Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    New server build - Terminal/CLI only
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    New server build - Terminal/CLI only

    I am working to build a server without any panel. I've used cPanel, DirectAdmin and CentOS Web Panel mostly. This means I never really got down and dirty with apache, php, or security. I'm doing this to learn, to make a lean server, and why not?

    Essentially, I am making a file in notepad++ to copy and paste commands in CLI, so that I can rebuild a server in short order. It won't be a commercial server..just for my own personal use.

    I'm looking for your inputs to see what I've missed or could do better.

    • Add Users
      -- Add users to sudoers
      -- change passwords
      -- create .ssh dirs, set perms, and populate for cert login

    • Disable modify sshd_config
      -- set root login without-password
      -- turn on pub key auth
      -- AllowUsers for my users

    • Install initial tools via yum

    • Set hostname and hosts in /etc

    • Update kernal to 5.x

    • Generate a new grub2 config and set to new kernal
    • Remove most old kernals
    • Reboot

    • Set BBR

    • Install PHP7.2 and httpd
      -- Start/enable httpd
      -- Configure for virtual hosts
      -- Generate test index.html file

    • Set time/timezone/NTP

    • Install rar and 7zip
    • Add alias lines to .bashrc
    • Yum update everything
    • Install fail2ban
      -- set options in jail.local
      -- enable and start

    • Install certbot and generate certs with https redirects and cron job

    • Install CSF
      -- Use sed to modify TCP_IN (UDP, in/out too) for only the ports I'll be using
      -- enable/start csf and lfd

    • Attach storage, modify fstab

    • Set perms for extra HDD drive (file storage)
    • Secure web dirs as needed
      -- use htpasswd to generate password file
      -- use .htaccess to set Authtype Basic
      -- chmod 640 to the .htaccess file

    • Final yum update

    • Reboot

    Slowly working to cure my VPS addiction.

    Comments

    • FootKaput said: Essentially, I am making a file in notepad++ to copy and paste commands in CLI, so that I can rebuild a server in short order.

      Don't do it that way, it is crazy. Learn an orchestration tool like ansible or saltstack. Then you just run a script to remotely install everything when you spin up a new server.

      Thanked by 2skorous FootKaput

      #lexit spread the word.

    • willie said: ansible or saltstack.

      I want to learn the basics first...ansible is after I get smarter. :)

      Thanked by 1FoxelVox

      Slowly working to cure my VPS addiction.

    • Looks clean, I'd do the ntp earlier to make troubleshooting easier.

      Httpd is there, do you need mariadb/mysql?

      Unclear if this is for vm or dedi, may want to monitor raid health if the latter.

      Postfix/config for root account recipient

      Maybe something like vnstat to give you network usage statistics over time?

      Thanked by 1FootKaput
    • @casualjoe said:
      Httpd is there, do you need mariadb/mysql?

      Not yet, not sure what will go on this box. Right now it's not doing a whole lot. I'll find a purpose.

      It's a VPS / KVM.

      I didn't install postfix, but it's there, and I installed mutt to read the emails. Got the excessive resources emails already.

      I'll use hetrix to keep an eye on what's happening on the server.

      Slowly working to cure my VPS addiction.

    • I did the same when I got my hands on a Debian VPS for the firs time. Made a .txt file containing all commands which I run when ever I make a clean Debian based VPS. But I don't deal with this GRUB, bootloader etc. as I use the template provided by provider. Need to learn ansible or saltstack though, seems like it will make life easy.

    • casualjoecasualjoe Member
      edited October 20

      @FootKaput said:

      @casualjoe said:
      Httpd is there, do you need mariadb/mysql?

      Not yet, not sure what will go on this box. Right now it's not doing a whole lot. I'll find a purpose.

      It's a VPS / KVM.

      Sure no worries don't need to monitor raid then.

      I didn't install postfix, but it's there, and I installed mutt to read the emails. Got the excessive resources emails already.

      I thought the purpose was what to do to install a new server though, best not to rely on what might be in a base install and over plan.

      I'll use hetrix to keep an eye on what's happening on the server.

      Good call, but I was more thinking something to monitor your bandwidth usage to compare to your host if they ever claimed overuse etc.

      Thanked by 1FootKaput
    • vladjvladj Member

      It seems you have performed everything required to set up a server, however I just want to remind you to change SSH port to non-standard port.

      Thanked by 1FootKaput
    • @vladj said:
      It seems you have performed everything required to set up a server, however I just want to remind you to change SSH port to non-standard port.

      Good tip. Got it in sshd_config.

      casualjoe said: base install and over plan.

      That's a good point too. I didn't go very far in a 'generic' build; there are a lot of hard-coded paths/files that only point to this domain. Have to work on that.

      Slowly working to cure my VPS addiction.

    • lonealonea Member, Provider

      why are you installing fail2ban and CSF together?

      Thanked by 1FootKaput

      BuyWebHosting - Web Hosting for $10 per year

    • lonea said: why are you installing fail2ban and CSF together?

      I thought one was a firewall, the other more like an IDS. I really only use fail2ban for SSH port though, and if it's a changed port, it probably won't be hammered much.

      Slowly working to cure my VPS addiction.

    • Don't forget that a little bit of swap is always advisable ;-)

      Thanked by 1FootKaput
    • @FootKaput said:
      Essentially, I am making a file in notepad++ to copy and paste commands in CLI, so that I can rebuild a server in short order. It won't be a commercial server..just for my own personal use.

      Can you share the file when you're ready? I'm too lazy to do my own. :blush:

      Thanked by 1FootKaput
    • @willie said:

      FootKaput said: Essentially, I am making a file in notepad++ to copy and paste commands in CLI, so that I can rebuild a server in short order.

      Don't do it that way, it is crazy. Learn an orchestration tool like ansible or saltstack. Then you just run a script to remotely install everything when you spin up a new server.

      I think it's better this way than going straight up to something like that :)

      ^-^!

    • Certainly learn how to do everything by hand before automating it. But trying to run everything from a giant static script means a lot of ways to go wrong. Everyone's templates vary and something like ansible can allow for that.

      Thanked by 1FootKaput

      #lexit spread the word.

    • A couple suggestions:

      1) DigitalOcean and Linode have excellent provisioning tutorials, they will save you a lot of time.

      2) If you are primarily focused on a no-panel option, why don't you try either easyengine.io or webinoly.com. Both are open source CLI server management and well tested.

      Good luck.

      Thanked by 1FootKaput

      Roger
      SNAC.IO - Codeless Server Control

    • SNACTeam said: webinoly.com

      That's a pretty slick way to get a server up fast! Just one command!

      Thanked by 1SNACTeam

      Slowly working to cure my VPS addiction.

    • willie said: a lot of ways to go wrong

      Most definitely. I think ansible will be the way to go.

      Slowly working to cure my VPS addiction.

    • dahartigandahartigan Member, Host Rep

      Definitely set up at least 1 server completely from scratch, you can use the provider templates as a good starting point and build from there. You will learn so much about Linux and the location of various files etc that will be useful to you in your journey.

      Thanked by 2vimalware FootKaput

      HostDoc representative | Purveyor of high quality potassium | "A KVM VPS with 64 IPs? Must be Evolution Host."

    • dahartigan said: location of various files

      This. I've found it varies wildly depending on setup--it's a lot to keep track.
      Webroot lives either at |home|user|public_html or |var|www|examplecom|html
      Web users, nobody vs apache
      httpd.conf is at user|local|apache|conf or |etc|httpd|conf

      And that's comparing with just Centos7 and CWP. I'm sure it also changes for other control panels, and other distros...

      Thanked by 1dahartigan

      Slowly working to cure my VPS addiction.

    • FHRFHR Member, Provider

      @vladj said:
      It seems you have performed everything required to set up a server, however I just want to remind you to change SSH port to non-standard port.

      Please don't.

      Thanked by 1flatland_spider

      SkylonHost - affordable hourly-billed KVM VPS in Prague, CZ!
      Featuring own high performance network AS202297 | RIPE NCC member | Contact us for IPs/ASNs

    • FootKaput said: Update kernal to 5.x

      Is there a specific reason for this? RH backports lots of stuff to their kernel, and while the stock kernel is 3.10, it's not a vanilla 3.10 kernel.

      FootKaput said: -- set root login without-password

      I would disable root login via SSH altogether. You don't really lose anything, and if the server is borked, you'll probably need to login via the console anyway.

    • It's better to start from scratch is you one to learn for sure. Do not use ready templates. If the server broke this is good you will know what you have done wrong and re-do it. It is good when a server is fully ready for work to create a image of the OS. Good Luck

    • flatland_spider said: Is there a specific reason for this?

      No, not really. I wanted to use BBR, and that needed (I think) 4.9, so I figured since I was updating, get the latest.

      Cloudware said: know what you have done wrong and re-do it

      Yes. Lots and lots of this. I probably reloaded this latest one 4 times already.

      Slowly working to cure my VPS addiction.

    • SpryServers_TabSpryServers_Tab Member, Provider
      edited October 22

      If you want to automate adding users, setting up ssh keys, etc, and it's for your own use - Spin up a VM and create a FreeIPA server. Then you can just join the servers to the kerberos/IPA realm and you'll have access to all of them via the same credentials as your IPA.

      You'd just install the freeipa-client software, and the only other command you'd have to run to setup your NTP, ssh, users, etc is:

      # ipa-client-install --mkhomedir

      Tab Fitts | Founder/CEO - Spry Servers
      SSD Shared Hosting || VPS || SSD VPS || Dedicated Servers || Network Status || 1-844-799-HOST (4678)

    • farsighterfarsighter Member
      edited October 22

      You can also add bash functions to .bashrc:

      This for example
      hh () { history | grep $1 ;}
      will use hh to grep text in command history

      So hh xyz will be equal to history | grep xyz

      Why hh?
      Because 'h' is already an alias for history command in my .bashrc....

    Sign In or Register to comment.