Last active
December 1, 2018 18:02
-
-
Save saniaky/43a14bc0ca093fc7ebfb7bf9642d89ea to your computer and use it in GitHub Desktop.
Initial Server Setup CentOS + Docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ============ Create separate user ============ | |
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7 | |
https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-centos-quickstart | |
local$ ssh root@server_ip_address | |
# adduser username | |
# passwd username | |
# usermod -aG wheel username | |
# ============ Copy your SSH key to server ============ | |
local$ ssh-copy-id username@server_ip_address | |
# ============ Change SSH port to non-standart ============ | |
$ sudo firewall-cmd --zone=public --add-port=2222/tcp --permanent | |
$ sudo firewall-cmd --reload | |
Check new rules | |
$ sudo firewall-cmd --list-all | |
Open SSHD config file | |
$ sudo vim /etc/ssh/sshd_config | |
Change Port 22 -> Port 2222 | |
$ sudo systemctl restart sshd | |
* If service was not able to restart (Job for sshd.service failed because the control process exited with error code...), then check logs: | |
$ tail /var/log/secure | |
If it says: "error: Bind to port 2222 on 0.0.0.0 failed: Permission denied.", then first check if the port is open. If it's open, then it's probably because of the SELinux. To fix this run: | |
$ sudo semanage port -a -t ssh_port_t -p tcp 2222 | |
$ sudo systemctl restart sshd | |
# ============ Disable SSH root login ============ | |
$ sudo vim /etc/ssh/sshd_config | |
Change PermitRootLogin yes -> PermitRootLogin no | |
$ sudo systemctl restart sshd | |
# ============ Disable SSH password authentication (be careful!) ============ | |
$ sudo vim /etc/ssh/sshd_config | |
Change PasswordAuthentication yes -> PasswordAuthentication no | |
$ sudo systemctl restart sshd | |
To test if you can connect to a host using password authentication and explicitly deny public key authentication: | |
local$ ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@host | |
# ============ Add shortcut for fast SSH login ============ | |
local$ vim ~/.ssh/config | |
Add: | |
Host server1 | |
HostName server_ip_address | |
User username | |
Port 2222 | |
Save and check | |
local$ ssh server1 | |
# ============ Enable swap file ============ | |
https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-centos-7 | |
$ sudo fallocate -l 4G /swapfile | |
$ sudo chmod 600 /swapfile | |
$ sudo mkswap /swapfile | |
$ sudo swapon /swapfile | |
$ sudo vim /etc/fstab -> /swapfile swap swap sw 0 0 | |
# ============ Install Docker & Docker-compose ============ | |
https://docs.docker.com/install/linux/docker-ce/centos/#set-up-the-repository | |
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2 | |
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo | |
$ sudo yum install docker-ce | |
$ sudo systemctl start docker | |
$ sudo systemctl enable docker | |
Add user to docker group | |
https://docs.docker.com/install/linux/linux-postinstall/#manage-docker-as-a-non-root-user | |
sudo groupadd docker | |
sudo usermod -aG docker $USER | |
Log out and log back in so that your group membership is re-evaluated. | |
# ============ Fix “setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory” during login ============ | |
sudo vim /etc/environment | |
LANG=en_US.utf-8 | |
LC_ALL=en_US.utf-8 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment