Ubuntu Server
General
Check version: $ cat /etc/lsb-release
On remote server install Fail2Ban:sudo apt-get update && sudo apt-get install fail2ban
Add folder for SSH keys:mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/
On your local machine create an SSH key pair if you haven't before:ssh-keygen -b 4096
Push SSH Key on local machine to remove server:cat ~/.ssh/id_rsa.pub | ssh ROOT@EXAMPLE.COM 'cat >> ~/.ssh/authorized_keys'
Verify SSH key connection, then disable password entry on remote server:vim /etc/ssh/sshd_config
Then change PasswordAuthentication from yes to no, save the file, and finally restart SSH:sudo systemctl restart sshd
Check recent SSH logins:grep "Accepted" /var/log/auth.log
Start a terminal session and type:sudo apt install libpam-google-authenticator To make SSH use the Google Authenticator PAM module, add the following line to the /etc/pam.d/sshd file:
Also, so we don't get asked for a password, and instead use our SSH key for auth, comment out the line @include common-auth:
Modify /etc/ssh/sshd_config – change ChallengeResponseAuthentication from no to yes, so this part of the file looks like this:
Then add this to the same /etc/ssh/sshd_config file:AuthenticationMethods publickey,keyboard-interactive
In a terminal, run the google-authenticator command.
It will ask you a series of questions, here is a recommended configuration:
Make tokens “time-base””: yes
Update the .google_authenticator file: yes
Disallow multiple uses: yes
Increase the original generation time limit: no
Enable rate-limiting: yes
Store the 2FA stuff in your favorite auth manager, and keep a copy of the recovery codes.
Restart the sshd daemon using:sudo systemctl restart sshd.service
Digital Ocean, start with LAMP app, otherwise follow these instructions to get LAMP going.
Download WordPress, and setup the WP Config and Htaccess files:
Now, we copy the contents of the WordPress temp directory to our Apache2 site. We are using a dot at the end of our source directory to indicate that everything within the directory should be copied, including hidden files:sudo cp -a /tmp/wordpress/. /var/www/MY_DIR
Update the ownership with the chown and chmod commands.
Login to MYSQL:$ mysql -u USERNAME -pPASSWORD
Create a MySQL database and user (note these instructions will give the resulting user access to all databases):
Update the wp-config.php file to reference your new database and user name. Also update the SALT values.
Visit the site in your browser to finish the installation.
Additional PHP extensions
One of the themes I use requires mbstring which you can install like this: $ sudo apt install php-mbstring
Then restart Apache: $ sudo service apache2 restart
Install Ruby dependencies:sudo apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev nodejs
Install Ruby with rbenv, be sure to change 2.2.2 with whatever Ruby version you want:
Install NodeJS:curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - sudo apt-get install -y nodejs
Install Rails, change the version to the one you want:
Install PostgreSQL:
Setting up a project with SQLite:rails new myapp
Setting up a project with PostgreSQL, you may need to edit config/database.yml to match the user you created earlier:rails new myapp -d postgresql
Run Rails dev server so you can access it remotely:rails s -b 0.0.0.0
Webpack
Increase file watching limit:
Firewall
I had to open up port 3000 to get browsersync on port 3000 to work with my local browser.
Check firewall status: $ sudo ufw status
Allow port access (port/protocal): $ ufw allow 3000/tcp
Remove an allow rule: $ ufw delete allow 3000/tcp
Postgres
Installing postgres on Ubuntu/Debian for dev
Log in to postgres and create the uprise db
Allow passwordless connections for postgres dev:
Copy result of command above, and edit in vim/nano
Change this line:
To:
Restart postgres:
Last updated