Yao Lirong's Blog

Setting up a Server

Logistics
2021/05/15

Initial Server Setup

Logging In

  1. We chose “use ssh keys to log in” when creating the server, so we need to first get our root password by “reset root password”. Next time when you log in, you will be prompted to change password.
  2. log into server ssh root@your_server_ip. Passphrase set when creating ssh keys are needed.

Adding User

  1. Check currently available users with cat /etc/passwd

  2. Add a new user with adduser <username>

    If a wrong user is added accidentally, delete it with deluser <username>

  3. Grant this newly added user sudo privilege by “appending” it to sudo “Group” usermod -aG sudo <username>

Logging in as New User

We can log in with the following two ways:

  • Enabling ssh password login:

    1. go to /etc/ssh/sshd_config and change PasswordAuthentication no to PasswordAuthentication yes.
    2. Restart the service after editing sudo service ssh restart.

  • Continue use SSH Authentication:

    We want to copy the keys with the correct ownership and permissions, so use rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy (Replace “sammy” with your username)

    • explains what –archive does
    • --chown=USER:GROUP forces all files to be owned by USER with group GROUP
    • be sure that the source directory (~/.ssh) does not include a trailing slash (check to make sure you are not using ~/.ssh/) If you accidentally add a trailing slash to the command, rsync will copy the contents of the root account’s ~/.ssh directory to the sudo user’s home directory instead of copying the entire ~/.ssh directory structure.

We can now log in as the newly added user <username>@your_server_ip

Setting up Firewall

Before everything, you should check IPV6 is enabled by going to nano /etc/default/ufw and check IPV6=yes.

  1. Set up a default profile to deny all incoming and allow all outgoing.

    1
    2
    ufw default deny incoming
    ufw default allow outgoing

  2. This is enough for a PC but not enough for a server. We would need to allow ssh, HTTP, and HTTPS.

    1
    2
    3
    ufw allow ssh
    ufw allow http
    ufw allow https

    The Firewall will then allow traffic from the default ports specified by these applications. For example, ssh uses port 22, so ufw allow ssh is equivalent to ufw allow 22.

  3. Enable and check firewall’s status:

    1
    2
    ufw enable
    ufw status verbose

For more commands related to UFW, check UFW Essentials.

Install PHP

  1. 安装php,可用想要安装的版本替换 “7.4”: apt install php7.4-cli
  2. 安装所需要的插件,可以通过 aptitude search php7.4 |grep -i mysql 来寻找对应的插件(可用自己需要的 mbstring, GD, 等替换 mysql)

conf.d - individual site configuration stored here

Author:Yao Lirong

Link:https://yao-lirong.github.io/blog/2021-05-15-Setting-up-a-Server/

Publish date:May 15th 2021, 12:00:00 am

Update date:August 29th 2021, 5:33:50 am

License:本文采用 Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) 进行许可

CATALOG
  1. 1. Initial Server Setup
    1. 1.1. Logging In
    2. 1.2. Adding User
    3. 1.3. Logging in as New User
  2. 2. Setting up Firewall
  3. 3. Install PHP
Total : 66
2023
2022
2021
2020
2019
NOI CS2112 Logistics Cornell Review CS3110 Manual Journal Tsinghua Book