Ubuntu Server
Last updated
Was this helpful?
Last updated
Was this helpful?
Check version: $ cat /etc/lsb-release
On remote server install :sudo apt-get update && sudo apt-get install fail2ban
Add folder for SSH keys:mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/
On your local machine create an SSH key pair if you haven't before:ssh-keygen -b 4096
Push SSH Key on local machine to remove server:cat ~/.ssh/id_rsa.pub | ssh ROOT@EXAMPLE.COM 'cat >> ~/.ssh/authorized_keys'
Verify SSH key connection, then disable password entry on remote server:vim /etc/ssh/sshd_config
Then change PasswordAuthentication
from yes
to no
, save the file, and finally restart SSH:sudo systemctl restart sshd
Check recent SSH logins:grep "Accepted" /var/log/auth.log
Start a terminal session and type:sudo apt install libpam-google-authenticator
To make SSH use the Google Authenticator PAM module, add the following line to the /etc/pam.d/sshd
file:
Also, so we don't get asked for a password, and instead use our SSH key for auth, comment out the line @include common-auth
:
Modify /etc/ssh/sshd_config
– change ChallengeResponseAuthentication
from no to yes, so this part of the file looks like this:
Then add this to the same /etc/ssh/sshd_config
file:AuthenticationMethods publickey,keyboard-interactive
In a terminal, run the google-authenticator
command.
It will ask you a series of questions, here is a recommended configuration:
Make tokens “time-base””: yes
Update the .google_authenticator file: yes
Disallow multiple uses: yes
Increase the original generation time limit: no
Enable rate-limiting: yes
Store the 2FA stuff in your favorite auth manager, and keep a copy of the recovery codes.
Restart the sshd daemon using:sudo systemctl restart sshd.service
Download WordPress, and setup the WP Config and Htaccess files:
Now, we copy the contents of the WordPress temp directory to our Apache2 site. We are using a dot at the end of our source directory to indicate that everything within the directory should be copied, including hidden files:sudo cp -a /tmp/wordpress/. /var/www/MY_DIR
Update the ownership with the chown and chmod commands.
Login to MYSQL:$ mysql -u USERNAME -pPASSWORD
Create a MySQL database and user (note these instructions will give the resulting user access to all databases):
Update the wp-config.php
file to reference your new database and user name. Also update the SALT values.
Visit the site in your browser to finish the installation.
One of the themes I use requires mbstring which you can install like this: $ sudo apt install php-mbstring
Then restart Apache: $ sudo service apache2 restart
Install Ruby dependencies:sudo apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev nodejs
Install Ruby with rbenv, be sure to change 2.2.2 with whatever Ruby version you want:
Install NodeJS:curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - sudo apt-get install -y nodejs
Install Rails, change the version to the one you want:
Install PostgreSQL:
Setting up a project with SQLite:rails new myapp
Setting up a project with PostgreSQL, you may need to edit config/database.yml
to match the user you created earlier:rails new myapp -d postgresql
Increase file watching limit:
I had to open up port 3000 to get browsersync on port 3000 to work with my local browser.
Check firewall status: $ sudo ufw status
Allow port access (port/protocal): $ ufw allow 3000/tcp
Remove an allow rule: $ ufw delete allow 3000/tcp
Installing postgres on Ubuntu/Debian for dev
Log in to postgres and create the uprise db
Allow passwordless connections for postgres dev:
Copy result of command above, and edit in vim/nano
Change this line:
To:
Restart postgres:
Digital Ocean, start with , otherwise follow to get LAMP going.
Run Rails dev server so you can :rails s -b 0.0.0.0