computers:server_basic_setup
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
computers:server_basic_setup [2018/12/14 02:16] – [Packages] chkuo | computers:server_basic_setup [2023/10/27 16:54] (current) – hychang | ||
---|---|---|---|
Line 3: | Line 3: | ||
===== RAID ===== | ===== RAID ===== | ||
* high-reliability servers (firewall, DHCP, web, etc) | * high-reliability servers (firewall, DHCP, web, etc) | ||
- | * 4 drives: RAID 1 (* 2), hot spare * 1, cold spare *1 | + | * 4 drives: RAID 1 (* 2), hot spare * 1, cold spare * 1 |
* computational servers | * computational servers | ||
* RAID 10, hot spare * 1 or 2 | * RAID 10, hot spare * 1 or 2 | ||
===== Operating System ===== | ===== Operating System ===== | ||
- | * [[http:// | + | * [[http:// |
===== Packages ===== | ===== Packages ===== | ||
Line 20: | Line 20: | ||
# Zero Configuration Networking (Zeroconf) | # Zero Configuration Networking (Zeroconf) | ||
$ sudo apt install avahi-daemon | $ sudo apt install avahi-daemon | ||
- | # ntpd for automatic time correction | + | # in case the avahi-daemon does not work after reboot, log-in using ip address and restart |
- | $ sudo apt install ntp | + | $ sudo service avahi-daemon restart |
# remove all unused packages | # remove all unused packages | ||
Line 32: | Line 33: | ||
===== Network ===== | ===== Network ===== | ||
- | * edit ''/ | + | * edit ''/ |
+ | * use space for indentation, | ||
+ | * or delete the original *.yaml file generated by the installer, then create a new xxx.yaml in ''/ | ||
+ | * example: | ||
< | < | ||
network: | network: | ||
- | | + | version: 2 |
- | eno1: | + | renderer: networkd |
- | addresses: [] | + | |
- | dhcp4: true | + | eno1: |
- | eno2: | + | addresses: [] |
- | addresses: [140.109.56.170/ | + | dhcp4: true |
- | gateway4: 140.109.56.254 | + | eno2: |
- | nameservers: | + | addresses: [140.109.56.170/ |
- | addresses: [140.109.1.10, | + | gateway4: 140.109.56.254 |
- | dhcp4: no | + | nameservers: |
- | version: 2 | + | addresses: [140.109.1.10, |
+ | dhcp4: no | ||
</ | </ | ||
- | * after updating the config file, execute: '' | + | |
- | * use '' | + | |
+ | * to check the network info: '' | ||
- | ===== Service ===== | + | |
- | ==== sshd_config ==== | + | |
- | | + | |
- | * Limit ssh connection to ipv4 and disable ipv6: uncomment '' | + | |
- | ===== SSH security | + | ===== Time Synchronization ===== |
+ | |||
+ | <code bash> | ||
+ | # check setting | ||
+ | $ timedatectl | ||
+ | # list available timezones | ||
+ | $ timedatectl list-timezones | ||
+ | # set time zone (select from the list above) | ||
+ | $ sudo timedatectl set-timezone Asia/ | ||
+ | # verify | ||
+ | $ date | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== SSH ===== | ||
* see [[computers: | * see [[computers: | ||
* minimal requirement: | * minimal requirement: | ||
+ | * ''/ | ||
+ | * '' | ||
+ | * Limit ssh connection to ipv4 and disable ipv6 | ||
+ | * Uncomment '' | ||
+ | * Comment ''# | ||
+ | * This setting allows the server to listen to ipv4 only, so normal connections not denied because clients use ipv6 and are rejected based on the rules in ''/ | ||
+ | |||
+ | ===== Message Of The Day (motd) ===== | ||
+ | <code bash> | ||
+ | # disable unnecessary messages | ||
+ | $ sudo chmod a-x / | ||
+ | $ sudo chmod a-x / | ||
+ | </ | ||
===== User Management ===== | ===== User Management ===== | ||
Line 85: | Line 115: | ||
<code bash> | <code bash> | ||
$ sudo adduser username groupname | $ sudo adduser username groupname | ||
+ | </ | ||
+ | |||
+ | ==== Remove User from Group ==== | ||
+ | <code bash> | ||
+ | $ sudo deluser username groupname | ||
+ | </ | ||
+ | |||
+ | ==== Change username and home directory==== | ||
+ | <code bash> | ||
+ | $ sudo usermod -l new_username old_username | ||
+ | $ sudo usermod -d / | ||
</ | </ | ||
Line 102: | Line 143: | ||
$ sudo deluser username | $ sudo deluser username | ||
$ sudo delgroup groupname | $ sudo delgroup groupname | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Create scratch directory and storage==== | ||
+ | Run the shell script make_work_dir, | ||
+ | <code bash> | ||
+ | $ sudo / | ||
</ | </ | ||
computers/server_basic_setup.1544724972.txt.gz · Last modified: 2018/12/14 02:16 by chkuo