Changes for page Configuring a VPS machine from scratch
Last modified by Alexandru Pentilescu on 2024/07/22 21:37
From version 8.1
edited by Alexandru Pentilescu
on 2024/07/02 20:22
on 2024/07/02 20:22
Change comment:
There is no comment for this version
To version 4.3
edited by Alexandru Pentilescu
on 2022/11/13 22:09
on 2022/11/13 22:09
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -45,22 +45,9 @@ 45 45 Ultimately, the argument for or against using root access is mostly a philosophical one, rather than a technical one. There is no right or wrong answer to this question. Rather, each answer brings its own advantages and disadvantages to the table. What really matters is what you're more comfortable with using in the end. 46 46 Moreover, using a sudoers user rather than root is not inherently a guarantee for system safety either and should not be taken as a leeway for running suspicious executable files from the internet either, as privilege escalation bugs have existed in the Linux kernel since its own inception. 47 47 48 -= Install the necessary utilities = 49 -Install docker, postfix and nginx, which are all utilities you will be using consistently, from this point on. 50 - 51 -Afterwards, install the certbot-plugin-gandi plugin to enable automatic certificate renewals using gandi. This may require you to install pip3 as well, first. 52 - 53 -One the plugin is installed, just do: 54 - 55 -{{code language="bash"}} 56 -certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini -n -d 'transistor.one,*.transistor.one' --agree-tos --email=alexandru.pentilescu@disroot.org 57 -{{/code}} 58 - 59 59 = Setting up an SMTP server = 60 60 This will be required for all the future things you will be doing on the server. 61 61 62 -Moreover, this is not an easy task and will be a little time consuming. Please consult the documentation [[here>>https://wiki.transistor.one/bin/view/Guides/How%20to%20setup%20a%20postfix%20SMTP%20server/]] 63 - 64 64 = Setting up automatic updates = 65 65 66 66 System updates are a necessity for modern day operating systems and on linux, especially, there's a constant need to run such updates regurarly to avoid the risk of running vulnerable software that can be exploited by rogue malware. ... ... @@ -128,19 +128,5 @@ 128 128 129 129 This instructs the package to reboot the whole system, automatically, whenever an update requires it, the next time the system clock reaches this specific configured time. I set mine to reboot the system, whenever an update requires it, at 2AM. You may change the time to whichever fits your needs. 130 130 131 -= Installing docker = 132 132 133 -Docker is almost an irreplaceable piece of software that will be critical to your whole infrastructure. Docker needs to be installed on the system properly. In order to do so, please follow the guide [[here>>https://docs.docker.com/engine/install/ubuntu/]] 134 - 135 -= Force postfix to bind to non-local IP addresses on start = 136 - 137 -If we plan on using our SMPT server to relay emails coming from our docker containers, we will have to force postfix to bind to an IP address that's different from localhost. This needs to be done because, if we configure postfix to only bind to localhost, it will effectively be unreachable to our docker containers and they will not be able to use it as a relay. 138 -In order to allow for postfix to bind to non-local addresses, we have to add the following configuration file /etc/sysctl.d/80-network.conf with the following contents: 139 - 140 -{{code language="ini"}} 141 -net.ipv4.ip_nonlocal_bind = 1 142 -net.ipv6.ip_nonlocal_bind = 1 143 -{{/code}} 144 - 145 -Honestly, the "ipv6" line is unnecessary for our purposes, but I'm adding it anyway. After this file is added, after reboot, postfix will be able to bind itself to nonlocal addresses successfully. 146 146 )))