tech/set up debian droplet basics + nginx.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

Set Up Debian Droplet - Basics + Nginx

[refernces:
<http://www.howtoforge.com/building-nginx-from-source-on-debian-squeeze>
<http://www.rosehosting.com/blog/how-to-compile-and-install-nginx-from-source-in-debian-7-wheezy/>
<https://www.digitalocean.com/community/articles/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server>
<https://www.digitalocean.com/community/articles/initial-server-setup-with-debian-7>
<https://www.digitalocean.com/community/articles/how-to-protect-ssh-with-fail2ban-on-debian-7>]

First login as root and set new root password:

    passwd

Then create new user:

    adduser whatever

Then add user to suders list:

    visudo
    whatever    ALL=(ALL:ALL) ALL
    
test by sshing as new user.

vultr specific:

sudo vi /etc/hosts
sudo vi /etc/hostname

##Secure the server

    vi /etc/ssh/sshd_config
     
Add these lines:

Port 25009
Protocol 2
PermitRootLogin no
UseDNS no

Add this line to the bottom of the document, replacing demo with your username:
    
    AllowUsers whatever
    
reload ssh:

    sudo systemctl restart sshd
    
test before you log out:

    ssh -p 25009 whatever@123.45.67.890
   
Add ssh keys

    cat ~/.ssh/id_rsa4096.pub | ssh -p 25034 lxf@63.135.175.3 "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"

---

###Install Tmux

(because doing only one thing at a time sucks)

    sudo apt-get update
    sudo apt-get install tmux
    
###Set up fail2ban and UFW 

    sudo apt-get install fail2ban
    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
    sudo vi /etc/fail2ban/jail.local #(add IP to exclusions, up ban time)
    sudo systemctl restart fail2ban 

    apt-get install ufw
    sudo ufw default deny incoming
    sudo ufw default deny outgoing
    sudo ufw allow 25043/tcp
    sudo ufw allow 80/tcp
    sudo ufw allow 443/tcp
    sudo ufw allow out http
    sudo ufw allow out https
    sudo ufw allow out 53 
    sudo ufw enable
    sudo ufw status verbose
    
---

###Vim
    
    apt-get install vim-gtk
    #I point to these in my vimrc, skip if you don't need them
    mkdir -p ~/.vim/bundle/
    git clone https://github.com/VundleVim/Vundle.vim.git ~/.vim/bundle/Vundle.vim

### Misc Apps

    sudo apt install ctags silversearcher-ag ripgrep fzf ranger vim-gtk nginx postgresqlj