Preparing a Root-Server and install Docker-CE

This is my personal note list for preparing a root server. The list is not complete and may contain errors.

Network setup

  • Install OS as usual or use image from Control Panel

Network setup

  • Set/check fixed ip
  • Set the “Reverse DNS” entry in Control Panel
  • Add local user
    useradd <username>
    usermod -aG sudo <username>
  • Set hostname
    sudo hostnamectl set-hostname <hostname>
  • Edit the /etc/hosts file
  • Edit the /etc/cloud/cloud.cfg file if exists (preserve_hostname: false to true)

SSH

  • Add pubkey to ~/.ssh/authorized_keys
  • Disable SSH login with password and permit root login in /etc/ssh/sshd_config file
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin prohibit-password
  • Restart SSH Daemon
    service sshd restart

VIM

  • VIM Color open ~/.vimrc and add
    colo desert
    syntax on

Docker

  • Install docker-cd here
  • Install docker-compose here
  • Install docker-compose command completion here
  • add username to docker group (source)
    sudo usermod -aG docker $USER

Logrotate for Docker

  • Create Logrotate config file for Docker containers under /etc/logrotate.d/docker-container with the following content:
/var/lib/docker/containers/*/*.log {
  rotate 8
  weekly
  compress
  missingok
  delaycompress
  copytruncate
}
  • Test it with: logrotate -fv /etc/logrotate.d/docker-container

Docker after dist upgrade

  • Re-enable repo
    sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu <replace with lsb_release> stable"
  • update the package database with the Docker packages from the newly added repo:
    sudo apt-get update
  • Make sure you are install from the Docker repo instead of the default Ubuntu repo:
    apt-cache policy docker-ce
  • upgrade packes
    sudo apt-get install docker-ce docker-ce-cli containerd.io
  • reboot

Traefik

  • TBD

fail2ban

  • Update repos and upgrade system
    sudo apt-get update
    sudo apt-get upgrade
  • Install fail2ban with sudo apt-get install fail2ban
  • Create config file /etc/fail2ban/jail.local and add a jail for the SSH Deamon
[sshd]
enabled = true
port = <ssh port>
filter = sshd
logpath = /var/log/auth.log
maxretry = 3