Skip to content

Instantly share code, notes, and snippets.

@chrisbrocklesby

chrisbrocklesby/Setup Server.md

Created July 18, 2020 05:22
Show Gist options
  • Save chrisbrocklesby/2b6709c68104f020572caf3e65ae6bd3 to your computer and use it in GitHub Desktop.
Save chrisbrocklesby/2b6709c68104f020572caf3e65ae6bd3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Setup Server.md

Setup Ubuntu Server

Update and Upgrade

sudo apt update && sudo apt upgrade

Setup unattended upgrades (Optional)

Below installs security updates only by default

sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

Optional uncomment line in below to allow additional updates

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Create Swap File

First check if exists or required

sudo swapon --show

Create the swap file

sudo fallocate -l 1G /swapfile

Check right amount was set

ls -lh /swapfile

Set permissions for swapfile

sudo chmod 600 /swapfile

Mark file as swap space

sudo mkswap /swapfile

Enable swap space

sudo swapon /swapfile

Check its working

sudo swapon --show

Make swap permanent

sudo cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Install Latest NodeJS

Change the 12.x to latest version.

curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -

sudo apt install nodejs

Install MySQL Server

Install server

sudo apt install mysql-server

Setup server config

sudo mysql_secure_installation

Add user for accessing remotely or via app

mysql

CREATE USER 'mysqluser'@'localhost' IDENTIFIED BY 'mysqlpassword';

GRANT ALL PRIVILEGES ON *.* TO 'mysqluser'@'localhost' WITH GRANT OPTION;

FLUSH PRIVILEGES;

To start MySQL on restart

sudo update-rc.d mysql defaults

Install NGINX

sudo apt install nginx
sudo systemctl enable nginx

Restart Nginx server

sudo systemctl restart nginx

Lets Encrypt

Install Lets Encrypt Repo

sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

Install Certbot Installer

sudo apt-get install certbot python-certbot-nginx

Run NGinx Certbot

sudo certbot --nginx
sudo certbot certonly --nginx // Manual Install Optional

Test auto

sudo certbot renew --dry-run

Sample Nginx config

A sample Nginx config file with port forwarding and lets encrypt ssl config...

server {
	server_name _;
	listen 80;
	location / {
        	return 200 'Connections to this server require SSL...';
        	add_header Content-Type text/plain;
	}
}

server {
	server_name domain_name_here.com;
	
	listen 443 ssl;

	ssl_certificate /etc/letsencrypt/live/domain_name_here.com/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/domain_name_here.com/privkey.pem;
 
 	include /etc/letsencrypt/options-ssl-nginx.conf;
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

	location / {
		proxy_pass http://127.0.0.1:3000;
        	proxy_http_version 1.1;
        	proxy_set_header Upgrade $http_upgrade;
        	proxy_set_header Connection 'upgrade';
        	proxy_set_header Host $host;
        	proxy_cache_bypass $http_upgrade;
	}
}

Add User

Add a user (we will call him newuser)

adduser newuser

Add user to general group

usermod -aG sudo newuser

Add user to sudo privileges

nano /etc/sudoers

// Add the line
newuser ALL=(ALL:ALL) ALL

Delete user (if needed)

deluser newuser

Copy a local SSH key to Server authorized_keys list

(Optional - Password-less access)

Use this command on local Mac to copy key to server

ssh-copy-id -i ~/.ssh/id_rsa.pub user@remoteserveraddress.com

Test it worked

ssh -i ~/.ssh/id_rsa.pub user@remoteserveraddress.com

Create Server SSH key

(Optional - To provide GitHub or other services)

Create SSH Key for Server, Hit enter to default options and empty passphrase

ssh-keygen -t rsa

Get / Copy Key to provide services such as GitHub

cat ~/.ssh/id_rsa.pub
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment