Setting up your linode

Linode
If you are not familiar with Linode, they are a provider of VPS (Virtual Private Servers) which is basically a semi-private version of shared hosting. You generally don’t have to share the box with hundreds of other people and even if you do you are guaranteed a certain share of the resources (CPU / RAM / etc). Not to mention the server hardware itself is extremely beast as far as power. You are in your own little private eco-system meaning you and only you have access to your machine (or slice of a machine rather). You will not experience the same horrible load times and transfer rates that you would get at companies like Go Daddy and Dreamhost (shudder). The only down side is you do not have a CPanel or Plesk panel (though you can install one if you wish, but I do not use them and will not go into that here) so you have to install and manage everything yourself. It’s not as hard as you might think if you can get used to searching Google and reading a lot of tutorials.

Command line can be a tricky beast for beginners, this blog aims to help ease some of that pain by sharing the procedures that I usually take when setting up my web server. Please be advised that with every new version of Linux the steps can vary a bit due to packages being upgraded or removed from the repositories.

This guide focuses on configuring the latest and greatest (at the time of this article) version of Ubuntu on a freshly provisioned Linode server. The exact system specs do not matter that much, you can use the lowest 1G plan if you like, the steps will be the same. I’m using the 2G plan that costs $20 a month. You can check out Linode’s prices and decide for yourself.

Provision your Linode

This is the easiest step thanks to Linode’s user friendly UI. Simply add a new Linode, select your desired size from the options presented. You can always increase the size at a later date so feel free to select the smallest size you are comfortable with.  On the dashboard for the newly created Linode you will need to find the link “Deploy a Linux Distribution”. Select the latest version of Ubuntu which is at the time of this article “Ubuntu 14.04 LTS”. Type a root password in the input box and hit the Deploy button. Wait for the tasks in the job queue to all show success and then click the “boot” button to fire your machine up.

The first stage is finished, congratulations! Now for the real fun stuff!

Connect to your server

Open up a terminal so you can connect to your newly created Linode server. If you are on Linux or Mac this should be pretty self explanatory, but on Windows you have to install a third party software called Putty. In putty you will have a GUI to type in the IP address and user. You can get your IP address from the Linode Manager simply click “Linodes” on the top menu and it should list your Linodes with the IP address visible. It is also visible on the “Remote Access” tab of your Linode’s Dashboard.

ssh root@

You will then be prompted to provide the root password that you specified when you provisioned the Linode. This will log you into the server and drop you at the command line.

Basic Ubuntu Setup

The following stuff is some pretty basic Ubuntu configuration you should make before doing anything else.

Set the hostname

This can be anything, generally I just specify a short version of the full domain. (i.e. mydomain.com would become cooldomain)

echo "mydomain" > /etc/hostname
hostname -F /etc/hostname

You can verify it was set correctly by typing:

hostname

Set the fully qualified domain name

Now you can set the FQDM by making sure the following is in the /etc/hosts file.

127.0.0.1 localhost.localdomain localhost
127.0.1.1 ubuntu
69.164.205.11

Set the time

dpkg-reconfigure tzdata

You can verify that it’s correct by typing:

date

System updates

Now is a good time to make sure you have all the latest system updates

apt-get update
apt-get upgrade

Adjust swappiness

I generally like to modify swappiness so it only uses swap if it absolutely has to. You can do this pretty simply like this

sudo swapoff -a
echo 0 | sudo tee /proc/sys/vm/swappiness
sudo swapon -a

Now we need to add a line on sysctl.conf to make sure it keeps the setting after a reboot. So edit /etc/sysctl.conf and add this line to the bottom
vm.swappiness=0

Security Precautions

Here’s some basic steps you can take to improve the security of your server a bit.

Create new user

You should not be connecting as root on a regular basis, so we will create a new user that you can use from now on.

adduser

Then you are going to want to put that user into the sudo group so you can execute commands as root

usermod -a -G sudo

Now we need to test your new account to make sure it’s working because the next step is to disable logging in as root.

exit
ssh @

Disable root login

If you can log in successfully then we are good to go for the next stage, lets disable root login.

sudo nano /etc/ssh/sshd_config

Look for the line that says “PermitRootLogin” and change it to “no

NOTE You can also change the SSH port in the sshd_config file if you desire. Just change “Port” to whatever you like. The default is 22.

Save the file and restart sshd

sudo service ssh restart

If you changed your port you will have to login as follows from now on:

ssh @ -p

Install UFW

Enabling a firewall is a pretty crucial part of any secure server. You can use either iptables or ufw. I have recently started using ufw because it’s really easy and no fuss.

sudo apt-get install ufw

This will install the firewall now we need to configure it.

Open some ports

Now lets open some common ports that we want to use. http, https, ssh, ftp, mail, etc

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 587/tcp
sudo ufw allow 22/tcp
sudo ufw allow 21/tcp
sudo ufw allow 25/tcp
sudo ufw allow 110/tcp
sudo ufw allow 143/tcp

Lets enable it now

sudo ufw enable

Pretty simple eh?

Install Fail2Ban

Fail2Ban is a security tool to prevent dictionary attacks. It works by monitoring important services (like SSH) and blocking IP addresses which appear to be malicious (i.e. they are failing too many login attempts because they are guessing passwords).

sudo apt-get install fail2ban

Now we need some basic configuration.

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

Find the “[ssh-ddos]” section and make sure “enabled” is “true“. If you changed your ssh port you will also need to modify “port” in this file under both the “[ssh-ddos]” and “[ssh]” sections.

Save the file and restart the service for the changes to take effect.

sudo service fail2ban restart

Reboot server on out-of-memory condition

This is a really neat feature to turn on. Basically if your server runs out of memory it will throw an exception and reboot, which will cause a few minutes of downtime but that is waaaaay better than sitting there swapping for hours and basically being non-functional anyways. Add the following to the end of the file “/etc/sysctl.conf“:

vm.panic_on_oom=1
kernel.panic=10

Setting vm.panic_on_oom to 1 tells the server to throw a kernel panic when it runs out of memory. Setting kernel.panic to 10 tells it to reboot 10 seconds after panicking.

Extras

Install FTP server

FTP server is a useful thing to have for numerous reasons, one being some software like wordpress uses it to update itself or install plugins.

sudo apt-get install vsftpd

Now edit the config:

sudo nano /etc/vsftpd.conf

Make sure these settings are uncommented and or created

anonymous_enable=NO
local_enable=YES
write_enable=YES

Save the file and restart vsftp:

sudo service vsftpd restart

Install some useful software

These aren’t required but this is a running list of some stuff I generally install on new servers

sudo apt-get install build-essential screen htop unrar-free unzip git-core zip zlibc rsync dnsutils mcrypt libtool libyaml-dev tcl8.5 libreadline-gplv2-dev libssl-dev libpcre3-dev libbz2-dev cmake libjson0-dev make gcc libboost1.55 libexpat1 libexpat1-dev libyajl-dev libyajl2 git cmake libgcrypt11-dev libjson0-dev libcurl4-openssl-dev build-essential automake autoconf libtool pkg-config libcurl4-openssl-dev intltool libxml2-dev libgtk2.0-dev libnotify-dev libglib2.0-dev libevent-dev checkinstall

Forward domain e-mail to Gmail

Setting up an e-mail server is a very complicated and often frustrating experience. For that reason I do not use it myself. Instead I simply want email sent to my various domains to be forwarded to my personal Gmail address. This is what I will cover below. We start by installing postfix

sudo apt-get install postfix

Just leave all the settings default

Now we need to do a little tweaking to the config file.

sudo nano /etc/postfix/main.cf

Add the following lines at the end (replace with your server’s domain):

virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/virtual

You will also need to add any domains you wish to forward emails from onto the mydestination line like so

mydestination = , , , localhost.com, localhost

Save the file and open up the virtual config:

sudo nano /etc/postfix/virtual

Now you can configure your forwarding rules. The most basic is a catch-all but you can also input specific email addresses and where you want them forwarded. Here is a catch all example:

@

For a specific address you just add the preceeding mailbox

admin@

Save the file when you are finished and run postmap, this will load the new forwarding rules.

sudo postmap /etc/postfix/virtual

Go ahead and restart postfix for good measure.

sudo service postfix restart

It’s important to note that if you are forwarding to a gmail account any test e-mails you try sending to the domains from the same address the server is forwarding to will not reach your e-mail box. This is something on gmails end. To properly test forwarding you will need to send an email to your server from a different gmail account or from a non-gmail account.

Forward mail to system accounts to /dev/null

You may want any mail sent to specific system users to be sent to the void (aka deleted). You can’t directly send mail to /dev/null with the virtual file but you can create a system alias and have it sent there.

sudo nano /etc/aliases

Add this line to the file
devnull: /dev/null

Now edit your virtual database to add the forward rule
sudo nano /etc/postfix/virtual

Add a line for each box you want sent to /dev/null
root@ devnull

Run postmap again and you are good to go
sudo postmap /etc/postfix/virtual

Posted in Server Admin Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
0 comments on “Setting up your linode
2 Pings/Trackbacks for "Setting up your linode"
  1. […] outlined basic server setup of a Linode VPS running Ubuntu 14.04. If you missed it, please read the previous article. This article assumes you have a Linode VPS already setup and running with some common packages […]

  2. […] A newer version of this article for Ubuntu 14.04 is available at my new blog you can view it by clicking here. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

*