Server Setup

This page is more for my benefit, but I thought I’d share the steps I use when I configure a fresh Ubuntu server. This post assumes you’re familiar with command-line stuff or are proficient with Google and/or Stack Overflow.

  1. I opt for a minimal install and then manually add what I need. When the time comes, I install only OpenSSH and Standard System Utilities.
  2. Once I get logged in, I generate the locale and configure the time zone because installing everything else seems to go more smoothly.
    locale-gen en_US en_US.UTF-8 # Or as appropriate
    dpkg-reconfigure tzdata
  3. Time to configure the DNS servers with Cloudflare, OpenDNS and Google DNS . I’ll edit /etc/systemd/resolved.conf (Ubuntu 19.04) so it’s at the top of the resolve list and it’ll stick between reboots.
    #Cloudflare IPv6
    2606:4700:4700::1111
    2606:4700:4700::1001

    #OpenDNS IPv6
    2620:0:ccc::2
    2620:0:ccd::2

    #Google IPv6
    2001:4860:4860::8888
    2001:4860:4860::8844

    #Cloudflare IPv4
    1.1.1.1
    1.0.0.1

    #OpenDNS IPv4
    208.67.222.222
    208.67.220.220

    #Google IPv4
    8.8.8.8
    8.8.4.4
  4. Next, I update apt and start installing what I need, typically starting with nano (because I can never remember the commands for vi,) some command line utilities, and LAMP server (Apache, MySQL, and PHP/Perl/Python)
    sudo apt update
    sudo apt install nano update-notifier-common build-essential dnsutils
    sudo apt install lamp-server^ # The caret is important
    sudo apt install certbot # For Let's Encrypt certificates (follow instructions @ certbot.eff.org)
    sudo a2enmod rewrite ssl

From here, I’ll start mucking with mail servers. This step is a work in progress as I’m still figuring it out. [3 Dec 2017]

sendmail mailutils spamassassin pyzor razor opendkim postfix-policyd-spf-python dovecot-imapd

These guides have helped setting up mail filtering and signing, as well as using the existing Lets Encrypt certificates for securing transmission.

– https://help.ubuntu.com/lts/serverguide/mail-filtering.html
– https://serverfault.com/questions/847435/cant-change-opendkim-socket-in-debian-stretch-in-etc-default-opendkim
– https://www.upcloud.com/support/secure-postfix-using-lets-encrypt/