Linux/Virtual Server Setup Guide: Difference between revisions
< Linux
mNo edit summary |
|||
(34 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= Step 1: Prepare local linux terminal = | |||
* Install Windows Subsystem for Linux / Ubuntu | * Install Windows Subsystem for Linux / Ubuntu | ||
* Open local linux terminal | * Open local linux terminal and complete initial setup | ||
= Step 2: Generate Cloud VM (Hetzner, Netcup,...) = | |||
* Install latest Ubuntu LTS | * Install latest Ubuntu LTS | ||
* Set username / password | * Set username / password | ||
Line 9: | Line 9: | ||
** VM IP, VM username, VM password | ** VM IP, VM username, VM password | ||
= Step 3: Adjust DNS entries = | |||
* Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6) | * Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6) | ||
Line 19: | Line 19: | ||
</blockquote> | </blockquote> | ||
= Step 4: Set up VM = | |||
* Open local linux terminal | * Open local linux terminal | ||
* Connect to VM: | * Connect to VM: | ||
Line 25: | Line 25: | ||
<pre> | <pre> | ||
ssh {user}@{hostname} | ssh {user}@{hostname} | ||
sudo bash | |||
</pre> | |||
</blockquote> | |||
== Install basics == | |||
<blockquote> | |||
<pre> | |||
apt update | |||
apt install mc aptitude nmap plocate | |||
</pre> | |||
</blockquote> | |||
== Uninstall snapd == | |||
<blockquote> | |||
<pre> | |||
apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup \ | |||
dbus lvm2 mdadm multipath-tools netbase open-iscsi pollinate ssh-import-id \ | |||
sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core \ | |||
udev xfsprogs ntfs-3g snapd | |||
apt purge ubuntu-server-minimal | |||
snap remove lxd core20 core22 snapd | |||
apt purge snapd ntfs-3g | |||
apt autoremove | |||
</pre> | |||
</blockquote> | |||
== Install fail2ban == | |||
<blockquote> | |||
<pre> | |||
apt install fail2ban | |||
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |||
systemctl enable fail2ban | |||
systemctl restart fail2ban | |||
</pre> | |||
</blockquote> | |||
== Add swapfile == | |||
<blockquote> | |||
<pre> | |||
fallocate -l 4G /swapfile | |||
chmod 600 /swapfile | |||
mkswap /swapfile | |||
swapon /swapfile | |||
echo '/swapfile none swap sw 0 0' >> /etc/fstab | |||
sysctl vm.swappiness=10 | |||
cat /proc/sys/vm/swappiness | |||
</pre> | |||
</blockquote> | |||
== Install Docker == | |||
<blockquote> | |||
<pre> | |||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg | |||
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | |||
sudo apt update | |||
apt-cache policy docker-ce | |||
sudo apt install docker-ce | |||
</pre> | |||
</blockquote> | |||
== Install munin-node == | |||
<blockquote> | |||
<pre> | |||
apt install munin-node | |||
# get ip of docker0 interface | |||
ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1 | |||
</pre> | |||
</blockquote> | |||
* edit /etc/munin/munin-node.conf | |||
<blockquote> | |||
<pre> | |||
... | |||
# allow ^127\.0\.0\.1$ | |||
# allow ^::1$ | |||
# | |||
# cidr_allow 127.0.0.1/32 | |||
# cidr_allow 192.0.2.0/24 | |||
# cidr_deny 192.0.2.42/32 | |||
# Which address to bind to; | |||
# host * | |||
host 172.17.0.1 # output of previous ip addr command | |||
# host 127.0.0.1 | |||
</pre> | |||
</blockquote> | |||
* remove unnecessary plugins | |||
<blockquote> | |||
<pre> | |||
cd /etc/munin/plugins | |||
rm df_inode diskstats if_docker0 if_err_docker0 if_err_eth0 interrupts | |||
rm irqstats open_files open_inodes proc_pri vmstat entropy fw_packets | |||
</pre> | |||
</blockquote> | |||
* prepare docker plugins | |||
<blockquote> | |||
<pre> | |||
cd /etc/munin/plugin-conf.d | |||
echo $'[docker_*]\ngroup docker\nenv.DOCKER_HOST unix://run/docker.sock' > docker | |||
</pre> | |||
</blockquote> | |||
* add docker plugins (docker_cpu, docker_memory) | |||
<blockquote> | |||
<pre> | |||
</pre> | |||
</blockquote> | |||
== Install wireguard == | |||
<blockquote> | |||
<pre> | |||
apt install wireguard | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* | |||
* /etc/sysctl.conf | |||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
net.ipv4.ip_forward=1 | |||
net.ipv6.conf.all.forwarding=1 | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* reload sysctl | |||
<blockquote> | |||
<pre> | |||
sudo sysctl -p | |||
</pre> | |||
</blockquote> | |||
* get wireguard config | |||
<blockquote> | |||
<pre> | |||
git clone https://git.com:repository /etc/wireguard | |||
</pre> | |||
</blockquote> | |||
* Enable systemd service | |||
<blockquote> | |||
<pre> | |||
sudo systemctl enable wg-quick@wg0.service | |||
sudo systemctl start wg-quick@wg0.service | |||
sudo systemctl status wg-quick@wg0.service | |||
</pre> | |||
</blockquote> | |||
further hints: [[Linux/wireguard]] | |||
== Optimize terminal looks == | |||
<blockquote> | |||
<pre> | |||
git clone https://gitea.marcluerssen.de/linux-public/.dotfiles.git | |||
cd .dotfiles | |||
sudo ./install.sh | |||
</pre> | |||
</blockquote> | |||
[[Category:Linux/Deployment]] | [[Category:Linux/Deployment]] | ||
[[Category:Linux]] | [[Category:Linux]] |
Latest revision as of 20:22, 21 November 2023
Step 1: Prepare local linux terminal
- Install Windows Subsystem for Linux / Ubuntu
- Open local linux terminal and complete initial setup
Step 2: Generate Cloud VM (Hetzner, Netcup,...)
- Install latest Ubuntu LTS
- Set username / password
- Write down information required for next steps:
- VM IP, VM username, VM password
Step 3: Adjust DNS entries
- Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6)
- Verify from the local terminal that the DNS entry is pointing to the correct ip
nslookup {hostname}
Step 4: Set up VM
- Open local linux terminal
- Connect to VM:
ssh {user}@{hostname} sudo bash
Install basics
apt update apt install mc aptitude nmap plocate
Uninstall snapd
apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup \ dbus lvm2 mdadm multipath-tools netbase open-iscsi pollinate ssh-import-id \ sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core \ udev xfsprogs ntfs-3g snapd apt purge ubuntu-server-minimal snap remove lxd core20 core22 snapd apt purge snapd ntfs-3g apt autoremove
Install fail2ban
apt install fail2ban cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local systemctl enable fail2ban systemctl restart fail2ban
Add swapfile
fallocate -l 4G /swapfile chmod 600 /swapfile mkswap /swapfile swapon /swapfile echo '/swapfile none swap sw 0 0' >> /etc/fstab sysctl vm.swappiness=10 cat /proc/sys/vm/swappiness
Install Docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" sudo apt update apt-cache policy docker-ce sudo apt install docker-ce
Install munin-node
apt install munin-node # get ip of docker0 interface ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1
- edit /etc/munin/munin-node.conf
... # allow ^127\.0\.0\.1$ # allow ^::1$ # # cidr_allow 127.0.0.1/32 # cidr_allow 192.0.2.0/24 # cidr_deny 192.0.2.42/32 # Which address to bind to; # host * host 172.17.0.1 # output of previous ip addr command # host 127.0.0.1
- remove unnecessary plugins
cd /etc/munin/plugins rm df_inode diskstats if_docker0 if_err_docker0 if_err_eth0 interrupts rm irqstats open_files open_inodes proc_pri vmstat entropy fw_packets
- prepare docker plugins
cd /etc/munin/plugin-conf.d echo $'[docker_*]\ngroup docker\nenv.DOCKER_HOST unix://run/docker.sock' > docker
- add docker plugins (docker_cpu, docker_memory)
Install wireguard
apt install wireguard
- /etc/sysctl.conf
net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
- reload sysctl
sudo sysctl -p
- get wireguard config
git clone https://git.com:repository /etc/wireguard
- Enable systemd service
sudo systemctl enable wg-quick@wg0.service sudo systemctl start wg-quick@wg0.service sudo systemctl status wg-quick@wg0.service
further hints: Linux/wireguard
Optimize terminal looks
git clone https://gitea.marcluerssen.de/linux-public/.dotfiles.git cd .dotfiles sudo ./install.sh