Linux/Virtual Server Setup Guide: Difference between revisions

From Wiki
mNo edit summary
 
(33 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Step 1: Prepare local linux terminal ==
= Step 1: Prepare local linux terminal =
* Install Windows Subsystem for Linux / Ubuntu
* Install Windows Subsystem for Linux / Ubuntu
* Open local linux terminal and set username
* Open local linux terminal and complete initial setup


== Step 2: Generate Cloud VM (Hetzner, Netcup,...) ==
= Step 2: Generate Cloud VM (Hetzner, Netcup,...) =
* Install latest Ubuntu LTS  
* Install latest Ubuntu LTS  
* Set username / password
* Set username / password
Line 9: Line 9:
** VM IP, VM username, VM password
** VM IP, VM username, VM password


== Step 3: Adjust DNS entries ==
= Step 3: Adjust DNS entries =


* Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6)
* Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6)
Line 19: Line 19:
</blockquote>
</blockquote>


== Step  4: Set up VM ==
= Step  4: Set up VM =
* Open local linux terminal
* Open local linux terminal
* Connect to VM:
* Connect to VM:
Line 25: Line 25:
<pre>
<pre>
ssh {user}@{hostname}
ssh {user}@{hostname}
sudo bash
</pre>
</pre>
</blockquote>
</blockquote>
* do stuff
== Install basics ==
<blockquote>
<blockquote>
<pre>
<pre>
apt update
apt install mc aptitude nmap plocate
</pre>
</pre>
</blockquote>
</blockquote>


[[Category:Linux/Deployment]]
== Uninstall snapd ==
[[Category:Linux]]
<blockquote>
<pre>
apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup \
dbus lvm2 mdadm multipath-tools netbase open-iscsi pollinate ssh-import-id \
sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core \
udev xfsprogs ntfs-3g snapd
apt purge ubuntu-server-minimal
snap remove lxd core20 core22 snapd
apt purge snapd ntfs-3g
apt autoremove
</pre>
</blockquote>
 
== Install fail2ban ==
<blockquote>
<pre>
apt install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
systemctl enable fail2ban
systemctl restart fail2ban
</pre>
</blockquote>
 
== Add swapfile ==
<blockquote>
<pre>
fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
 
echo '/swapfile none swap sw 0 0' >> /etc/fstab
 
sysctl vm.swappiness=10
cat /proc/sys/vm/swappiness
</pre>
</blockquote>
 
== Install Docker ==
<blockquote>
<pre>
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install docker-ce
</pre>
</blockquote>
 
== Install munin-node ==
<blockquote>
<pre>
apt install munin-node


# get ip of docker0 interface
ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1
</pre>
</blockquote>


* edit /etc/munin/munin-node.conf
<blockquote>
<pre>
...
# allow ^127\.0\.0\.1$
# allow ^::1$
#
# cidr_allow 127.0.0.1/32
# cidr_allow 192.0.2.0/24
# cidr_deny  192.0.2.42/32
# Which address to bind to;
# host *
host 172.17.0.1                # output of previous ip addr command
# host 127.0.0.1
</pre>
</blockquote>
* remove unnecessary plugins
<blockquote>
<pre>
cd /etc/munin/plugins
rm df_inode diskstats if_docker0 if_err_docker0 if_err_eth0 interrupts
rm irqstats open_files open_inodes proc_pri vmstat entropy fw_packets
</pre>
</blockquote>
* prepare docker plugins
<blockquote>
<pre>
cd /etc/munin/plugin-conf.d
echo $'[docker_*]\ngroup docker\nenv.DOCKER_HOST unix://run/docker.sock' > docker
</pre>
</blockquote>
* add docker plugins (docker_cpu, docker_memory)
<blockquote>
<pre>
</pre>
</blockquote>
== Install wireguard ==
<blockquote>
<pre>
apt install wireguard
</pre>
</blockquote>
* /etc/sysctl.conf
<blockquote>
<pre>
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
</pre>
</blockquote>
* reload sysctl
<blockquote>
<pre>
sudo sysctl -p
</pre>
</blockquote>
* get wireguard config
<blockquote>
<pre>
git clone https://git.com:repository /etc/wireguard
</pre>
</blockquote>
* Enable systemd service
<blockquote>
<pre>
sudo systemctl enable wg-quick@wg0.service
sudo systemctl start wg-quick@wg0.service
sudo systemctl status wg-quick@wg0.service
</pre>
</blockquote>
further hints: [[Linux/wireguard]]
== Optimize terminal looks ==
<blockquote>
<pre>
git clone https://gitea.marcluerssen.de/linux-public/.dotfiles.git
cd .dotfiles
sudo ./install.sh
</pre>
</blockquote>




[[Category:Linux/Deployment]]
[[Category:Linux/Deployment]]
[[Category:Linux]]
[[Category:Linux]]

Latest revision as of 20:22, 21 November 2023

Step 1: Prepare local linux terminal

  • Install Windows Subsystem for Linux / Ubuntu
  • Open local linux terminal and complete initial setup

Step 2: Generate Cloud VM (Hetzner, Netcup,...)

  • Install latest Ubuntu LTS
  • Set username / password
  • Write down information required for next steps:
    • VM IP, VM username, VM password

Step 3: Adjust DNS entries

  • Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6)
  • Verify from the local terminal that the DNS entry is pointing to the correct ip
nslookup {hostname}

Step 4: Set up VM

  • Open local linux terminal
  • Connect to VM:
ssh {user}@{hostname}
sudo bash

Install basics

apt update
apt install mc aptitude nmap plocate

Uninstall snapd

apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup \
dbus lvm2 mdadm multipath-tools netbase open-iscsi pollinate ssh-import-id \
sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core \
udev xfsprogs ntfs-3g snapd
apt purge ubuntu-server-minimal
snap remove lxd core20 core22 snapd
apt purge snapd ntfs-3g
apt autoremove

Install fail2ban

apt install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
systemctl enable fail2ban
systemctl restart fail2ban

Add swapfile

fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

echo '/swapfile none swap sw 0 0' >> /etc/fstab

sysctl vm.swappiness=10
cat /proc/sys/vm/swappiness

Install Docker

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install docker-ce

Install munin-node

apt install munin-node

# get ip of docker0 interface
ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1
  • edit /etc/munin/munin-node.conf
...
# allow ^127\.0\.0\.1$
# allow ^::1$
#
# cidr_allow 127.0.0.1/32
# cidr_allow 192.0.2.0/24
# cidr_deny  192.0.2.42/32

# Which address to bind to;
# host *
host 172.17.0.1                # output of previous ip addr command
# host 127.0.0.1
  • remove unnecessary plugins
cd /etc/munin/plugins
rm df_inode diskstats if_docker0 if_err_docker0 if_err_eth0 interrupts
rm irqstats open_files open_inodes proc_pri vmstat entropy fw_packets
  • prepare docker plugins
cd /etc/munin/plugin-conf.d
echo $'[docker_*]\ngroup docker\nenv.DOCKER_HOST unix://run/docker.sock' > docker
  • add docker plugins (docker_cpu, docker_memory)

Install wireguard

apt install wireguard
  • /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
  • reload sysctl
sudo sysctl -p
  • get wireguard config
git clone https://git.com:repository /etc/wireguard
  • Enable systemd service
sudo systemctl enable wg-quick@wg0.service
sudo systemctl start wg-quick@wg0.service
sudo systemctl status wg-quick@wg0.service

further hints: Linux/wireguard

Optimize terminal looks

git clone https://gitea.marcluerssen.de/linux-public/.dotfiles.git
cd .dotfiles
sudo ./install.sh
Retrieved from "https://wiki.marcluerssen.de/index.php?title=Linux/Virtual_Server_Setup_Guide&oldid=3788"