This page is more for my benefit, but I thought I’d share the steps I use when I configure a fresh Ubuntu server. This post assumes you’re familiar with command-line stuff or are proficient with Google and/or Stack Overflow.
- I opt for a minimal install and then manually add what I need. When the time comes, I install only OpenSSH and Standard System Utilities.
- Once I get logged in, I generate the locale and configure the time zone because installing everything else seems to go more smoothly.
locale-gen en_US en_US.UTF-8 # Or as appropriate dpkg-reconfigure tzdata
- Time to configure the DNS servers with Cloudflare, OpenDNS and Google DNS . I’ll make
/etc/resolvconf/resolv.conf.d/headso it’s at the top of the resolve list and it’ll stick between reboots.
#Cloudflare IPv6 2606:4700:4700::1111 2606:4700:4700::1001 #OpenDNS IPv6 2620:0:ccc::2 2620:0:ccd::2 #Google IPv6 2001:4860:4860::8888 2001:4860:4860::8844 #Cloudflare IPv4 126.96.36.199 188.8.131.52 #OpenDNS IPv4 184.108.40.206 220.127.116.11 #Google IPv4 18.104.22.168 22.214.171.124
- Next, I update apt and start installing what I need, typically starting with nano (because I can never remember the commands for vi,) some command line utilities, and LAMP server (Apache, MySQL, and PHP/Perl/Python)
sudo apt update sudo apt install nano update-notifier-common build-essential dnsutils sudo apt install lamp-server^ # The caret is important
sudo apt install certbot# For Let's Encrypt certificates (follow instructions @ certbot.eff.org) sudo a2enmod rewrite ssl
From here, I’ll start mucking with mail servers. This step is a work in progress as I’m still figuring it out. [3 Dec 2017]
sendmail mailutils spamassassin pyzor razor opendkim postfix-policyd-spf-python dovecot-imapd
These guides have helped setting up mail filtering and signing, as well as using the existing Lets Encrypt certificates for securing transmission.