Skip to content

Instantly share code, notes, and snippets.

@leommoore

leommoore/linux_production_server_setup.md

Last active January 29, 2019 06:51
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save leommoore/5791269 to your computer and use it in GitHub Desktop.
Save leommoore/5791269 to your computer and use it in GitHub Desktop.
Download ZIP
Linux - Production Server Setup
Raw
linux_production_server_setup.md

#Linux - Production Server Setup The principle of running a server in production is to run only what is needed. This keeps the server load to a minimum and reduces the security footprint.

See also http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers

##Setup the Domain Name (DNS) Point the dns address at the ip address of your server. If the server is rented you should already have a static ip address. If the machine is on your local network you may have to sudo nano /etc/network/interfaces to edit the ip address file. Your setup should be like:

iface eth0 inet static
address 192.168.1.10
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.254

##Setting up the Name Servers You will also need to sudo nano /etc/resolv.conf to set the dns static IP configuration. The file will look like:

search mydomainname.com
nameserver 192.168.1.254
nameserver 8.8.8.8
nameserver 202.54.2.5

You will then need to restart the server:

sudo /etc/init.d/networking restart

You can verify that it is working by checking:

ifconfig eth0
route -n
ping google.com

##Setup the Hostname You can see your current hostname by running:

sudo /bin/hostname

To set the hostname directly, you can run

sudo /bin/hostname newname

When your system boots next time, it will automatically read the hostname from the file /etc/hostname.

##Check to see what services are running You can check to see what services are running using service --status-all on ubuntu (chkconfig --list on Red Hat). Linux uses the concept of runlevel. The normal runlevel for a non-gui production system is N 3.

$ runlevel
N 3

The default runlevel for Ubuntu/Debian is N 2.

"+" started
"-" stopped
"?" unknown

Remove any services which you don't need.

##Timezone It is best to set the server timezone to UTC. This eliminates the problem where the time changes in spring and summer (depending on you timezone ie GMT).

$ date
Mon Jun 17 21:02:29 IST 2013

$ sudo rm /etc/localtime
$ sudo ln -s /usr/share.zoneinfo/UTC etc/localtime
$ sudo ln -s /usr/share.zoneinfo/UTC /etc/localtime

$ date
Mon Jun 17 20:04:20 UTC 2013

##Time Synchronisation with NTP NTP is a TCP/IP protocol for synchronising time over a network. Basically a client requests the current time from a server, and uses it to set its own clock.

Ubuntu has two ways of automatically setting your time: ntpdate and ntpd.

###ntpdate Ubuntu comes with ntpdate as standard, and will run it once at boot time to set up your time according to Ubuntu's NTP server. However, a server's clock is likely to drift considerably between reboots, so it makes sense to correct the time occasionally. The easiest way to do this is to get cron to run ntpdate every day. With your favorite editor, as root, create a file /etc/cron.daily/ntpdate containing:

ntpdate ntp.ubuntu.com

The file /etc/cron.daily/ntpdate must also be executable.

sudo chmod 755 /etc/cron.daily/ntpdate

###ntpd ntpdate is a bit of a blunt instrument - it can only adjust the time once a day, in one big correction. The ntp daemon ntpd is far more subtle. It calculates the drift of your system clock and continuously adjusts it, so there are no large corrections that could lead to inconsistent logs for instance. The cost is a little processing power and memory, but for a modern server this is negligible.

To set up ntpd:

sudo apt-get install ntp

###Changing Time Servers In both cases above, your system will use Ubuntu's NTP server at ntp.ubuntu.com by default. This is OK, but you might want to use several servers to increase accuracy and resilience, and you may want to use time servers that are geographically closer to you. to do this for ntpdate, change the contents of /etc/cron.daily/ntpdate to:

ntpdate ntp.ubuntu.com pool.ntp.org

And for ntpd edit /etc/ntp.conf to include additional server lines (Ubuntu comes with 4 pools already configured already as well as the fallback ntp.ubuntu.com.:

server 0.ubuntu.pool.ntp.org
server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org
server ntp.ubuntu.com

You may notice pool.ntp.org in the examples above. This is a really good idea which uses round-robin DNS to return an NTP server from a pool, spreading the load between several different servers. Even better, they have pools for different regions - for instance, if you are in New Zealand, so you could use nz.pool.ntp.org instead. Look at http://www.pool.ntp.org/ for more details.

You can also Google for NTP servers in your region, and add these to your configuration. To test that a server works, just type sudo ntpdate ntp.server.name and see what happens.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment