Skip to content

Harshroxnox/linux-server-guide

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 

Repository files navigation

Linux server guide

Update linux

apt update
apt dist-upgrade

Using automatic updates

apt install unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades

Add a limited user account

useradd -m -s /bin/bash jay && passwd jay
apt install sudo
visudo

Now search in this file for groups that can execute sudo commands(groups begin with %) and add your user in that group. Suppose the group name is sudo. Then execute

usermod -aG sudo jay

See the groups for that user to verify

groups jay

Switch to that user

su - jay

Setup SSH login

Execute the following commands on your local linux terminal. Make sure you don't have a key named id_rsa

cd .ssh && ssh-keygen

Send the .pub file to the cloud server

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

Now login to your cloud server disable root login and add a new line for user-ssh-login in the sshd-config

sudo nano /etc/ssh/sshd_config

edit PermitRootLogin no and add AllowUsers jay

sudo systemctl restart sshd

Setup Firewall

apt install ufw
ufw default allow outgoing
ufw default deny incoming
ufw allow ssh

For Nginx server run

ufw allow "Nginx Full"
ufw enable

check status

ufw status

for http

ufw allow 80

for https

ufw allow 443

Python Virtual Env

suppose you have python3.10 then run

apt install python3.10-venv
python3 -m venv venv
source venv/bin/activate

Nodejs Install NVM

wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash

reload bash

source ~/.bashrc

suppose you want to install lts/iron

nvm install lts/iron

You can also use nvm ls and nvm install v16.20.0

Docker Setup

Installing steps on ubuntu 22.04 jammy

sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl gnupg
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/dockerce.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/dockerce.gpg] https://download.docker.com/linux/ubuntu jammy stable" | sudo tee /etc/apt/sources.list.d/dockerce.list > /dev/null
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

Setting Up Systemd Services

create a service

nano /etc/systemd/system/your_service.service
[Unit]
Description=<description about this service>

[Service]
User=<user e.g. root>
WorkingDirectory=<directory_of_script e.g. /root>
ExecStart=<script which needs to be executed>

[Install]
WantedBy=multi-user.target

For python venv scripts

[Unit]
Description=<project description>

[Service]
User=<user e.g. root>
WorkingDirectory=<path to your project directory containing your python script>
ExecStart=/home/user/.virtualenv/bin/python main.py
# replace /home/user/.virtualenv/bin/python with your virtualenv and main.py with your script

[Install]
WantedBy=multi-user.target

reload daemon

sudo systemctl daemon-reload

Managing services

sudo systemctl start your-service.service
sudo systemctl stop your-service.service
sudo systemctl status your-service.service
sudo systemctl enable your-service.service
sudo systemctl restart your-service.service

NGINX

apt install nginx
ufw allow "Nginx Full"

Build the frontend static files and paste that folder(in this case dist) inside /var/www/ Delete the default file inside sites-available and sites-enabled Edit Nginx configuration file

nano /etc/nginx/sites-available/filename

Here is a sample nginx file having both frontend and backend routes set up

server {
  listen 80;
  # This is for the frontend serving the built files inside /var/www/dist
  location / {
        root /var/www/dist;
        index  index.html index.htm;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        try_files $uri $uri/ /index.html;
  }

  # This is for all the backend routes running on localhost:5000 having routes /question /registration etc.
  location /question {
        proxy_pass http://127.0.0.1:5000/question;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
  }

  location /registration {
        proxy_pass http://127.0.0.1:5000/registration;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
  }
}

This assumes backend is running on localhost:5000 and has routes /question /registration. Modify accordingly.

ln -s /etc/nginx/sites-available/filename /etc/nginx/sites-enabled/filename
systemctl restart nginx

SSL Certification

apt install certbot python3-certbot-nginx

Make sure that Nginx Full rule is available

ufw status
certbot --nginx -d example.com -d www.example.com

Let’s Encrypt’s certificates are only valid for ninety days. To set a timer to validate automatically:

systemctl status certbot.timer

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published