
</blockquote>


[[Category:Linux/Deployment]]
* get wireguard config
[[Category:Linux]]
<blockquote>
<pre>
git clone https://git.com:repository /etc/wireguard
</pre>
</blockquote>


* Enable systemd service
<blockquote>
<pre>
sudo systemctl enable wg-quick@wg0.service
sudo systemctl start wg-quick@wg0.service
sudo systemctl status wg-quick@wg0.service
</pre>
</blockquote>
further hints: [[Linux/wireguard]]


== Optimize terminal looks ==
<blockquote>
<pre>
git clone https://gitea.marcluerssen.de/linux-public/.dotfiles.git
cd .dotfiles
sudo ./install.sh
</pre>
</blockquote>




[[Category:Linux/Deployment]]
[[Category:Linux/Deployment]]
[[Category:Linux]]
[[Category:Linux]]

Latest revision as of 20:22, 21 November 2023

Step 1: Prepare local linux terminal

  • Install Windows Subsystem for Linux / Ubuntu
  • Open local linux terminal and complete initial setup

Step 2: Generate Cloud VM (Hetzner, Netcup,...)

  • Install latest Ubuntu LTS
  • Set username / password
  • Write down information required for next steps:
    • VM IP, VM username, VM password

Step 3: Adjust DNS entries

  • Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6)
  • Verify from the local terminal that the DNS entry is pointing to the correct ip
nslookup {hostname}

Step 4: Set up VM

  • Open local linux terminal
  • Connect to VM:
ssh {user}@{hostname}
sudo bash

Install basics

apt update
apt install mc aptitude nmap plocate

Uninstall snapd

apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup \
dbus lvm2 mdadm multipath-tools netbase open-iscsi pollinate ssh-import-id \
sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core \
udev xfsprogs ntfs-3g snapd
apt purge ubuntu-server-minimal
snap remove lxd core20 core22 snapd
apt purge snapd ntfs-3g
apt autoremove

Install fail2ban

apt install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
systemctl enable fail2ban
systemctl restart fail2ban

Add swapfile

fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

echo '/swapfile none swap sw 0 0' >> /etc/fstab

sysctl vm.swappiness=10
cat /proc/sys/vm/swappiness

Install Docker

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install docker-ce

Install munin-node

apt install munin-node

# get ip of docker0 interface
ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1
  • edit /etc/munin/munin-node.conf
...
# allow ^127\.0\.0\.1$
# allow ^::1$
#
# cidr_allow 127.0.0.1/32
# cidr_allow 192.0.2.0/24
# cidr_deny  192.0.2.42/32

# Which address to bind to;
# host *
host 172.17.0.1                # output of previous ip addr command
# host 127.0.0.1
  • remove unnecessary plugins
cd /etc/munin/plugins
rm df_inode diskstats if_docker0 if_err_docker0 if_err_eth0 interrupts
rm irqstats open_files open_inodes proc_pri vmstat entropy fw_packets
  • prepare docker plugins
cd /etc/munin/plugin-conf.d
echo $'[docker_*]\ngroup docker\nenv.DOCKER_HOST unix://run/docker.sock' > docker
  • add docker plugins (docker_cpu, docker_memory)

Install wireguard

apt install wireguard
  • /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
  • reload sysctl
sudo sysctl -p
  • get wireguard config
git clone https://git.com:repository /etc/wireguard
  • Enable systemd service
sudo systemctl enable wg-quick@wg0.service
sudo systemctl start wg-quick@wg0.service
sudo systemctl status wg-quick@wg0.service

further hints: Linux/wireguard

Optimize terminal looks

git clone https://gitea.marcluerssen.de/linux-public/.dotfiles.git
cd .dotfiles
sudo ./install.sh