Server basics
Server basics for hosting
To install a new server, you have to choose a provider. I use Hetzner VPS with Debian 12. Of course you can use any other provider and any other OS.
INFO
When I offer to create new user, I call it jack
, you can use any other username.
Connect to server
If it's setup of server, you have to disable ssh with root and allow it with a custom user.
ssh root@xxx.xx.xx.xxx
Get IP address from server
ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
Update system and add new user
Execute some updates and install vim
editor
apt update
apt upgrade -y
apt install vim -y
Add new user (you can use any other name)
adduser jack
usermod -aG sudo jack
Fix locales
Fix locales for new user
vim /etc/default/locale
LC_CTYPE="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LANG="en_US.UTF-8"
Generate locales
export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
dpkg-reconfigure locales
Copy SSH keys from root
Copy SSH keys from root to new user
mkdir /home/jack/.ssh/
cp /root/.ssh/authorized_keys /home/jack/.ssh/
chown -R jack:jack /home/jack/.ssh/
chmod -R 700 /home/jack/.ssh/
Exit SSH connection
exit
Packages
Update system
Update apt
and upgrade
packages
sudo apt update && sudo apt -y upgrade
Tools
zip
andunzip
to compress and decompress filescurl
to download filesgit
to manage repositoriesvim
to edit filesssh
to connect to serverlsb-release
to get information about distributionca-certificates
to manage certificatesapt-transport-https
to use https in aptsoftware-properties-common
to manage software
sudo apt install -y zip unzip curl git vim ssh lsb-release ca-certificates apt-transport-https software-properties-common
Handle images
These tools are used to optimize images.
INFO
If your server is not used to host images, you can skip this step.
sudo apt install -y jpegoptim optipng pngquant optipng gifsicle webp
Server monitoring
INFO
You can install all packages or only some of them.
Base packages
procps
: providesps
,vmstat
,uptime
,top
for basic statsutil-linux
:dmesg
,lsblk
,lscpu
for system logs and hardware infosysstat
:iostat
,mpstat
,pidstat
,sar
for disk/CPU statsiproute2
:ip
,ss
,nstat
,tc
, recommended network toolsnumactl
:numastat
for NUMA stats
sudo apt install procps util-linux sysstat iproute2 numactl
Network tools
tcpdump
: network sniffernicstat
: network interface statsethtool
: interface info
sudo apt install tcpdump nicstat ethtool
Profiling and tracing tools
linux-tools-common
etlinux-tools-$(uname -r)
: perf, turbostatbpfcc-tools
(oubcc
) : a suite of powerful eBPF toolsbpftrace
: a dynamic eBPF scripting tooltrace-cmd
: command line tool forftrace
sudo apt install linux-tools-common linux-tools-$(uname -r) bpfcc-tools bpftrace trace-cmd
Equipment-specific tools
- GPU Intel :
intel-gpu-tools
- GPU NVIDIA :
nvidia-smi
Connect with new user
Connect to server with new user
ssh jack@xxx.xx.xx.xxx
Than now you can reboot server
sudo reboot
Firewall
Install firewall
sudo apt install ufw
Set default rules
sudo ufw allow ssh
sudo ufw allow 80
sudo ufw allow 443
Enable firewall
sudo ufw enable
Show rules
sudo ufw show added
sudo ufw status
If works, disallow ssh connection with root.
sudo vim /etc/ssh/sshd_config
Find PermitRootLogin
line and replace yes
to no
and restart sshd daemon. Disconnect yourself with exit
and you won't able to connect with root
, connect with custom user now.
-PermitRootLogin yes
+PermitRootLogin no
-ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
-PasswordAuthentication yes
+PasswordAuthentication no
sudo systemctl restart sshd.service
sudo ufw enable
Change root password
sudo -i
passwd
exit
Change SSH port
Change port in sshd config
sudo vim /etc/ssh/sshd_config
Port 22
Port 1234
Allow new port in firewall
sudo ufw allow 1234/tcp
Remove old port
sudo ufw delete allow 22/tcp
Check new rules
sudo ufw status
Restart sshd daemon
sudo systemctl restart sshd.service