These are the things I did to setup new VPS instances on Digital Ocean and ChicagoVPS
Update the machine
sudo apt-get update
sudo apt-get upgrade
Set locales
sudo locale-gen
sudo dpkg-reconfigure locales
add user
sudo adduser tutysra
# give sudo previliges
sudo visudo
tutysra ALL=(ALL) ALL
Install Git
sudo apt-get install git
Install sun java
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java7-installer
Install Tor for screen scrapping
sudo apt-get install tor
sudo /etc/init.d/tor start
Make default directories
mkdir ~/swt
mkdir ~/bin
Install NX ( not necessary for CLI boxes)
export DEBIAN_FRONTEND=noninteractive
sudo -E apt-get update
sudo -E apt-get install -y ubuntu-desktop
sudo apt-get install gnome-session-fallback
wget 'http://64.34.173.142/download/3.5.0/Linux/nxclient_3.5.0-7_amd64.deb'
wget 'http://64.34.173.142/download/3.5.0/Linux/nxnode_3.5.0-9_amd64.deb'
wget 'http://64.34.173.142/download/3.5.0/Linux/FE/nxserver_3.5.0-11_amd64.deb'
sudo dpkg -i *.deb
sudo /usr/NX/bin/nxserver --status
nano /usr/NX/etc/node.cfg
# Uncomment the “DefaultXSession” line and set it to :
DefaultXSession=/etc/X11/Xsession
Enable/Disable password authentication in ssh
sudo vi /etc/ssh/sshd_config
PasswordAuthentication to "yes/no"
PermitRootLogin no
sudo service ssh restart
Install screen & tmux
sudo apt-get install screen
sudo apt-get install tmux
Install curl
sudo apt-get install curl
Install emacs and customize
sudo apt-get install software-properties-common # installs some python scripts necessary for these operations
sudo add-apt-repository ppa:cassou/emacs
sudo apt-get update
sudo apt-get install emacs-snapshot-el emacs-snapshot-gtk emacs-snapshot
export TERM=xterm-256color
Install lein
mkdir ~/bin && cd ~/bin
wget 'https://raw.github.com/technomancy/leiningen/stable/bin/lein'
Install JDK6 for neo4j
wget --no-cookies --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com" http://download.oracle.com/otn-pub/java/jdk/6u41-b02/jdk-6u41-linux-x64.bin
export JAVA_HOME=/home/neo4j/swt/jdk1.6/
export PATH=/home/neo4j/swt/jdk1.6/bin:$PATH
Configure swap
My ChicagoVPS runs on OpenVZ and Swap space couldn’t be enabled at VM level.
swapon -s
sudo dd if=/dev/zero of=/swapfile bs=1024 count=2048k
sudo mkswap /swapfile
sudo swapon /swapfile
swapon -s
sudo nano /etc/fstab
/swapfile none swap sw 0 0
sudo chown root:root /swapfile
sudo chmod 0600 /swapfile
sudo nano /etc/sysctl.conf
vm.swappiness=20 # default is 60% RAM full
Configure Timezone from command line
sudo dpkg-reconfigure tzdata
Install ngnix
sudo apt-get install nginx
sudo service nginx start
#ifconfig eth0 | grep inet | awk '{ print $2 }'
update-rc.d nginx defaults
configuring ngnix
sudo invoke-rc.d nginx reload Follow instructions here
Install latest tomcat from apache
sudo apt-get install tomcat7 - Not fine
Download from - http://apache.techartifact.com/mirror/tomcat/tomcat-7/v7.0.37/bin/apache-tomcat-7.0.37.tar.gz
Edit .bashrc
export JAVA_HOME=/usr/lib/jvm/java-7-oracle
export CATALINA_HOME=~/swt/tomcat
$CATALINA_HOME/bin/startup.sh
Install mongodb
url - http://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/10gen.list
sudo apt-get update
sudo apt-get install mongodb-10gen
data - /var/lib/mongodb
log - /var/log/mongodb
use - mongodb
Server Monitoring
Install htop
sudo apt-get install htop
Install iftop
sudo apt-get install iftop
Install munin
sudo apt-get install munin munin-node
sudo /etc/init.d/munin-node restart
results - /var/cache/munin/www #sync to dropbox
Server Checking
sudo apt-get install nmap
port scan - sudo nmap -v -sT localhost
syn scan - sudo nmap -v -sS localhost
Allow automatic system updating
sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
IPTables configuration
sudo iptables -L
sudo iptables -L -n # no dns lookup for ip to hostname resolution
# flush all existing rules
sudo iptables -F
sudo iptables -I INPUT 1 -i lo -j ACCEPT # accept loopback
sudo iptables -I INPUT 2 -p tcp --dport ssh -j ACCEPT # allow ssh
sudo iptables -I INPUT 3 -p udp --dport 60000:61000 -j ACCEPT # allow mosh
sudo iptables -I INPUT 4 -p tcp --dport 80 -j ACCEPT # allow www
sudo iptables -I INPUT 5 -p udp -m udp --dport 53 -j ACCEPT # allow dns
sudo iptables -A INPUT -j DROP
sudo iptables -L -v
#self note - see bitbucket for rules file
# allow all existing connections
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# persist rules
sudo apt-get install iptables-persistent
sudo service iptables-persistent start
sudo /etc/init.d/iptables-persistent save
If you do something more/different, please comment, I will refine my setup and this blog post. Thanks.
No comment