Linux/Virtual Server Setup Guide: Difference between revisions

From Wiki
Line 135: Line 135:
<blockquote>
<blockquote>
<pre>
<pre>
apt install wireguard
</pre>
</pre>
</blockquote>
</blockquote>
* /etc/sysctl.conf
<blockquote>
<pre>
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
</pre>
</blockquote>
* reload sysctl
<blockquote>
<pre>
sudo sysctl -p
</pre>
</blockquote>
further hints: [[Linux/wireguard]]


== Optimize terminal looks ==
== Optimize terminal looks ==

Revision as of 19:50, 21 November 2023

Step 1: Prepare local linux terminal

  • Install Windows Subsystem for Linux / Ubuntu
  • Open local linux terminal and complete initial setup

Step 2: Generate Cloud VM (Hetzner, Netcup,...)

  • Install latest Ubuntu LTS
  • Set username / password
  • Write down information required for next steps:
    • VM IP, VM username, VM password

Step 3: Adjust DNS entries

  • Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6)
  • Verify from the local terminal that the DNS entry is pointing to the correct ip
nslookup {hostname}

Step 4: Set up VM

  • Open local linux terminal
  • Connect to VM:
ssh {user}@{hostname}

Install basics

apt update
apt install mc aptitude nmap plocate

Uninstall snapd

apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup dbus \
lvm2 mdadm multipath-tools netbase ntfs-3g open-iscsi pollinate snapd ssh-import-id \
sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core udev xfsprogs
apt purge ubuntu-server-minimal
snap remove lxd core20 core22 snapd
apt purge snapd ntfs-3g
apt autoremove

Install fail2ban

apt install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
systemctl enable fail2ban
systemctl restart fail2ban

Add swapfile

sudo fallocate -l 4G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

add to /etc/fstab
/swapfile none swap sw 0 0

sudo sysctl vm.swappiness=10
cat /proc/sys/vm/swappiness

Install Docker

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install docker-ce

Install munin-node

apt install munin-node
ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1
  • /etc/munin/munin-node.conf
...
# allow ^127\.0\.0\.1$
# allow ^::1$
#
# cidr_allow 127.0.0.1/32
# cidr_allow 192.0.2.0/24
# cidr_deny  192.0.2.42/32

# Which address to bind to;
# host *
host 172.17.0.1                # output of previous ip addr command
# host 127.0.0.1
  • remove unnecessary plugins
cd /etc/munin/plugins
rm df_inode diskstats if_docker0 if_err_docker0 if_err_eth0 interrupts
rm irqstats open_files open_inodes proc_pri vmstat entropy fw_packets
  • prepare docker plugins
cd /etc/munin/plugin-conf.d
echo $'[docker_*]\ngroup docker\nenv.DOCKER_HOST unix://run/docker.sock' > docker
  • add docker plugins (docker_cpu, docker_memory)

Install wireguard

apt install wireguard
  • /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
  • reload sysctl
sudo sysctl -p

further hints: Linux/wireguard

Optimize terminal looks