Building Ubuntu servers on DigitalOcean
openUptown’s development and production servers have been changed from CentOS 6.x to Ubuntu 16.04.02 LTS. I have also converted one of my Windows 10 desktops to Ubuntu Gnome 16.04.02. The desktop and the LAMP configuration portion of the servers I will cover in another post.
openUptown servers are virtual machines hosted on DigitalOcean servers in Toronto. Toronto because it’s closest to Chicago and the USA is getting crazier every day. You’ll notice you can pay by the hour which can be very useful.
If you would like to test this out, here’s a signup link that will give you $10 free credit. Note you do have to enter a valid credit card to activate, but you can cancel before the $10 runs out.
Installing Ubuntu is a very pain free process. Pick the details of the droplet you want. There are 2 points I will make before you click on ‘Create’.
- It is very easy to scale the droplet up. It is not as easy to scale down. Once your initial droplet is created, you can scale it up and back down without changing the HD size. If you scale up the HD size, you cannot scale it back down and will be stuck at that level.
- The hostname should be a fully qualified domain name (FQDN) if you would like to address the server by name rather than IP address. This can be changed later too.
With these decisions made, click on ‘Create’. When created select the ‘More’ dropdown on the right side of the droplet list, and then ‘Access console’. Login as root with the password emailed to you, change the password when prompted etc.
To update the system to the newest software for your version, type from a root prompt:
# apt update
# apt -y upgrade
Set the timezone:
# timedatectl set-timezone America/Chicago
Add yourself as a new user:
# adduser yourlogin
Disable root logins:
# vi /etc/ssh/sshd_config
## PermitRootLogin yes
# service ssh restart
When I install new operating systems, the first thing I am concerned with is access. No access or limited access for others, and full for me. There is a lot one can do here, but I am just going to cover the basics.
Enable the Firewall with SSH and check status
# ufw app list
# ufw allow OpenSSH ## OR the next line is better if you have a predictable IP address
# ufw allow proto tcp from 192.168.1.50 to any port 22 ## substitute your IP
# ufw enable
# ufw status numbered
Install the FTP Server
# apt install vsftpd
# vi /etc/vsftpd.conf
## Uncomment these two lines.
## Uncomment and enter your Welcome message - Not necessary, It's optional.
ftpd_banner=Welcome but go away.
## Uncomment this to enable any form of FTP write command.
# ufw allow 21 ## OR the next line is better if you have a predictable IP address
# ufw allow proto tcp from 192.168.1.50 to any port 21 ## substitute your IP
# systemctl restart vsftpd
Note, there is much more that can be done to add security with the configuration of the Firewall and Secure Shell. The above is basic, but highly effective.
OK, stay tuned for the next installment installing Apache, MySQL and PHP.