diff options
Diffstat (limited to 'tech/set up debian droplet basics + nginx.txt')
| -rwxr-xr-x | tech/set up debian droplet basics + nginx.txt | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/tech/set up debian droplet basics + nginx.txt b/tech/set up debian droplet basics + nginx.txt new file mode 100755 index 0000000..bdb9570 --- /dev/null +++ b/tech/set up debian droplet basics + nginx.txt @@ -0,0 +1,96 @@ +Set Up Debian Droplet - Basics + Nginx + +[refernces: +<http://www.howtoforge.com/building-nginx-from-source-on-debian-squeeze> +<http://www.rosehosting.com/blog/how-to-compile-and-install-nginx-from-source-in-debian-7-wheezy/> +<https://www.digitalocean.com/community/articles/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server> +<https://www.digitalocean.com/community/articles/initial-server-setup-with-debian-7> +<https://www.digitalocean.com/community/articles/how-to-protect-ssh-with-fail2ban-on-debian-7>] + +First login as root and set new root password: + + passwd + +Then create new user: + + adduser whatever + +Then add user to suders list: + + visudo + whatever ALL=(ALL:ALL) ALL + +test by sshing as new user. + +vultr specific: + +sudo vi /etc/hosts +sudo vi /etc/hostname + +##Secure the server + + vi /etc/ssh/sshd_config + +Add these lines: + +Port 25009 +Protocol 2 +PermitRootLogin no +UseDNS no + +Add this line to the bottom of the document, replacing demo with your username: + + AllowUsers whatever + +reload ssh: + + sudo systemctl restart sshd + +test before you log out: + + ssh -p 25009 whatever@123.45.67.890 + +Add ssh keys + + cat ~/.ssh/id_rsa4096.pub | ssh -p 25034 lxf@63.135.175.3 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" + +--- + +###Install Tmux + +(because doing only one thing at a time sucks) + + sudo apt-get update + sudo apt-get install tmux + +###Set up fail2ban and UFW + + sudo apt-get install fail2ban + sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local + sudo vi /etc/fail2ban/jail.local #(add IP to exclusions, up ban time) + sudo systemctl restart fail2ban + + apt-get install ufw + sudo ufw default deny incoming + sudo ufw default deny outgoing + sudo ufw allow 25043/tcp + sudo ufw allow 80/tcp + sudo ufw allow 443/tcp + sudo ufw allow out http + sudo ufw allow out https + sudo ufw allow out 53 + sudo ufw enable + sudo ufw status verbose + +--- + +###Vim + + apt-get install vim-gtk + #I point to these in my vimrc, skip if you don't need them + mkdir -p ~/.vim/bundle/ + git clone https://github.com/VundleVim/Vundle.vim.git ~/.vim/bundle/Vundle.vim + +### Misc Apps + + sudo apt install ctags silversearcher-ag ripgrep fzf ranger vim-gtk nginx postgresqlj |