System Configuration
Firewall (UFW)
You should set up the firewall. It is installed but inactive by default.
You can check the status and available applications using the following commands:
ufw status
ufw app list
Before enabling the firewall, you should allow incoming SSH requests (port 22 by default) to avoid being locked out. You should also allow incoming requests for HTTP (port 80) and HTTPS (port 443). This can be done using the following commands:
ufw allow openssh
ufw allow http
ufw allow https
ufw enable
Firewall rules can be removed using the following command:
ufw delete allow <RULE>
The firewall can be disabled completely using the following command:
ufw disable
SSH
If necessary, you can edit the SSH configuration in /etc/ssh/sshd_config
and then restart the sshd
service using the following command:
service sshd restart
For example, you might want to change the default port for incoming SSH connections using the following setting:
Port <PORT>
You could allow password authentication:
PasswordAuthentication yes
And you probably want to disable remote root login via SSH:
PermitRootLogin no
Make sure you can access your server via a non-root user before disabling remote root login!
Timezone
Check the current timezone:
timedatectl
List available timezones:
timedatectl list-timezones
Set the timezone:
timedatectl set-timezone <TIMEZONE>
If necessary, enable NTP synchronisation:
timedatectl set-ntp on
Swap File
Create a swap file using the following commands:
fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
Core Packages
An Ubuntu 18.04 droplet from DigitalOcean is pretty bare-bones but should have the following useful packages already installed:
git (v 2.17.1)
python3 (v 3.6.8)
ssh
ufw
vim
Update the system packages:
apt-get update
apt-get upgrade
apt dist-upgrade
Next, you'll want to install the core packages and dependencies for running a Rails application using the following command:
apt-get install build-essential libcurl4-openssl-dev libffi-dev libreadline-dev libssl-dev libxml2-dev libxslt1-dev libyaml-dev software-properties-common zlib1g-dev
Package
Description
build-essential
meta-package for compiling on Debian includes g++, gcc and make
libcurl4-openssl-dev
(?) OpenSSL library
libffi-dev
(?) FFI library
libreadline-dev
(?)
libssl-dev
(?) SSL library
libxml2-dev
XML library
libxslt1-dev
(?) XSLT library
libyaml-dev
YAML library
software-properties-common
provides scripts for adding and removing PPAs
zlib1g-dev
(?) compression library
Git
Git should already be installed. If it isn't, you can install it using the following command:
apt-get install git
Node.js and Yarn
Install Node.js and Yarn using the following commands:
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
apt-get update
apt-get install nodejs yarn
Nginx
Install Nginx:
apt-get install nginx
After installing, Nginx will start automatically. You can check using the following command:
systemctl status nginx
You can now serve static files from /var/www/html
and access them in a web browser via the IP address of the deployment server.
In addition, the configuration for the default site can be edited found at /etc/nginx/sites-enabled/default
.
SQLite
Install SQLite:
apt-get install sqlite3 libsqlite3-dev
PostgreSQL
Install PostgreSQL:
apt-get install postgresql postgresql-contrib
You can switch to the postgres
user and launch the psql
prompt using the following command:
sudo -u postgres psql
You can close the psql
prompt by typing \q
.
If necessary, while logged in as the postgres
user, you can create a new role using the following command:
createuser -d <ROLE>
To list all roles, run the following command from the psql
prompt:
\du
Last updated