Initial Server Setup

This guide outlines the essential steps for configuring a new Linux server (Debian/Ubuntu) for production use. It covers user management, security hardening, system tuning, and maintenance tasks.

1. System Updates

Before configuring the server, ensure all packages are up to date.

sudo apt update && sudo apt upgrade -y

2. User Management

Avoid using the root user for daily tasks. Create a new user with sudo privileges.

Managing Users

# Create a new user
adduser <username>

# Add the user to the sudo group
usermod -aG sudo <username>

# Delete a user if needed
deluser <username>

Managing Groups

# Create a new group
addgroup <groupname>

# Add a user to a specific group
usermod -aG <groupname> <username>

# Remove a user from a group
gpasswd -d <username> <groupname>

3. Security Hardening (SSH)

Secure your server by disabling password authentication and root login, relying on SSH keys instead.

Setup SSH Keys

On your local machine, copy your public key to the server (or manually add it):

# On the server, for the new user
mkdir -p ~/.ssh
nano ~/.ssh/authorized_keys
# Paste your public key (starts with ssh-rsa, ssh-ed25519, etc.)
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

Configure SSH Daemon

Edit the SSH configuration file to enforce security settings.

sudo nano /etc/ssh/sshd_config
# Or often in cloud images: /etc/ssh/sshd_config.d/60-cloudimg-settings.conf

Ensure the following settings are applied:

PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin no

Restart the SSH service to apply changes:

sudo systemctl restart ssh

4. System Configuration

Hostname

Set a meaningful hostname for your server.

# Set the hostname
sudo hostnamectl set-hostname <new-hostname>

# Update /etc/hosts to resolve the new hostname locally
sudo nano /etc/hosts
# Add/Update the line:
# 127.0.1.1   <new-hostname>

Swap File

Create a swap file to prevent out-of-memory (OOM) errors, especially on servers with limited RAM.

# Create a 1GB swap file
sudo fallocate -l 1G /swapfile

# Secure the swap file
sudo chmod 600 /swapfile

# Initialize and enable swap
sudo mkswap /swapfile
sudo swapon /swapfile

# Make it permanent
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Memory Tuning

Optimize kernel parameters for better memory management, particularly for database or web server workloads.

Create a config file:

sudo nano /etc/sysctl.d/99-memory-tuning.conf

Add the following configuration:

# Reduce swap usage preference (default is 60)
vm.swappiness=10

# Improve file system cache management
vm.vfs_cache_pressure=50

# Write data to disk more frequently
vm.dirty_ratio=10
vm.dirty_background_ratio=5

Apply the changes:

sudo sysctl -p /etc/sysctl.d/99-memory-tuning.conf

5. Maintenance

Docker Cleanup

Automate the cleanup of unused Docker resources to save disk space.

Open the crontab editor:

crontab -e

Add the following line to run docker system prune daily at 2 AM:

0 2 * * * /usr/bin/docker system prune -af >> /var/log/docker-prune.log 2>&1