Contabo VPS Ubuntu 22 04 Server setup PART 2 Ubuntu 22 04 Initial server setup
Zusammenfassung
TLDRIl video offre una guida dettagliata su come impostare un server Ubuntu su Contabo. Inizia con il login sul server e procede con l'installazione e la verifica del firewall UFW. Viene spiegata l'importanza di cambiare la porta SSH per aumentare la sicurezza e di impostare un file swap se la RAM è limitata. Successivamente, si cambia l'hostname del server, essenziale per la configurazione dei server di posta e per garantire la coerenza dei DNS. Viene anche illustrato come abilitare gli aggiornamenti automatici per mantenere il server aggiornato senza intervento manuale continuo. Sono coperte anche le basi della gestione delle porte attraverso UFW e l'importanza di abilitare o disabilitare determinate porte a seconda delle esigenze del server. Viene infine descritto come configurare un setup di sicurezza incrementato attraverso SSH, disabilitando il login come root e utilizzando chiavi SSH per l'autenticazione. L'intero processo si chiude con l'installazione di aggiornamenti automatici per garantire che il server sia protetto e aggiornato in qualsiasi momento.
Mitbringsel
- 🔒 Cambia la porta SSH per sicurezza.
- 🛡️ Abilita e configura il firewall UFW.
- 🧠 Crea un file swap se la RAM è limitata.
- 📛 Cambia l'hostname del server per DNS corretti.
- 🔄 Abilita aggiornamenti automatici su Ubuntu.
- 📧 Imposta nome host per invio di mail.
- 🚫 Disabilita login come root.
- 🔑 Utilizza chiavi SSH per autenticazione.
- 🌐 Gestisci impostazioni DNS dopo cambio hostname.
- 🖥️ Installa il pannello di controllo per facilitare gestione server.
Zeitleiste
- 00:00:00 - 00:05:00
登录服务器后,设置防火墙的UFW确保已安装并启用,然后修改SSH端口。在启用防火墙后,确保允许必要的流量变化并添加相应的规则。
- 00:05:00 - 00:10:00
将SSH的默认端口更改为新的端口,并通过Nano编辑SSH配置文件,确保在防火墙中已许可新的SSH端口。重启SSH服务以使更改生效。
- 00:10:00 - 00:15:00
讨论在小内存服务器中创建一个交换文件以扩展虚拟内存,列出不同内存大小下推荐的交换文件大小。并演示如何设置交换文件及确保其在系统重启后启用。
- 00:15:00 - 00:20:00
修改服务器的主机名,并通过编辑hosts文件确保系统和应用能正确识别新的主机名。同时,设置反向DNS以与新的主机名匹配,确保邮件服务器设置正确。
- 00:20:00 - 00:25:00
配置系统时区,以确保日志和应用程序可以正确记录时间。随后,设置自动更新,让服务器可以自动下载和安装更新,减轻维护负担。
- 00:25:00 - 00:30:00
深入配置自动更新中的选项,包括黑名单中不愿更新的软件包,并通过邮件通知接收更新报告。另外,指定一些情况下自动重启服务器以应用更新。
- 00:30:00 - 00:39:44
初步服务器设置完成,建议安装轻量级控制面板HSTRACK以便管理PHP应用。提供在Cloudflare下或使用自建DNS服务器的名称解析设置建议。
Mind Map
Häufig gestellte Fragen
Why do I need to change the SSH port?
Changing the SSH port improves server security by moving away from the default port 22, which is commonly targeted by attackers.
What is the purpose of enabling the UFW firewall?
Enabling the UFW firewall helps to manage rules for incoming and outgoing traffic, enhancing server security.
How can I add a swap file if my server has limited RAM?
You can create a swap file with commands that allocate space, convert it to swap, and activate it to extend RAM virtually.
Why is changing the server hostname important?
Changing the hostname is essential for mail server settings and to ensure DNS consistency, especially if mails are to be sent.
What is a fully qualified domain name (FQDN)?
An FQDN is a complete domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS).
How do you enable automatic updates on Ubuntu?
Automatic updates can be enabled by installing necessary packages like unattended-upgrades and configuring update settings in specific system files.
How can you send mail from the server?
Ensure the hostname is properly set, use a mail client, and make sure your server can send out mail through proper configuration.
What is the purpose of a swap file on a server?
A swap file acts as an extension of RAM, allowing the system to manage more processes by using disk space as virtual memory.
Why should DNS settings be updated after changing the hostname?
Updating DNS settings ensures that reverse DNS lookups match the new hostname, which is crucial for mail delivery and server identification.
How can server security be enhanced through SSH configuration?
Server security can be enhanced by disabling root login, changing SSH default port, and using SSH keys for authentication.
Weitere Video-Zusammenfassungen anzeigen
- 00:00:07and there we go we are logged into our
- 00:00:09server
- 00:00:10so i'm just going to close that
- 00:00:12and let's continue with this new git
- 00:00:14cache window
- 00:00:15i'm going to do control l
- 00:00:19and what is next on this
- 00:00:22the next thing is
- 00:00:24firewall setup so if you do want to
- 00:00:27install
- 00:00:28a control panel most of the times you
- 00:00:30probably won't have to deal with the
- 00:00:31firewall but just make sure make sure
- 00:00:33that you have ufw installed
- 00:00:35and i know on ubuntu 22
- 00:00:38it's probably already there if i check
- 00:00:40for the starters of vfw
- 00:00:43it should tell me that either it's
- 00:00:44enabled or disabled but i know it isn't
- 00:00:46it is installed in ubuntu already
- 00:00:58starter is inactive so we can enable ufw
- 00:01:17firewall is active and enabled
- 00:01:19since our ssh
- 00:01:21what is the next thing
- 00:01:23that we need to do here
- 00:01:24after this we need to set up
- 00:01:28we need to change the ssh port right
- 00:01:31okay
- 00:01:32so i'm going to allow everything that i
- 00:01:34need to allow here
- 00:01:38i'm not going to log out yet
- 00:01:40so what i'm going to do
- 00:01:42let me just first of all allow this
- 00:01:44because i'm going to use this as my new
- 00:01:46port
- 00:01:47in the next section i'm going to be
- 00:01:50disabling i'm going to change the ssh
- 00:01:52port i'm going to allow
- 00:01:54this port
- 00:01:56and then
- 00:01:57let's just do the default sudo
- 00:01:59allow outgoing allowing coming i'm just
- 00:02:01going to copy everything there
- 00:02:11there we go so if you look at ufw status
- 00:02:21we have one rule that is allowed
- 00:02:25you can allow whatever you want to allow
- 00:02:27in your traffic if you're going to
- 00:02:28install a control panel you don't really
- 00:02:30have to set up all the rules just ensure
- 00:02:32that shift w is already installed and
- 00:02:34enabled
- 00:02:35because most control panels will add the
- 00:02:37rules that they need if they need a port
- 00:02:39they will allow that port
- 00:02:42for instance if you under if you enter
- 00:02:44tutorials for
- 00:02:45sdsp maybe to run wordpress i do have
- 00:02:48that you can find that playlist
- 00:02:52so i'm just going to leave this here but
- 00:02:54if you want to allow anything you can
- 00:02:56always allow you can always deny
- 00:03:00if you want to delete something
- 00:03:01you can always delete after you look at
- 00:03:03the starters let's say
- 00:03:06so if you look at sudo ufw status
- 00:03:08numbered i'm just going to copy this
- 00:03:11before you do that let's say maybe
- 00:03:14let's say maybe i want to allow a
- 00:03:16certain port
- 00:03:20allow
- 00:03:21part 705 right and then i will enter and
- 00:03:25then
- 00:03:26i'll do ctrl l to clear the screen
- 00:03:29paste and go in there
- 00:03:32you can see that when you do you have w
- 00:03:34starters numbered it's going to give the
- 00:03:36numbers for the different parts so maybe
- 00:03:38you want to delete this rule number two
- 00:03:40you can delete it
- 00:03:42sudo
- 00:03:44ufw
- 00:03:46delete
- 00:03:48rule number two
- 00:03:56rule deleted so if you do status again
- 00:04:02you'll see that the one is deleted maybe
- 00:04:04you have to delete three as well
- 00:04:06you can delete three
- 00:04:13yes enter the file is basically about
- 00:04:16allowing and disallowing stuff so if you
- 00:04:17have ports that you don't want people to
- 00:04:19access you can disallow them if there
- 00:04:21are any parts that are preventing you
- 00:04:22from accessing various services you can
- 00:04:24allow them that's basically what you can
- 00:04:26use ufw for
- 00:04:29let's move on to changing the ssh port
- 00:04:32and we're going back to our sshd
- 00:04:34configuration file and this time around
- 00:04:36let's use nano so that you can also see
- 00:04:38how nano works if you're new to this
- 00:04:41so sudo nano and then we're going to
- 00:04:43edit this as a search configuration file
- 00:04:45and instead of the ssh configuration
- 00:04:46file we're going to
- 00:04:48we're going to change the ssh port
- 00:04:52and
- 00:04:53since we've already allowed this in our
- 00:04:54firewall we won't really need to do
- 00:04:56anything after restarting ssh so let's
- 00:04:59just go
- 00:05:00and
- 00:05:02paste that in there
- 00:05:05let's look for yeah this port you can
- 00:05:08see it is disabled when it is commented
- 00:05:10out like this this means that the
- 00:05:11default port is still 22 so if i change
- 00:05:14it like that
- 00:05:18we can change it to 70 59.
- 00:05:27port 705.9 that will be our new ssh port
- 00:05:33so on nano if you want to save you just
- 00:05:35do control x
- 00:05:38y
- 00:05:40and then enter
- 00:05:42control x press y and then enter and
- 00:05:44then let's start ssh
- 00:05:48so do service
- 00:05:52ssh
- 00:05:55restart
- 00:05:56all right our port is 70 59 so let's go
- 00:05:59and edit our login
- 00:06:02so this is the one we've been using to
- 00:06:03log in so let's add the port
- 00:06:07hp you can add the port you can specify
- 00:06:10the login port by
- 00:06:13hp 7059
- 00:06:18now note that this is a small p
- 00:06:21this is a small p
- 00:06:22at some point you're going to encounter
- 00:06:24a different one which you may encounter
- 00:06:26a different one which is scp scp is used
- 00:06:29for copying files
- 00:06:32so if you're going to use scp
- 00:06:34to copy files make sure you're using
- 00:06:36capital p instead of the small p if you
- 00:06:39want to specify a port
- 00:06:43so i will copy this let's try to log in
- 00:06:46let's try to log in on a new git bash
- 00:06:48window and i'm trying to log in because
- 00:06:51i'm hoping that at some point i'm going
- 00:06:53to encounter a certain permission denied
- 00:06:55error which is very common in contabo
- 00:07:00and when i do we'll see how to fix it
- 00:07:04so you can see we have logged in
- 00:07:06successfully with a new port
- 00:07:08let me exit let me log out by doing exit
- 00:07:14and if i log out
- 00:07:17i'll do control l
- 00:07:19and i try to
- 00:07:20[Music]
- 00:07:21log in without the port you're going to
- 00:07:23experience an error
- 00:07:32there you go ssh connect to host is
- 00:07:34trying to connect using port 22 and the
- 00:07:37connection has timed out and this is
- 00:07:39also good because if people are trying
- 00:07:40to access your ssh
- 00:07:42your server via ssh and they try to use
- 00:07:45port 22 they will not be able to get
- 00:07:47access they will just get a timeout
- 00:07:48error and that's a good thing for your
- 00:07:50server security so we've done one thing
- 00:07:53to at least improve our server security
- 00:07:56by changing the port and adding ssh
- 00:07:58authentication
- 00:08:00via public and private key
- 00:08:03now the next step let's see what's next
- 00:08:04here
- 00:08:05we've already changed that oh we're
- 00:08:07almost done wow this is going
- 00:08:11i fast
- 00:08:11we've done all that now the next step is
- 00:08:13you need to create a soft file but
- 00:08:15on contable our memory is really not
- 00:08:17that small this is optional
- 00:08:20if you have a small server you can
- 00:08:22create
- 00:08:23you can create a swap file and i'm just
- 00:08:25going to show you how you can do this so
- 00:08:26that
- 00:08:27you can do it if you have a smaller
- 00:08:29server on contable if i do free
- 00:08:34h you can see my memory total is 7.8
- 00:08:37gigabytes
- 00:08:40so for me i chose the 8gb ram
- 00:08:43i've used that so
- 00:08:46okay so let's say you have a smaller ram
- 00:08:48you have a smaller server
- 00:08:50and you want to run certain applications
- 00:08:52that may consume a lot more ram that you
- 00:08:55than you have and one of those is
- 00:08:57probably apache you may need to add a
- 00:08:59swap file so let's see how you can do
- 00:09:01that
- 00:09:02let's look at the basic rules for how
- 00:09:04much
- 00:09:05you should add for your swap file
- 00:09:08if you have a server with 2gb of ram
- 00:09:13you can add 4gb
- 00:09:15okay so 2gb and below just add 4gb and
- 00:09:18then starting from 4gb
- 00:09:20you can add an equivalent if you have
- 00:09:224gb of ram you can add 4gb of
- 00:09:25swap space
- 00:09:27if you have
- 00:09:29so just go like that up to about 8 gb
- 00:09:32so i'm assuming at 8 gb maybe you have a
- 00:09:34lot of things you want to run so at 8 gb
- 00:09:38you should also just do about 8 gb of
- 00:09:40ram
- 00:09:41so starting from 8 and above maybe 9
- 00:09:44there you can try to half it so maybe
- 00:09:46have 10 gb of
- 00:09:48ram you can do 5 gb
- 00:09:51of swap file
- 00:09:54you have 16 gb of ram you can do
- 00:09:578 gb of swap so you get the idea
- 00:10:00so since we have 8 gb i'm going to do i
- 00:10:02don't really need to do the hdb i'm just
- 00:10:04going to do four because i don't really
- 00:10:06want to run anything on this server i'm
- 00:10:07just doing it for an example but if
- 00:10:09you're running something in production
- 00:10:11you can go with eight or even six
- 00:10:15so i'm going to allocate
- 00:10:17so this is the amount of giga gigabytes
- 00:10:20that you're going to allocate to your
- 00:10:21swap file for me i'm going to allocate
- 00:10:25i'm going to allocate for
- 00:10:27i will paste in that
- 00:10:30and i want to put in 2gb
- 00:10:34i want to switch 2gb to
- 00:10:374gb
- 00:10:40and i will enter
- 00:10:43and uh
- 00:10:45all right so we've created that file
- 00:10:49and then the next step let's make that
- 00:10:50file
- 00:10:51let's give it permissions for 600
- 00:10:54so that only the root user
- 00:10:56has the permission
- 00:11:00change the permission
- 00:11:02so make you can give it a different name
- 00:11:04if you want to okay
- 00:11:07this is the name of the swap file you
- 00:11:08can change its name to whatever you want
- 00:11:11to
- 00:11:12you don't have to use the one i'm using
- 00:11:13here you can change the name
- 00:11:16you can even change the location maybe
- 00:11:17you want to put it under root you can
- 00:11:19just put there slash root slash
- 00:11:22my ubuntu swap file
- 00:11:25convert the created file to a swap so
- 00:11:27this is what is going to make it a swap
- 00:11:28file and then this is going to turn the
- 00:11:31swap on
- 00:11:32so even before we move
- 00:11:34any further let's just see if we have
- 00:11:36any swap on
- 00:11:42so you can see
- 00:11:43at this point you don't have any swap
- 00:11:45file
- 00:11:46so this is one thing i should have done
- 00:11:47in the beginning just to confirm whether
- 00:11:49i have a swap file because there are
- 00:11:50certain
- 00:11:51vps providers that will create the swap
- 00:11:54file for you
- 00:11:55in advance and you but you can always
- 00:11:57add another one
- 00:12:00this is going to convert this into a
- 00:12:01subfile that is recognized by the system
- 00:12:03and then swap on is going to
- 00:12:05it's going to turn the swap on
- 00:12:08so paste enter
- 00:12:12so there we go so right now if you do
- 00:12:13sudo swap on
- 00:12:15we'll see that we have a soft file
- 00:12:17called my ubuntu soft file and it has a
- 00:12:19size of 4gb
- 00:12:23the next thing is we need to add that
- 00:12:25file into the etsy
- 00:12:27f stub so when we add it into the f stub
- 00:12:29it means it lets the system know that
- 00:12:32there is a memory that they need to
- 00:12:33register when they log when the system
- 00:12:35restarts
- 00:12:37so this is just to make sure that when
- 00:12:38the system restarts
- 00:12:40this is being recognized as it's being
- 00:12:42recognized as a memory location for the
- 00:12:44system
- 00:12:45let's come back here and we're just
- 00:12:47going to copy this and we're going to
- 00:12:48add make sure that every place where
- 00:12:50this is if you change the name of your
- 00:12:52swap file you change it there as well
- 00:12:55but you don't really have to
- 00:12:58you can just use the same name i'm using
- 00:13:00there
- 00:13:01i'll do i to edit
- 00:13:07press enter
- 00:13:13you can let's not add it above this
- 00:13:16let's add it
- 00:13:19at the end of this
- 00:13:22enter
- 00:13:24and then i'll do shift inside
- 00:13:27and then i'll press escape
- 00:13:32and then shift zz to save
- 00:13:37all right so as i said if you don't use
- 00:13:39veeam just use nano
- 00:13:41so you know what let's just confirm this
- 00:13:43if we restart the server
- 00:13:45we see if our swap is working so i'm
- 00:13:46going to do exit
- 00:13:56i didn't even restart let me restart the
- 00:13:58server i'll just do reboot to restart
- 00:14:00the server
- 00:14:01if i do that let me copy the password
- 00:14:04because i'm going to use sudo
- 00:14:09wait for the server to restart and then
- 00:14:10we're going to
- 00:14:12we're going to see if our file is
- 00:14:14available
- 00:14:17so just giving it time to restart let's
- 00:14:19just check if it is ready
- 00:14:22is it ready
- 00:14:26there we go
- 00:14:27okay let's do swap on to see if also
- 00:14:30file is active
- 00:14:38paste and enter and there we go also
- 00:14:40file is still there
- 00:14:43all right so we've done this for file
- 00:14:44what is the next step
- 00:14:46the next step change the server host
- 00:14:48name yeah this is actually very
- 00:14:49important if if you're setting up this
- 00:14:51server and you will be sending mail this
- 00:14:53is very important make sure you do this
- 00:14:55so we're going to do change the server
- 00:14:57host name next for ubuntu
- 00:15:02so this will be the server hostname if
- 00:15:03you want to send mail make sure that
- 00:15:05whatever you're using as your sub you're
- 00:15:07using as your host name is a fully
- 00:15:10qualified domain name a fully qualified
- 00:15:12domain name is a subdomain
- 00:15:15a subdomain or a full domain and the
- 00:15:17domain when you add
- 00:15:19dns records to it it can be accessed
- 00:15:21that's what a fully qualified domain
- 00:15:23name is so it has to be a registered
- 00:15:26domain name
- 00:15:27that can be accessed when you add dns
- 00:15:30records to it
- 00:15:33so we're going to change the server host
- 00:15:36name
- 00:15:38let me put this at the top
- 00:15:41and our host name let's say i want to
- 00:15:44use
- 00:15:46panel
- 00:15:48panel x
- 00:15:50dot
- 00:15:51bizanosa.com
- 00:15:58i will copy
- 00:16:01and bring it here
- 00:16:03paste
- 00:16:04enter
- 00:16:06so the hostname is changed right now if
- 00:16:08if i check the host name
- 00:16:13it should bring this
- 00:16:15but that's not the end of it you still
- 00:16:16need to change it inside of the host's
- 00:16:19file now instead of this host file this
- 00:16:21is actually the one that's more
- 00:16:22important because when you're running
- 00:16:24something like exam exam is going to
- 00:16:26look at what value is inside here and
- 00:16:28that's what it's going to send out as
- 00:16:29the sender of your mail
- 00:16:32so we'll come here and we're going to
- 00:16:34edit the hosts file
- 00:16:40paste
- 00:16:41enter
- 00:16:42all right i can see contact already
- 00:16:44added some details here so we added it
- 00:16:47added that well and good we're going to
- 00:16:49change our host name there so this is
- 00:16:51going to be the host name that we set up
- 00:16:53and then this is going to be the alias
- 00:16:55and then for our ip as well we're going
- 00:16:57to change the hostname
- 00:16:59and the alias
- 00:17:01so this is just an alias and this is
- 00:17:02what when you log into your server
- 00:17:04you'll see
- 00:17:05so let us copy our host name
- 00:17:08which was panel x dot visanosa.com
- 00:17:12we're going to go into
- 00:17:14the first one which is this so this is
- 00:17:16like the system hostname
- 00:17:18so this is important you can see it's
- 00:17:20dot 1.1 so don't change the 14.01
- 00:17:22because this is a defined localhost
- 00:17:26for our server so the server must know
- 00:17:28the localhost is that but the 2.1 we let
- 00:17:31any other application that wants to use
- 00:17:33this that that is our localhost name
- 00:17:36and then our ip as well when anything
- 00:17:38tries to access it it will be shown that
- 00:17:40the hostname is what we set there and
- 00:17:43that will not be the end of it there
- 00:17:44will be still one more thing that you
- 00:17:45need to do and this is true for
- 00:17:47whichever
- 00:17:48vps provider you're using
- 00:17:54so i'm going to do shift insert to paste
- 00:17:58and then on the other end
- 00:18:04let me just press i'll just press
- 00:18:06tab
- 00:18:09and we're going to add panel x
- 00:18:14and of course we need to delete this
- 00:18:18so the next time you reload your server
- 00:18:20and you log in you will see that your
- 00:18:22server is called panel x
- 00:18:25so let's come down again and we need to
- 00:18:27change it for our ip
- 00:18:43shift insights
- 00:18:46let's do tab
- 00:18:49press tab
- 00:18:54delete
- 00:18:55that
- 00:18:56all right
- 00:18:57then we're going to save control x
- 00:19:01y
- 00:19:04enter
- 00:19:06so
- 00:19:06[Music]
- 00:19:08at this point i'm hoping that everything
- 00:19:10is going to work well
- 00:19:12because there's an error i'm hoping to
- 00:19:13encounter because i want to deal with
- 00:19:15that error but if i don't encounter it
- 00:19:17well and good no problem
- 00:19:19so let me just reboot the server
- 00:19:24and then we're going to log in and
- 00:19:27once you log in you will see that our
- 00:19:29new hostname has changed and it will no
- 00:19:31longer be that
- 00:19:36so i'm hoping the server is already
- 00:19:37started
- 00:19:39if it is not it's just going to give us
- 00:19:41an error and then we're going to try
- 00:19:43again
- 00:19:45there we go the server started and
- 00:19:46everything worked well
- 00:19:48ctrl l
- 00:19:49now the next step is once you change
- 00:19:51your host name you can see the host name
- 00:19:53has changed once you change your host
- 00:19:55name the next step is for you to go into
- 00:19:56contable dashboard
- 00:19:58go into the control dashboard and then
- 00:20:00somewhere here you're going to see
- 00:20:02reverse dns if you want to use your
- 00:20:04website for hosting
- 00:20:06so let me login if you want to use your
- 00:20:07server for hosting actual
- 00:20:10website and you want to send mail as
- 00:20:12well from your server
- 00:20:14you'll need to change your reverse dns
- 00:20:15on contable as well
- 00:20:17that way when you do a reverse check it
- 00:20:19will show that your host name is what
- 00:20:21you set
- 00:20:24to change the host name in your contable
- 00:20:26dashboard so that it can reflect when
- 00:20:29people do our dns checks you need to
- 00:20:31come here under reverse dns and then
- 00:20:33you're going to copy
- 00:20:35you are going to copy
- 00:20:37your new host name
- 00:20:38and then you're going to edit
- 00:20:41the new hostname
- 00:20:42to match with your ip
- 00:20:45paste
- 00:20:46save so once you do something like this
- 00:20:49and you copy your ip address
- 00:20:51and you check on
- 00:20:54let's just do on our dns check
- 00:21:04our dns check uh oh i i didn't want to
- 00:21:07use this but let's just use this paste
- 00:21:11and let's start and
- 00:21:13so you can see
- 00:21:14the lookup result says come back as that
- 00:21:16so this is actually good because
- 00:21:18if your server is not in any sperm
- 00:21:21anti-spam directories then you can send
- 00:21:24mail so if it is not blacklisted you can
- 00:21:26send mail safely and it would go it
- 00:21:28would go into your recipient's mail
- 00:21:30provided you've set up your server well
- 00:21:32and one of the easiest way to set up a
- 00:21:34mail server you can use something like
- 00:21:37sdscp it has a mail server built in so
- 00:21:40you can just install sjsp and mail will
- 00:21:42automatically will work out of the box
- 00:21:45if you're using cloudflare make sure you
- 00:21:47also add the txt records for the dkm and
- 00:21:51the spf records add them onto
- 00:21:53them onto your cloudflare dns records
- 00:21:55and that's going to try and ensure that
- 00:21:58your mail your mail always go into the
- 00:22:00recipient's inbox instead of going into
- 00:22:02the spam folder
- 00:22:05so that is done what is next in our
- 00:22:07server setup
- 00:22:10set the time zone this is easy on ubuntu
- 00:22:12if you're following along along on
- 00:22:14debian then you need to install tz data
- 00:22:17just do sudo apt
- 00:22:19install tz data
- 00:22:23but since we are on ubuntu i know this
- 00:22:25is already installed in ubuntu 2204 so
- 00:22:28i'm just going to come in here
- 00:22:30and i'm going to paste that
- 00:22:33and we can configure our time zone
- 00:22:35and of course i need my sudo password
- 00:22:39paste
- 00:22:40enter
- 00:22:41and i will choose africa
- 00:22:47[Music]
- 00:22:49nairobi city i'll just press n to go
- 00:22:52to
- 00:22:53n
- 00:22:55press enter and my time zone has now
- 00:22:57changed
- 00:22:59and if i do that
- 00:23:03it will tell me my time zone is now east
- 00:23:06african time
- 00:23:09you can change it again to see if you
- 00:23:11made any error right that was easy and
- 00:23:14fast
- 00:23:15now the next and the last step is
- 00:23:16setting up automatic updates open
- 00:23:18automatic updates will save you a lot of
- 00:23:20hassle i'm telling you if you set this
- 00:23:22up you don't really have to go back to
- 00:23:24your server you can even stay away from
- 00:23:25your server for a whole year and
- 00:23:27everything will just automatically
- 00:23:28update itself
- 00:23:30now there's a part of this that is not
- 00:23:31available and i may do a video about
- 00:23:33this in future and that is for adding
- 00:23:35four third-party applications let's say
- 00:23:37you install something like php and you
- 00:23:39know php is not available in the
- 00:23:42in the repository for ubuntu
- 00:23:44by default you have to get it from some
- 00:23:46third party so that's probably where the
- 00:23:48issue is but that is also possible you
- 00:23:50can add those repositories in your
- 00:23:52automatic updates and that will save you
- 00:23:54a lot of hassle everything will
- 00:23:56automatically update
- 00:23:57and you don't have to go to your server
- 00:23:59all the time to check if there are any
- 00:24:01updates
- 00:24:08okay we don't have any updates
- 00:24:11ctrl l
- 00:24:13i know on ubuntu 2204 this is probably
- 00:24:16already installed but i'm just going to
- 00:24:18do the confirmation but if you're
- 00:24:19following on debian it's probably not
- 00:24:21installed
- 00:24:23and as i said you can follow the same
- 00:24:25post if you have debian 11.
- 00:24:32it was not installed there we go it is
- 00:24:34now installed
- 00:24:36ctrl l
- 00:24:38now the next thing is
- 00:24:40we're going to do
- 00:24:42that and this is going to enable the
- 00:24:44updates it can enable
- 00:24:47priority updates and this is going to
- 00:24:48set the update in motion so even at this
- 00:24:51point if anything changes on ubuntu it
- 00:24:53will be updated
- 00:24:57paste
- 00:25:03okay so this is a this is an issue that
- 00:25:06i'm experiencing here on my site but
- 00:25:08basically what's happening is this is
- 00:25:11these are two hyphens so just follow the
- 00:25:13video and i'm hoping you're patient
- 00:25:15enough to follow the video
- 00:25:17and when you get here you just put two
- 00:25:19hyphens like that
- 00:25:22and that's going to fix this issue
- 00:25:26so i'm just going to do it again and i
- 00:25:29will come back all the way here delete
- 00:25:31and i will put two hyphens
- 00:25:35enter and that's going to bring you this
- 00:25:37asking you to enable unattended upgrades
- 00:25:40automatically download and install
- 00:25:42stable updates yes
- 00:25:45there we go now that file has been
- 00:25:48generated
- 00:25:49and if you go to this file you can see
- 00:25:51what's inside of it
- 00:25:54copy you can just do cut
- 00:25:58shift insert
- 00:25:59enter and you'll see
- 00:26:02the upped
- 00:26:03periodic update package list it will
- 00:26:06update one every day it will check for
- 00:26:07the update
- 00:26:09unattended upgrade
- 00:26:11one so packages and unattended upgrade
- 00:26:14every day they'll check for the updates
- 00:26:17i'll do control l clear the screen and
- 00:26:19then let's go and edit this file the 50
- 00:26:22unattended upgrades and this is
- 00:26:24important
- 00:26:25it's going to allow us to add more
- 00:26:27things into the automatic updates so if
- 00:26:30you ever need to add anything here
- 00:26:32any third party file any third party
- 00:26:35updates you'll need to come and add them
- 00:26:36inside of this file
- 00:26:43so the unattended upgrades that are
- 00:26:45allowed are this
- 00:26:47and we also need to enable updates for
- 00:26:50normal packages so i'm just going to
- 00:26:53uncheck that
- 00:26:54and that's going to enable this so any
- 00:26:56updates for all our applications
- 00:26:59anything that we install
- 00:27:01that is available in the ubuntu
- 00:27:02repository that can be updated there
- 00:27:05this you don't really need
- 00:27:06proposed yeah you can also enable this
- 00:27:12you can also enable that
- 00:27:14just leave only this
- 00:27:16enabled and then
- 00:27:17if in future you want to to enable a
- 00:27:20repository that that's not here in
- 00:27:22ubuntu a good example is php you can
- 00:27:25always add it in here okay and i may do
- 00:27:28a video for that if you need a video for
- 00:27:30that let me know i'll do a video for
- 00:27:31that i can even write a post for that
- 00:27:33and show you how to do it but you'd just
- 00:27:36add it in the same format
- 00:27:38okay so the digital id
- 00:27:41and then
- 00:27:42the where it's coming from
- 00:27:45okay
- 00:27:46something like this you can add maybe
- 00:27:48it's chrome you have google chrome
- 00:27:49installed you can add it
- 00:27:52like that in here okay so it's not the
- 00:27:54same way on debian in as much as debian
- 00:27:57and ubuntu are similar you'll see that
- 00:28:00if you go to the 50 upgrades for debian
- 00:28:03is a little bit different
- 00:28:05for ubuntu this is how it is
- 00:28:07let's just forget about that for now
- 00:28:10we can go down and i can explain some
- 00:28:12more things here so unattended upgrade
- 00:28:14package blacklist maybe you don't want
- 00:28:16to upgrade mariah db
- 00:28:20let's say you don't want to upgrade
- 00:28:22mariahdb i will press i to go into
- 00:28:24insert mode if you don't want to upgrade
- 00:28:26my db you can always add it here so
- 00:28:29quotes quotes
- 00:28:31and then you can put my idb inside here
- 00:28:34[Music]
- 00:28:37mariahdb will not be updated
- 00:28:39automatically
- 00:28:42maybe whatever these are you don't want
- 00:28:45to update any of these packages
- 00:28:54and then don't forget
- 00:28:56don't forget to end
- 00:28:58the statement okay
- 00:29:01maybe for some reason you don't want to
- 00:29:03update php
- 00:29:05no even php is not available on the
- 00:29:06repository so let's think of something
- 00:29:08else maybe you don't want to update
- 00:29:10python
- 00:29:18so you can add python in there
- 00:29:19[Music]
- 00:29:21maybe you don't want to update packages
- 00:29:23that start with python
- 00:29:24so you can say buy whatever you don't
- 00:29:27want any of those updated that's just an
- 00:29:29example of what you can prevent from
- 00:29:31updating
- 00:29:32but of course i don't need any of this
- 00:29:34so i'm just going to comment them out
- 00:29:37i'm going to comment this one out as
- 00:29:38well
- 00:29:41and let's continue down the line
- 00:29:43unattended upgrades they've released
- 00:29:45also most of these things you can always
- 00:29:47read whatever they're about and that
- 00:29:49will help you
- 00:29:50let me do escape
- 00:29:52i don't want to edit anything in there
- 00:29:56so unattended upgrades
- 00:29:58all these items you can read the only
- 00:30:00other thing that i need to look at here
- 00:30:02is
- 00:30:03where is it mail send mail i can say
- 00:30:05send mail here
- 00:30:07let's just add numbering so press escape
- 00:30:10and
- 00:30:11you can do
- 00:30:11[Music]
- 00:30:16you can set numbering just like that
- 00:30:18setting you if you want to remove the
- 00:30:19numbering you can just do set no new no
- 00:30:22no
- 00:30:23and that's going to remove the numbering
- 00:30:24so here on line 75 you can see we have
- 00:30:26this okay if you want
- 00:30:29to receive mail
- 00:30:31when updates occur
- 00:30:33you can do that here
- 00:30:34so let me press i to go into edit mode
- 00:30:40and unattended upgrade mail
- 00:30:42you can add your mail address in there
- 00:30:46mail anyone you can add your mail
- 00:30:48address in there
- 00:30:54make sure that your server has
- 00:30:56as a way to send mail if it doesn't have
- 00:30:58a mail server it doesn't have a way to
- 00:31:00send mail this is not going to work
- 00:31:07and then automatic reboot
- 00:31:09you can reboot to that confirmation but
- 00:31:10this needs a certain package and you're
- 00:31:12going to see how to install it i think i
- 00:31:14skipped that bit
- 00:31:17so here under reboot
- 00:31:19you can make it true
- 00:31:21after the update is run or you can
- 00:31:23enable automatic reboot you need to
- 00:31:25change this to true
- 00:31:31you'll need to change this to true
- 00:31:35all right so that's pretty much it for
- 00:31:36this file you can read all this if you
- 00:31:38want to know more about what is
- 00:31:40available here most of them are
- 00:31:41commented and they explained and if no
- 00:31:44explanation is clear you can always go
- 00:31:46online and search for what you need what
- 00:31:47you're trying to learn third party
- 00:31:49applications especially php you can add
- 00:31:52that and i may do a video for that in
- 00:31:54future if you need the video just let me
- 00:31:55know i'll create it
- 00:31:57for now let's say this is all we want to
- 00:31:59update i'm going to do escape
- 00:32:01to get outside of him and then i'm just
- 00:32:03going to do shift z to save
- 00:32:08the next thing was there's something i
- 00:32:09didn't install
- 00:32:11and it was yeah update notifier you need
- 00:32:14to install this
- 00:32:15on ubuntu i don't know if it's already
- 00:32:17installed
- 00:32:20paste
- 00:32:21enter so this will allow you to
- 00:32:23automatically
- 00:32:25reboot the server
- 00:32:29that's pretty much it at this point
- 00:32:31you've done everything we needed to do
- 00:32:33in this
- 00:32:34initial server setup you have done
- 00:32:36everything that you needed to do and one
- 00:32:38thing that i know i added in this post
- 00:32:40at some point was
- 00:32:43if you need to run the service on demand
- 00:32:46maybe you're experiencing any problems
- 00:32:49you can always do a dry run copy
- 00:32:52let's do a dry run for our updates
- 00:32:54and it's going to tell us if there any
- 00:32:57if it's unable to do it
- 00:32:59so i can do
- 00:33:00debug
- 00:33:03and if there are any issues it's going
- 00:33:05to tell you that something is unable to
- 00:33:08update or
- 00:33:09whatever or if you have any updates
- 00:33:15so you see right now it's telling me
- 00:33:17that this is unable to send mail
- 00:33:19probably because i don't have exam
- 00:33:21installed so i will have to install
- 00:33:23something that is good no packages were
- 00:33:25found that can be updated that is good
- 00:33:28this means that everything is working
- 00:33:29well
- 00:33:30and you can just leave it to run and if
- 00:33:32you want to run it right now you can
- 00:33:34always run it with the
- 00:33:35d flag so if you do the d flag it's
- 00:33:38going to update everything right now so
- 00:33:40if i did have any updates
- 00:33:45i can just do dash d and it's going to
- 00:33:48update but you can see it's telling me
- 00:33:50that there are no packages that need to
- 00:33:52be upgraded
- 00:33:55that's all i can do
- 00:33:56to help you do your initial server setup
- 00:33:59we deployed the ubuntu definitely logged
- 00:34:01in created the user ssh login disable
- 00:34:04root root login firewall setup i spoke
- 00:34:07about that changed the ssh port created
- 00:34:09at created a swap file changed the
- 00:34:12server host name setup auto yeah
- 00:34:14everything has been done
- 00:34:15the next step is for you if you want to
- 00:34:17run wordpress you want to run magento
- 00:34:19you want to run basically any php
- 00:34:21applications just go with htcp very
- 00:34:24lightweight nice control panel
- 00:34:27very easy to use
- 00:34:29so if you want to install stp let me
- 00:34:31just show you how you can do that
- 00:34:33so on this link down here
- 00:34:36you can generate a script and for me i
- 00:34:38usually encourage you to use engine x
- 00:34:41and php fpm so when you're generating
- 00:34:43the script just disable apache you can
- 00:34:46install multi-php maybe you don't know
- 00:34:47what you want to run maybe you want to
- 00:34:49run maybe you want to run something that
- 00:34:50uses php 5.6 or php 7.4 you can run
- 00:34:54multi-php and this is going to install
- 00:34:56all the php versions you if you don't
- 00:34:58need any at some point you can always
- 00:35:00uninstall them on the htcp dashboard
- 00:35:03ftp you can use pro ftp or vsftp
- 00:35:06i'll just leave it at vstp and then
- 00:35:08named this is what you'll use for dns
- 00:35:11dns if you want to handle dns and you
- 00:35:13want to use your own own name servers
- 00:35:15you can
- 00:35:16do that using named make sure it is
- 00:35:18installed and i do have a video for sdsp
- 00:35:22dns setup i do have a video for that i
- 00:35:24hope it shows up because i just
- 00:35:26installed it
- 00:35:29so i think i'm the one
- 00:35:31i'm the one who posted that on
- 00:35:34reddit but the video
- 00:35:35we can find the link there
- 00:35:37[Music]
- 00:35:41so if you come to youtube this is a
- 00:35:45video you can use this to set up sdsp
- 00:35:47using cloudflare
- 00:35:48or your personal name servers that is
- 00:35:51available there
- 00:35:53named install that mysql if you need
- 00:35:56postgres you can install it exam that's
- 00:35:58for sending mail dev code is also for
- 00:36:00mail
- 00:36:03this one also works with dovecote
- 00:36:07clermov this is like an antivirus
- 00:36:10and then spam assassin of course ip
- 00:36:12tables that will be your firewall fail
- 00:36:15to burn of course you need to install
- 00:36:17fail to burn
- 00:36:18and api if you want to activate the api
- 00:36:22you can always reactivate it later on
- 00:36:23but just leave it do not activate it
- 00:36:26leave it unactivated
- 00:36:28unless you want to create things on your
- 00:36:30own you want to access the api but just
- 00:36:33leave that unchecked
- 00:36:35and then of course just for the
- 00:36:37installation you never know your server
- 00:36:39may experience some errors but if you
- 00:36:41first installation it will be first to
- 00:36:43be installed and most importantly you
- 00:36:46change your port if you want to use
- 00:36:47cloudflare
- 00:36:48then change the port to cloudflare
- 00:36:50acceptable ports
- 00:36:58so network ports let's see which ports
- 00:37:00cloudflare supports so http ports those
- 00:37:03are the ones you can change
- 00:37:05your cloudflare your htcp port to any
- 00:37:08one of this okay
- 00:37:10this seems like a good one just use that
- 00:37:132053
- 00:37:15and then
- 00:37:19change the pot there hostname you
- 00:37:21already changed your host name add that
- 00:37:23host name there the host name that we
- 00:37:25changed it to
- 00:37:26was that make sure that the one you put
- 00:37:28there and then your email the email for
- 00:37:30your admin user and that there and then
- 00:37:33a password set a password there even if
- 00:37:35you don't set a password you can always
- 00:37:37come in here and at the end of this post
- 00:37:40yeah yeah if you need to reset your
- 00:37:42password on your ubuntu the password for
- 00:37:44your admin user or whichever user on
- 00:37:46http you can do it like that on ubuntu
- 00:37:482204 that is the password
- 00:37:51write the password there
- 00:37:53write the user there and you can change
- 00:37:56the password for your user so if you
- 00:37:58don't set a password or you forget the
- 00:37:59password you can always change the
- 00:38:01password
- 00:38:02via ssh
- 00:38:04and then this just leave that unchecked
- 00:38:07you want to proceed
- 00:38:09come in here
- 00:38:10[Music]
- 00:38:11copy that run that on your ssh and then
- 00:38:14run this on your ssh and then log in
- 00:38:17this pretty much should end this
- 00:38:19tutorial for how to deploy
- 00:38:24and do an initial ubuntu 2204 setup on
- 00:38:27contable
- 00:38:29let me just try and
- 00:38:32reboot the server and see if there are
- 00:38:33any issues logging back in
- 00:38:39if you have an issue where you're unable
- 00:38:41to log back in
- 00:38:43i did a video about how to log in via
- 00:38:45vnc when you log in using vnc
- 00:38:48you can always
- 00:38:50figure out what the problem is normally
- 00:38:52you can just go into your sshd
- 00:38:54configuration file see if there is
- 00:38:55anything there that is disallowing you
- 00:38:57from logging in and you can also see if
- 00:39:00the ssh port
- 00:39:02is allowed and you can also check if ssh
- 00:39:05is running you can just do something
- 00:39:06like ssh
- 00:39:08service ssh
- 00:39:10starters and that will show you if ssh
- 00:39:12is running so you can see after setting
- 00:39:15up the ssh key login is pretty much a
- 00:39:17breeze you won't really have any much
- 00:39:19problems logging in because we have
- 00:39:22changed the port
- 00:39:23we have also disallowed password
- 00:39:25authentication so this is good for your
- 00:39:27server and we've also disabled root user
- 00:39:30from logging in
- 00:39:31so that's pretty much it for this video
- 00:39:33if you do have any questions or you're
- 00:39:35stuck just feel free to ask me in the
- 00:39:36comments section
- 00:39:39i'll see you in another video
- Ubuntu
- Contabo
- SSH
- Server Security
- Firewall
- Hostname
- Swap File
- Automatic Updates
- DNS Settings
- Mail Server