Cloud Server
Get SSH public Key
ssh-keygen -t rsa -C "abc@xyz.com"
First time login after creating the server
ssh -i ~/.ssh/id_rsa root@ip_address
adduser sammy
usermod -aG sudo sammy
sudo nano /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
su - sammy
mkdir ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys # Copy public key into this file
sudo systemctl status ssh.service
sudo systemctl reload ssh.service # start if not started
## Important check access before exiting from your local terminal
ssh -i ~/.ssh/id_rsa sammy@ip_address
Future logins
ssh -i ~/.ssh/id_rsa sammy@ip_address
Firewall
sudo apt-get install ufw
sudo ufw status
sudo nano /etc/default/ufw
set > IPV6=yes
sudo ufw disable
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 22/tcp
sudo ufw allow www
# Specific port
sudo ufw allow 3306
TimeZone
date
sudo dpkg-reconfigure tzdata
Base packages
sudo apt update && sudo apt dist-upgrade && sudo apt autoremove
Docker Installation
https://docs.docker.com/install/linux/docker-ce/ubuntu/
sudo groupadd docker
sudo usermod -aG docker $USER
su ${USER}
id -nG
NGINX Proxy
docker network create --driver bridge reverse-proxy
docker run --detach \
--name nginx-proxy \
--publish 80:80 \
--publish 443:443 \
--net reverse-proxy \
--volume $HOME/certs:/etc/nginx/certs \
--volume vhost:/etc/nginx/vhost.d \
--volume html:/usr/share/nginx/html \
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
nginxproxy/nginx-proxy
docker run --detach \
--name nginx-proxy-acme \
--net reverse-proxy \
--volumes-from nginx-proxy \
--volume $HOME/certs:/etc/nginx/certs:rw \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
--volume $HOME/acme:/etc/acme.sh \
--env "DEFAULT_EMAIL=mail@yourdomain.tld" \
nginxproxy/acme-companion
PostgreSQL
docker run -d --name postgres-server -p 5432:5432 \
--net reverse-proxy \
-v $PWD/postgres-data:/var/lib/postgresql/data \
-e "TZ=Asia/Kolkata" \
--restart always -e POSTGRES_PASSWORD=my-pswd postgres:15.1 -c superuser_reserved_connections=50
Run applications with docker
# Simple HTTP Server
docker run --name http-server -p 80:80 -d nginx
# MySQL Database
docker run --name mysql-db -e MYSQL_ROOT_PASSWORD=my-secret-pw -p 3306:3306 --restart always -d mysql:5.7.29
docker run --name phpmyadmin -d --link mysql-db:db -p 4444:80 phpmyadmin/phpmyadmin
# Install Wordpress
docker run --name wordpress-site \
--link mysql-db \
-p 80:80 \
-e WORDPRESS_DB_HOST=mysql-db \
-e WORDPRESS_DB_USER=root \
-e WORDPRESS_DB_PASSWORD=my-secret-pw \
-e WORDPRESS_DB_NAME=wordpress \
-e WORDPRESS_TABLE_PREFIX=wp_ \
-d wordpress
File Copying TO & FROM the server
# Local file TO the server
scp -i ~/.ssh/test_cloud_rsa $PWD/christiann-koepke-EkL50nhEEoc-unsplash.jpg ubuntu@server-ip:/home/ubuntu/
# Local file FROM the server
scp -i ~/.ssh/test_cloud_rsa ubuntu@server-ip:/home/ubuntu/christiann-koepke-EkL50nhEEoc-unsplash.jpg $PWD/copy.jpg
# Local folder TO the server
scp -i ~/.ssh/test_cloud_rsa -r $PWD/image-folder ubuntu@server-ip:/home/ubuntu/image-folder
# Local folder FROM the server
scp -i ~/.ssh/test_cloud_rsa -r ubuntu@server-ip:/home/ubuntu/image-folder $PWD/image-folder-copy
Squid Proxy
sudo apt install squid apache2-utils
# Edit /etc/squid/squid.conf http_access to allow all
# Password
touch /etc/squid/passwd
htpasswd /etc/squid/passwd user1
# Edit /etc/squid/squid.conf
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_port 3128
service squid restart