This is my personal note list for preparing a root server. The list is not complete and may contain errors.
Network setup
- Install OS as usual or use image from Control Panel
Network setup
- Set/check fixed ip
- Set the “Reverse DNS” entry in Control Panel
- Add local user
useradd <username>
usermod -aG sudo <username> - Set hostname
sudo hostnamectl set-hostname <hostname>
- Edit the /etc/hosts file
- Edit the /etc/cloud/cloud.cfg file if exists (
preserve_hostname: false to true
)
SSH
- Add pubkey to
~/.ssh/authorized_keys
- Disable SSH login with password and permit root login in
/etc/ssh/sshd_config
file
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin prohibit-password
- Restart SSH Daemon
service sshd restart
VIM
- VIM Color open
~/.vimrc
and add
colo desert
syntax on
Docker
- Install docker-cd here
- Install docker-compose here
- Install docker-compose command completion here
- add username to docker group (source)
sudo usermod -aG docker $USER
Logrotate for Docker
- Create Logrotate config file for Docker containers under
/etc/logrotate.d/docker-container
with the following content:
/var/lib/docker/containers/*/*.log {
rotate 8
weekly
compress
missingok
delaycompress
copytruncate
}
- Test it with:
logrotate -fv /etc/logrotate.d/docker-container
Docker Compose aliases
- Create or append to
~/.bash_aliases
:
alias dc='docker-compose'
alias dcl='docker-compose logs -f --tail=200'
alias dce='docker-compose exec'
alias dcb='docker-compose up --build -d'
alias dcu='docker-compose up -d'
alias dcul='docker-compose up -d && docker-compose logs -f --tail=50'
alias dcd='docker-compose down --remove-orphans'
alias dcdu='docker-compose down --remove-orphans && docker-compose up -d'
alias dcdul='docker-compose down --remove-orphans && docker-compose up -d && docker-compose logs -f --tail=50'
alias dcdb='docker-compose down --remove-orphans && docker-compose up --build -d'
alias dcdbl='docker-compose down --remove-orphans && docker-compose up --build -d && docker-compose logs -f --tail=50'
Docker after dist upgrade
- Re-enable repo
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu <replace with lsb_release> stable"
- update the package database with the Docker packages from the newly added repo:
sudo apt-get update
- Make sure you are install from the Docker repo instead of the default Ubuntu repo:
apt-cache policy docker-ce
- upgrade packes
sudo apt-get install docker-ce docker-ce-cli containerd.io
- reboot
Traefik
- TBD
fail2ban
- Update repos and upgrade system
sudo apt-get update
sudo apt-get upgrade - Install fail2ban with
sudo apt-get install fail2ban
- Create config file
/etc/fail2ban/jail.local
and add a jail for the SSH Deamon
[sshd]
enabled = true
port = <ssh port>
filter = sshd
logpath = /var/log/auth.log
maxretry = 3