Linux/Virtual Server Setup Guide: Difference between revisions
< Linux
Line 135: | Line 135: | ||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
apt install wireguard | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* /etc/sysctl.conf | |||
<blockquote> | |||
<pre> | |||
net.ipv4.ip_forward=1 | |||
net.ipv6.conf.all.forwarding=1 | |||
</pre> | |||
</blockquote> | |||
* reload sysctl | |||
<blockquote> | |||
<pre> | |||
sudo sysctl -p | |||
</pre> | |||
</blockquote> | |||
further hints: [[Linux/wireguard]] | |||
== Optimize terminal looks == | == Optimize terminal looks == |
Revision as of 19:50, 21 November 2023
Step 1: Prepare local linux terminal
- Install Windows Subsystem for Linux / Ubuntu
- Open local linux terminal and complete initial setup
Step 2: Generate Cloud VM (Hetzner, Netcup,...)
- Install latest Ubuntu LTS
- Set username / password
- Write down information required for next steps:
- VM IP, VM username, VM password
Step 3: Adjust DNS entries
- Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6)
- Verify from the local terminal that the DNS entry is pointing to the correct ip
nslookup {hostname}
Step 4: Set up VM
- Open local linux terminal
- Connect to VM:
ssh {user}@{hostname}
Install basics
apt update apt install mc aptitude nmap plocate
Uninstall snapd
apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup dbus \ lvm2 mdadm multipath-tools netbase ntfs-3g open-iscsi pollinate snapd ssh-import-id \ sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core udev xfsprogs apt purge ubuntu-server-minimal snap remove lxd core20 core22 snapd apt purge snapd ntfs-3g apt autoremove
Install fail2ban
apt install fail2ban cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local systemctl enable fail2ban systemctl restart fail2ban
Add swapfile
sudo fallocate -l 4G /swapfile sudo chmod 600 /swapfile sudo mkswap /swapfile sudo swapon /swapfile add to /etc/fstab /swapfile none swap sw 0 0 sudo sysctl vm.swappiness=10 cat /proc/sys/vm/swappiness
Install Docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" sudo apt update apt-cache policy docker-ce sudo apt install docker-ce
Install munin-node
apt install munin-node ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1
- /etc/munin/munin-node.conf
... # allow ^127\.0\.0\.1$ # allow ^::1$ # # cidr_allow 127.0.0.1/32 # cidr_allow 192.0.2.0/24 # cidr_deny 192.0.2.42/32 # Which address to bind to; # host * host 172.17.0.1 # output of previous ip addr command # host 127.0.0.1
- remove unnecessary plugins
cd /etc/munin/plugins rm df_inode diskstats if_docker0 if_err_docker0 if_err_eth0 interrupts rm irqstats open_files open_inodes proc_pri vmstat entropy fw_packets
- prepare docker plugins
cd /etc/munin/plugin-conf.d echo $'[docker_*]\ngroup docker\nenv.DOCKER_HOST unix://run/docker.sock' > docker
- add docker plugins (docker_cpu, docker_memory)
Install wireguard
apt install wireguard
- /etc/sysctl.conf
net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
- reload sysctl
sudo sysctl -p
further hints: Linux/wireguard