Appearance
Initial Server Setup
This guide outlines the essential steps for configuring a new Linux server (Debian/Ubuntu) for production use. It covers user management, security hardening, system tuning, and maintenance tasks.
1. System Updates
Before configuring the server, ensure all packages are up to date.
bash
sudo apt update && sudo apt upgrade -y2. User Management
Avoid using the root user for daily tasks. Create a new user with sudo privileges.
Managing Users
bash
# Create a new user
adduser <username>
# Add the user to the sudo group
usermod -aG sudo <username>
# Delete a user if needed
deluser <username>Managing Groups
bash
# Create a new group
addgroup <groupname>
# Add a user to a specific group
usermod -aG <groupname> <username>
# Remove a user from a group
gpasswd -d <username> <groupname>3. Security Hardening (SSH)
Secure your server by disabling password authentication and root login, relying on SSH keys instead.
Setup SSH Keys
On your local machine, copy your public key to the server (or manually add it):
bash
# On the server, for the new user
mkdir -p ~/.ssh
nano ~/.ssh/authorized_keys
# Paste your public key (starts with ssh-rsa, ssh-ed25519, etc.)
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.sshConfigure SSH Daemon
Edit the SSH configuration file to enforce security settings.
bash
sudo nano /etc/ssh/sshd_config
# Or often in cloud images: /etc/ssh/sshd_config.d/60-cloudimg-settings.confEnsure the following settings are applied:
bash
PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin noRestart the SSH service to apply changes:
bash
sudo systemctl restart ssh4. System Configuration
Hostname
Set a meaningful hostname for your server.
bash
# Set the hostname
sudo hostnamectl set-hostname <new-hostname>
# Update /etc/hosts to resolve the new hostname locally
sudo nano /etc/hosts
# Add/Update the line:
# 127.0.1.1 <new-hostname>Swap File
Create a swap file to prevent out-of-memory (OOM) errors, especially on servers with limited RAM.
bash
# Create a 1GB swap file
sudo fallocate -l 1G /swapfile
# Secure the swap file
sudo chmod 600 /swapfile
# Initialize and enable swap
sudo mkswap /swapfile
sudo swapon /swapfile
# Make it permanent
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstabMemory Tuning
Optimize kernel parameters for better memory management, particularly for database or web server workloads.
Create a config file:
bash
sudo nano /etc/sysctl.d/99-memory-tuning.confAdd the following configuration:
ini
# Reduce swap usage preference (default is 60)
vm.swappiness=10
# Improve file system cache management
vm.vfs_cache_pressure=50
# Write data to disk more frequently
vm.dirty_ratio=10
vm.dirty_background_ratio=5Apply the changes:
bash
sudo sysctl -p /etc/sysctl.d/99-memory-tuning.conf5. Maintenance
Docker Cleanup
Automate the cleanup of unused Docker resources to save disk space.
Open the crontab editor:
bash
crontab -eAdd the following line to run docker system prune daily at 2 AM:
bash
0 2 * * * /usr/bin/docker system prune -af >> /var/log/docker-prune.log 2>&1