To follow up with my previous entry about setting up OS X “my way” I decided to clean up my notes on how I setup my Ubuntu server environment (I happen to use Slicehost, but it shouldn’t matter).
I began with an “empty” Ubuntu 8.04 machine and the root password, at the end I have:
-
Disabled root login via
ssh -
Created your own user who can login via
sshpublic-key authentication -
Updated your system with the latest
Ubuntupackages - Installed various packages that most people expect on a Linux server
- Setup simple mail forwarding (I forward bretthoerner.com to my Gmail account)
This assumes you already have a domain pointed at your server and that you have ssh keys stored locally in ~/.ssh.
Initial login
# Use your root password when prompted (local)$ ssh root@DOMAIN
Replace /bin/sh symlink with a more fully featured shell
$ ln -sf /bin/bash /bin/sh
Create your user
# Add USER (using bash, with a home, in groups USER, users, and sudo) $ useradd -G users,sudo -m -c "FULL NAME" -s /bin/bash USER # Configure sudo to be password-less for users in group sudo $ visudo # Uncomment %sudo ALL=NOPASSWD: ALL
Setup ssh public-key login
# Login as user $ su - USER # Configure `ssh` public key login $ mkdir ~/.ssh $ chmod 700 ~/.ssh $ vim ~/.ssh/authorized_keys # Paste in your public key (from local ~/.ssh/id_[rd]sa.pub) # Exit out of user $ exit # Exit out of root $ exit # Test login from your local machine (local)$ ssh USER@DOMAIN # should work without a password
Disable root login
# Test sudo from your user before you disable root login $ sudo whoami # should print 'root' # Disable root ssh and password-based logins $ sudo vim /etc/ssh/sshd_config # Change "PermitRootLogin yes" to "PermitRootLogin no" # Change "#PasswordAuthentication yes" to "PasswordAuthentication no" # Reload the ssh config $ sudo /etc/init.d/ssh reload # Remove root's password $ sudo passwd -d root
Update the local package repository and packages on your system
$ sudo apt-get update $ sudo apt-get dist-upgrade -y
Install packages you’d expect to have on Linux
# Favorite editor and shell niceness $ sudo apt-get install -y bash-completion command-not-found \ emacs-snapshot-nox exuberant-ctags vim-nox # Postfix $ sudo apt-get install -y postfix procmail # Just hit enter through the setup for now # Linux basics $ sudo apt-get install -y dnsutils file info logrotate lsof \ mailx mlocate openssl rsync screen unzip # Developer basics $ sudo apt-get install -y autoconf build-essential cdecl colordiff \ git-core git-svn libtool make patch subversion
Re-configure Postfix
$ sudo dpkg-reconfigure postfix
-
General Type:
Internet Site -
System mail name:
DOMAIN -
Root receipt:
USER -
Destinations:
localhost -
Force synchronous updates:
no -
Local networks:
127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -
Use procmail for local delivery:
yes -
Mailbox size limit:
0 -
Local address extension character:
+ -
Internet protocols to use:
all
Edit the Postfix config
$ sudo vim /etc/postfix/main.cf # Add the following virtual_alias_domains = DOMAIN virtual_alias_maps = hash:/etc/postfix/virtual smtpd_helo_required = yes strict_rfc821_envelopes = yes disable_vrfy_command = yes
Create virtual users and aliases that forward to you
$ sudo vim /etc/postfix/virtual # Add one USER@VIRTUAL_DOMAIN EMAIL_TO_FORWARD_TO per line, e.g.: user@example.com user@gmail.com $ sudo postmap /etc/postfix/virtual $ sudo vim /etc/aliases # Append the following line so that root mail goes to USER@DOMAIN root: USER $ sudo newaliases # Restart postfix for changes to take effect $ sudo /etc/init.d/postfix restart
That’s it. I’ll follow this up with more information on how I setup Apache, mod_wsgi, Django, nginx, etc.