yimingtang/setup.md

## setup.md

      
    Raw
  

              setup.md
            
          
    Initial Server Setup with Ubuntu 14.04

1. Root Login

Log into your server as root.
ssh root@your-server-ip-address
2. Update Softwares

apt-get update
apt-get upgrade
3. Change Your Password

Change your password. A strong password is recommended.
passwd
4. Create a New User

In my case, I created an "deploy" user.
adduser deploy
5. Root Privileges

usermod -a -G sudo deploy
6. SSH Key Pair Authentication

Generate SSH keys on your local computer.
ssh-keygen

Make home and ssh directories for the new user.
mkdir /home/deploy
mkdir /home/deploy/.ssh
chmod 700 /home/deploy/.ssh

Upload your public key to your server.
scp ~/.ssh/id_rsa.pub deploy@your-server-ip-address:

Move the public key to .ssh directory.
mv id_rsa.pub /home/deply/.ssh/authorized_keys

Modify permissions of ssh keys.
chmod 400 /home/deploy/.ssh/authorized_keys
chown deploy:deploy /home/deploy -R

7. Configure sshd

vim /etc/ssh/sshd_config

Change the values below.
PermitRootLogin no
PasswordAuthentication no
AllowUsers newUserName

Restart SSH service.
services ssh restart

8. Install fail2ban

apt-get install fail2ban

9. Setup Firewall

We use ufw, a front end for iptables, to configure our fire wall.
ufw allow ssh
ufw allow http
ufw allow https
ufw enable

Run ufw status verbose to show status. You can also find what has happened to iptables by typing the following command.
iptables -L

9. Setup Nginx

https://www.digitalocean.com/community/articles/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-14-04-lts
References


http://spenserj.com/blog/2013/07/15/securing-a-linux-server/
http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers
https://www.digitalocean.com/community/articles/initial-server-setup-with-ubuntu-14-04