Saturday, November 22, 2014

Setting Up an Ubuntu Server Instance

Anytime you set up a Linux server, you'll need to do a bit of housekeeping. We're going to go over that generic set of steps you want to carry out no matter what the server is going to be used for. In the future, we'll be coming up with a lot of different applications for our servers (logging, monitoring, data mining, web serving, web scraping, etc), but we'll always have this boilerplate to refer back to.

Prerequisites: This article assumes you've already spun up your Linux box. Now there are a lot of different options. You have local virtual machines, buying your own physical box, and cloud-based (heroku, aws, linode, digitalocean) solutions. See this article for the considerations you need to take with each approach. The following steps are more or a less a supplement to the Ubuntu instance we set up in our virtual machine using VirtualBox and Vagrant.

Configuration

Alright, after having set up that instance, ssh into your machine and run the following commands:

# Add a user for yourself
sudo adduser rob

#You'll receive the following output
Adding user `rob' ...
Adding new group `rob' (1002) ...
Adding new user `rob' (1002) with group `rob' ...
Creating home directory `/home/rob' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for rob
Enter the new value, or press ENTER for the default
    Full Name []: Rob Layton
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n] y

As you can see from the output, the user "rob" was created, a home directory was generated, some boilerplate files were carried over, and various prompts were presented to the end user to provide additional information. On some cloud instances, you're forced to ssh into the box with a default root user. Make sure to check your email for the auto-generated password that's associated with this account. Since we're using our VM, we don't have to deal with any of that. And don't forget that you can turn off the VM at any time and restore your pristine snapshot.

The next step is to give our newly created user sudo privileges. Run sudo visudo and you'll be taken to the /etc/sudoers.tmp file.

# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
rob    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

You're going to want to add your user to the "User privilege specification" section like I have. Now run the following commands:

# Switch to newly created user
su rob

# Create the .ssh folder
mkdir ~/.ssh

# Update Ubuntu
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

# log rob user out
exit

SSH Access

Now follow this guide to give yourself ssh access to this guest VM from your host machine, through the new user. That guide should also point you to an article that will help you map the IP address to a hostname. Let's name this hostname "vm". Now run the following commands from your host machine.

# ssh into the guest VM from the host
# you won't need to enter in your password
ssh rob@vm

Now follow this guide which will help make your instance more secure. This really isn't necessary for VMs that are only accessible on the same machine VirtualBox is running on, but when you set up Linux boxes that can be access through the internet, you'll want to carry out these steps.

You're probably going to want to install a web server. Check out this guide to get set up with Nginx.

As a final step, you'll want to pull down your dotfiles which personalizes your VM. If you're not familiar with dotfiles, I recommend you get into the habit of relying on them. Now I'm sure you've noticed how manual a lot of these steps are. At some point, we'll cover auto-provisioning, so check back soon.

1 comment:

  1. Do you have the right link posted for "make your instance more secure"? Currently it is the same SSH link referenced in the paragraph above.

    Great tutorial, keep it up! I'm learning a lot, slowly!

    ReplyDelete