DevOps16 - Ubuntu 16.04 setup

Source: digitalocean.com
Home
1 - Ubuntu 16.04 user setup
2 - Install Nginx
3 - Install Phusion Passenger
4 - Install MongoDB
5 - Python venv
6 - Deploy via Git
7 - Migrate Mongodb
Various commands

1 - Root Login

Via terminal. Change password as may be prompted.

ssh root@SERVER_IP_ADDRESS

2- Create New User

Create new user to carry out day-to-day tasks, to avoid using root

adduser USER_NAME

Create .ssh folder and authorized_keys file

mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys

3 - Root Privileges

Add new user to sudo group. By using sudo, user will have root privileges.
sudoers tutorial

usermod -aG sudo USER_NAME

4 - Add Public Key Authentication

Generate a Key Pair (if not already exists)

Generate key on LOCAL machine

(local$) ssh-keygen

Copy the Public Key

Option 1: Use ssh-copy-id

If ssh-copy-id is installed locally, then use this to add key to remote user’s .ssh/authorized_keys file. (Note: will need a password)

(local$) ssh-copy-id USER_NAME@REMOTE_SERVER_IP

Option 2: Manually Install the Key

Print SSH public key to terminal. Select and copy.

(local$) cat ~/.ssh/id_rsa.pub

On server, as root user, temporatily switch to new user

su - USER_NAME

Open file in .ssh/authorized_keys to edit. Paste key. CTRL-X to exit file, y to save changes, then ENTER

nano ~/.ssh/authorized_keys

Restrict permissions of the authorized_keys

chmod 600 ~/.ssh/authorized_keys

return to root user

exit

7 - Set up basic firewall

Ubuntu 16.04 servers can use the UFW firewall to make sure only connections to certain services are allowed. We can set up a basic firewall very easily using this application.

Different applications can register their profiles with UFW upon installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service allowing us to connect to our server now, has a profile registered with UFW.

You can see this by typing:

sudo ufw app list
Output
Available applications:
  OpenSSH

We need to make sure that the firewall allows SSH connections so that we can log back in next time. We can allow these connections by typing:

sudo ufw allow OpenSSH

Afterwards, we can enable the firewall by typing:

sudo ufw enable

Type “y” and press ENTER to proceed. You can see that SSH connections are still allowed by typing:

sudo ufw status
Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)

These step-by-step instructions are taken from various tutorials on digitalocean.com, phusionpassenger.com, and other sites. Some sources have been linked. Most step descriptions have been shortened and simplified. Some step sequences are from one source while other may come from various sources.

These instructions and commands are placed on GitHub so I can conveniently find them. I am a novice with Ubuntu, Nginx, Passenger, command line, etc., so I probably can’t answer any questions. However, I’ll be glad to incorporate any corrections that are needed.

Use instructions and commands at your own risk.

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.