sudo apt update && sudo apt upgrade
Below installs security updates only by default
sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
Optional uncomment line in below to allow additional updates
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
First check if exists or required
sudo swapon --show
Create the swap file
sudo fallocate -l 1G /swapfile
Check right amount was set
ls -lh /swapfile
Set permissions for swapfile
sudo chmod 600 /swapfile
Mark file as swap space
sudo mkswap /swapfile
Enable swap space
sudo swapon /swapfile
Check its working
sudo swapon --show
Make swap permanent
sudo cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
Change the 12.x
to latest version.
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt install nodejs
Install server
sudo apt install mysql-server
Setup server config
sudo mysql_secure_installation
Add user for accessing remotely or via app
mysql
CREATE USER 'mysqluser'@'localhost' IDENTIFIED BY 'mysqlpassword';
GRANT ALL PRIVILEGES ON *.* TO 'mysqluser'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
To start MySQL on restart
sudo update-rc.d mysql defaults
sudo apt install nginx
sudo systemctl enable nginx
Restart Nginx server
sudo systemctl restart nginx
Install Lets Encrypt Repo
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
Install Certbot Installer
sudo apt-get install certbot python-certbot-nginx
Run NGinx Certbot
sudo certbot --nginx
sudo certbot certonly --nginx // Manual Install Optional
Test auto
sudo certbot renew --dry-run
A sample Nginx config file with port forwarding and lets encrypt ssl config...
server {
server_name _;
listen 80;
location / {
return 200 'Connections to this server require SSL...';
add_header Content-Type text/plain;
}
}
server {
server_name domain_name_here.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/domain_name_here.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain_name_here.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Add a user (we will call him newuser)
adduser newuser
Add user to general group
usermod -aG sudo newuser
Add user to sudo privileges
nano /etc/sudoers
// Add the line
newuser ALL=(ALL:ALL) ALL
Delete user (if needed)
deluser newuser
Use this command on local Mac to copy key to server
ssh-copy-id -i ~/.ssh/id_rsa.pub user@remoteserveraddress.com
Test it worked
ssh -i ~/.ssh/id_rsa.pub user@remoteserveraddress.com
Create SSH Key for Server, Hit enter to default options and empty passphrase
ssh-keygen -t rsa
Get / Copy Key to provide services such as GitHub
cat ~/.ssh/id_rsa.pub