(change placeholder, noticeable by sqare brackets)
You want to start up-to-date:
apt update
apt upgrade
apt dist-upgrade
Add a user for security, so you dont have to work with the root user (optional)
# add new user and add it to the sudo group
adduser [YOUR_USERNAME]
usermod -aG sudo [YOUR_USERNAME]
# Change root password
passwd
# logout and log back in with your new user
exit
Generate SSH keys, so you can authenticate yourself with a key instead of a password. Improves your security, as you can disable password authentication completely.
Execute this on your VPS:
ssh-keygen
Execute this on your local command line:
ssh-copy-id [YOUR_USERNAME]@[YOUR_VPS_IP]
sudo nano /etc/ssh/sshd_config
# uncomment following lines in the file and add your username from step 2:
PermitRootLogin no
PasswordAuthentication no
AllowUsers [YOUR_USERNAME]
Protocol 2
Yout probably want to set your own hostname for the machine. Chooce what you like:
sudo hostnamectl set-hostname [YOUR_NEW_HOSTNAME]
This is my own set of packages, you can change your list as you like:
sudo apt install tmux tree htop traceroute nmap bc colordiff net-tools \
apt-transport-https ca-certificates curl software-properties-common git \
cifs-utils gcc ncdu jq make iperf sqlite3 php7.2-cli ufw gnupg-agent moreutils
sudo ufw allow 22/tcp
sudo ufw show added
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 80/tcp
sudo ufw allow 9000/tcp
sudo ufw allow 443/tcp
# add repository gpg key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
# add repository
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
# install docker tools
sudo apt install docker-ce docker-ce-cli containerd.io
# add docker user, add your user to docker group (from step 2)
sudo groupadd docker
sudo usermod -aG docker [YOUR_USERNAME]
Some of docker containers will need permanent storage. I like grouping all mount directories in their own subdirectory. Create them:
sudo mkdir -p /swarm/volumes
sudo chown -R [YOUR_USERNAME]:[YOUR_USERNAME] /swarm
# make subdirectories for your first docker services:
mkdir -p /swarm/volumes/portainer/data
mkdir -p /swarm/volumes/traefik/logs
mkdir -p /swarm/volumes/nextcloud/{config,custom_apps,data,themes,mysql}
you want to install a single node docker swarm:
docker swarm init
for easier deployment of your docker services, you can install portainer:
cd /swarm/volumes/portainer
nano stack-compose.yml
In the opening editor (nano), copy the content of the gist file services_portainer_stack-compose.yml and save the file.
after that, run:
docker stack deploy --compose-file stack-compose.yml Portainer
After the stack is deployed, you should be able to open portainer over http://[YOUR_VPS_IP_OR_DOMAIN]:9000 and go through installation.
Add the traefik configuration file:
cd /swarm/volumes/traefik
nano traefik.toml
In the opening editor (nano), copy the content of the gist file services_traefik_traefik.toml and save the file.
Now, deploy the traefik load-balancer over the portainer interface: go to the portainer web interface (from step 11), go to "stacks" and click "add new stack". Name the Stack "Traefik" and copy the content of services_traefik_stack-compose.yml into the editor field. Wait for it to download the docker images and to start.
last, deploy Nextcloud over the portainer web interface: go to the portainer web interface (from step 11), go to "stacks" and click "add new stack". Name the Stack "Nextcloud" and copy the content of services_nextcloud_stack-compose.yml into the editor field. Below the editor, click 4x on the grey button "add environment variable". You need to add following variables, listed with " key - value ":
key | value |
---|---|
DB_ROOT_PASSWORD | [GENERATE_A_STRONG_PASSWORD_AND_PASTE_IT_HERE] |
DB_PASSWORD | [GENERATE_ANOTHER_STRONG_PASSWORD_AND_PASTE_IT_HERE] |
DB_NAME | nextcloud |
DB_USER | nextcloud |
then, click "deploy".
Wait for the services to start, this could take a moment.
After that, you should be able to navigate to https://cloud.yourdomain.com and go through nextcloud installation steps. Below the admin credentials, expand "storage and database" to select your database as "mysql/mariadb": Use your values from the previously set environment variables. Replace the database-host "localhost" with "mysql".