UBUNTU

2 minute read

INITIAL SETUP UBUNTU 18.04

cf : tuto Digital Ocean

config preprod #1

  • ubuntu 18.04
  • 3Go RAM / 2CPU
  • 60Go memory

IP address : YOUR.SERVER.IP.ADDRESS

connect by ssh from local terminal

ssh root@YOUR.SERVER.IP.ADDRESS

SETUP BASICS UBUNTU

sudo apt-get update
sudo apt install python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools
sudo apt install python3-venv
sudo apt  install tree
sudo apt  install members
sudo apt-get install libxml2-dev libxslt1-dev
sudo apt  install git
sudo apt  install node

add user on distant

adduser sammy

< pwd : USR_PWD_FOR_SERVER >

add user to sudo group >

usermod -aG sudo sammy

copy ssh key to user >

rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy

create an admin group for data exchanges

cf : tuto tech Repu users groups

sudo groupadd your_group

add user(s) + www-data (nginx user) to the your_group group

sudo usermod -aG your_group sammy
sudo usermod -aG your_group www-data

The -a option tells usermod we are appending and the -G option tells usermod we are appending to the group name that follows the option.

check who is part of a group

grep your_group /etc/group

OR

sudo apt-get install members
members your_group

exit from ssh session

exit

open ssh session with user

ssh sammy@YOUR.SERVER.IP.ADDRESS

optional from root : open ssh session with user

su - sammy

log back as user

  • digital ocean user sammy ssh sammy@YOUR.SERVER.IP.ADDRESS
  • passphrase public key: SSH_PWD_FOR_SERVER
  • pwd for sammy@YOUR.SERVER.IP.ADDRESS USR_PWD_FOR_SERVER

FIREWALL

cf : tuto Digital Ocean firewall cf : tuto linuxize firewall

check ufw status

sudo ufw status

check which apps are allowed

sudo ufw app list

sudo ufw allow OpenSSH
sudo ufw enable

Using IPv6 with UFW

sudo vim /etc/default/ufw
IPV6=yes

set default

sudo ufw default deny incoming
sudo ufw default allow outgoing

allow ports

sudo ufw allow OpenSSH
sudo ufw allow ssh
sudo ufw allow ftp
sudo ufw allow www
sudo ufw allow 80
sudo ufw allow 3000
sudo ufw allow 4000

allow an IP to connect to MongoDB’s ports

sudo ufw allow from YOUR.LOCAL.IP.ADDRESS/32 to any port 27017  
sudo ufw allow from YOUR.LOCAL.IP.ADDRESS to any port 27017
sudo ufw allow from YOUR.SERVER.IP.ADDRESS to any port 27017

if you want to access to mongodb from ext

sudo ufw allow 27017 

if you want to access to mongodb from specific Ops

sudo ufw allow from YOUR.LOCAL.IP.ADDRESS proto udp to any port 27017

if you want to allow some specific port range

sudo ufw allow 8000:8010/tcp

delete rules

sudo ufw delete allow 27017
sudo ufw delete allow from YOUR.LOCAL.IP.ADDRESS/32 to any port 27017

enable UFW

sudo ufw enable
sudo ufw status