Skip to content

Instantly share code, notes, and snippets.

@jozsefsallai

jozsefsallai/SETUP.md

Last active July 23, 2022 10:58
Show Gist options
  • Save jozsefsallai/2879bbd15ba92ca143b1cbad2c6804ab to your computer and use it in GitHub Desktop.
Save jozsefsallai/2879bbd15ba92ca143b1cbad2c6804ab to your computer and use it in GitHub Desktop.
Download ZIP
Debian Sid server setup cheatsheet
Raw
SETUP.md

Debian Sid server setup cheatsheet

1. Generate an SSH key on your local machine (if you don't have one already):

ssh-keygen -t rsa -b 4096 -C "My key"

2. Copy the public key:

cat ~/.ssh/id_rsa.pub

and then copy the output.

3. Authorize the key on your server (if you didn't have to add a key during the server's creation):

# On your server
mkdir -p ~/.ssh && echo your_key >> ~/.ssh/authorized_keys
chmod -R go= ~/.ssh

4. Create an SSH config entry:

# On your machine
nano ~/.ssh/config

Example:

Host myserver
    HostName server_ip
    Port 22
    User root

Ctrl+O, Ctrl+X

5. SSH into your server

ssh myserver

6. Upgrade to debian sid

rm -rf /etc/apt/sources.list.d/*
nano /etc/apt/sources.list

Contents of the file:

deb http://deb.debian.org/debian sid main
deb-src http://deb.debian.org/debian sid main

Ctrl+O, Ctrl+X

7. Install KernelCollector (recommended)

echo "deb https://deb.tohka.us sid main" | sudo tee /etc/apt/sources.list.d/tohka.list
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E4012B02CD659038

8. Perform an upgrade

apt update && apt -y upgrade

9. Reboot

reboot now

10. Add a new sudo user

adduser newuser
usermod -aG sudo newuser
sudo su - newuser

11. Add your SSH public key to this user

mkdir -p ~/.ssh && echo your_key >> ~/.ssh/authorized_keys
chmod -R go= ~/.ssh

Make sure that on a separate terminal tab on your local machine, you change the User value to the new user's name in your ~/.ssh/config and test the connection.

12. Install necessary tools

sudo apt install git build-essential curl zip unzip wget ufw

13. Enable the firewall

sudo ufw allow 22 # temporary, as we're changing ports later
sudo ufw enable

14. Secure your SSH

sudo nano /etc/ssh/sshd_config

Do the following changes:

  • Uncomment Port and set it to an arbitrary number (I prefer 2xxxx)
  • Uncomment PermitRootLogin and set it to no
  • Uncomment PubkeyAuthentication and set it to yes
  • Uncomment PasswordAuthentication and set it to no

15. Save your changes, allow the new port, and restart the SSH daemon

sudo ufw allow [new_port_number]
sudo service sshd restart

16. Test the connection

On your local machine, open a new terminal tab and test your connection by modifying the port number in ~/.ssh/config.

Extras

Creating a server SSH key (for git)

ssh-keygen -t rsa -b 4096 -C "My server"
cat ~/.ssh/id_rsa.pub

You should add this to your Github profile.

Installing Node.js

curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - # or whatever version you prefer
sudo apt install -y nodejs

Making Node.js binaries work on the user account

echo "prefix = ${HOME}/.npm/node_modules" >> ~/.npmrc
echo "export PATH=$HOME/.npm/node_modules/bin:$PATH" >> ~/.bashrc
source ~/.bashrc

Installing nginx

sudo apt install nginx

Reverse proxy example

Create the configuration file
sudo nano /etc/nginx/sites-available/mysite.conf

mysite.conf:

server {
  listen 80;
  server_name your_domain;

  location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;
  }
}

(replace 8080 with your desired port)

Enable the virtual host
sudo ln -s /etc/nginx/sites-available/mysite.conf /etc/nginx/sites-enabled/mysite.conf
sudo service nginx restart

Installing MySQL

sudo apt install mysql-server
sudo mysql_secure_installation

(note: I don't recommend using the validate password plugin, so say no to that)

Installing PHP

sudo apt install php-fpm

Example PHP nginx config

upstream php {
  server unix:/var/run/php/php7.3-fpm.sock;
  server 127.0.0.1:9000;
}

server {
  listen 80;
  server_name myphpwebsite.com;
  root /home/myuser/php-project/;
  index index.php index.html;

  location = /favicon.ico {
    log_not_found off;
    access_log off;
  }

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location / {
    # This is cool because no php is touched for static content.
    # include the "?$args" part so non-default permalinks doesn't break when using query string
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$ {
    #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    include fastcgi.conf;
    fastcgi_intercept_errors on;
    fastcgi_pass php;
  }

  location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
    expires max;
    log_not_found off;
  }
}

Installing Certbot

sudo apt install certbot python3-certbot-nginx

Running Certbot

sudo certbot --nginx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment