This guide walks you through some of the basic setups you should perform on your newly created Ubuntu server to adhere to the best practices and to increase the reliability, security and usability of your server. This guide is prepared on a DigitalOcean droplet with Ubuntu 20.04LTS but the steps remain the same on Ubuntu 18.04LTS as well.
There are basically 5 steps in total for setting up a new server initially. You can browse through them on the table of contents below.
Table of Contents
Step 1: Launching a Server or Droplet (using DigitalOcean here)
Launching your own server or droplet in DigitalOcean is very simple and in a matter of a few clicks, you will be ready with a brand new server on the cloud. First of all, sign up on DigitalOcean with a valid credit or debit card (get $100 to try out DigitalOcean on sign up).
Next, you will be able to create your own projects. Projects are basically like folders inside which you can manage and organize your servers, storage and other services, also projects are free to create in DigitalOcean. Fill in the essential details and create your project.
Inside the project, you will be able to create a droplet with configurations of your choice. Click on 'Get Started with a Droplet'.
Select Ubuntu 20.04LTS as the operating system.
We will select the basic droplet costing $6/month (1Gb memory and 1vCPU) for this tutorial.
Select the location of the server, the closer it is to your target audience, the better results it produces.
Select the free and optional services you need, and create a strong password if you have not created an SSH key already (you can create it later).
Now, give a name to your server and hit the 'Create Droplet' button. You will need to wait for a few seconds until the server is ready to use.
Here, is the public IP of your server. You can now move on to the next step to set up your server for production uses.
Step 2: Log in as a Root User
You need to log in to your server as the root user to operate further. To log in, you will need the server's public IP address and the root access password or SSH key (based on your server setup). You can log in to your server through the terminal/PowerShell by the following command. Replace
server_ip with your server's IP address.
ssh [email protected]_ip
Step 3: Add a User
If you are using an SSH key then you won't be asked to enter the password and you will be able to log in directly into your server with root permissions. Now, I will add a user
ajay as a non-root user, make sure you replace
ajay with the username of your choice.
Next, you will be asked for a password, provide a random and strong password (You can use this password generator) and then optionally, provide the rest of the information, they are not necessary and you can skip them by simply hitting the
Step 4: Grant Superuser Privileges
We will now grant our non-root user the administrator privileges i.e. root privileges. We might require to perform some administrative tasks at some point, then it is undesirable to log in separately as the root user and perform the task, rather we will grant our non-root user, the administrative privileges so we can run any administrative tasks by simply putting the tag
sudo before the command. To grant your user superuser privileges run the following command for your username.
usermod -aG sudo ajay
Step 5: Enable UFW Firewall
Ubuntu servers can utilize the UFW firewall (Uncomplicated firewall) to make sure only connections to specific services are allowed. We will allow only SSH connections to our server currently and hence, we will first add OpenSSH to the allowed list using the command below.
ufw allow OpenSSH
We have added OpenSSH to the allowed list and next, we will enable the firewall which in result will allow connections to the allowed services only.
y followed by the
enter key to proceed further. The firewall should be active and running now, you can check the status of the firewall with the help of the following command. (It should show active in status).
We are done with our initial server set-up at this point if you are not using an SSH key to log in to the server. If you are not using an SSH key, you can happily log in with your non-root user in another terminal session and check if superuser privileges are granted properly for the new user by running any command with sudo tag (e.g.
sudo apt-get update). If everything works correctly you can close your root session and continue with the non-root user.
Setting Up SSH Key Authentication for non-root User
If you are using SSH key authentication for the root user then, the non-root user won't be allowed automatically to use the same SSH key for entry. You will have to copy the public key from the root user's authorized keys to the non-root user's authorized keys. This can be done using the following command. Make sure you replace my username with yours.
rsync --archive --chown=ajay:ajay ~/.ssh /home/ajay
Now, you will be able to log in as a non-root user with administrative privileges and SSH key authentication. You can proceed with your deployment further from here. All the best! 👍