Skip to content

Instantly share code, notes, and snippets.

@hendisantika

hendisantika/STEPS_AFTER_PROVISIONING_UBUNTU.md

Last active June 9, 2025 16:35
Show Gist options
  • Save hendisantika/377084b390b4fa3bad577592ac832806 to your computer and use it in GitHub Desktop.
Save hendisantika/377084b390b4fa3bad577592ac832806 to your computer and use it in GitHub Desktop.
Download ZIP
BASIC SETUP SERVER
Raw
STEPS_AFTER_PROVISIONING_UBUNTU.md

Getting Started

  • Create droplet with Ubuntu 24.04
  • ssh root@[DROPLET IP ADDRESS]
  • Get password from your email
  • Change password on first login
  • adduser deployer
  • Enter password and other information
  • usermod -aG sudo deployer

Locking Down to SSH Key only (Extremely Important)

  • In your local machine, ssh-keygen
  • Generate a key, if you leave passphrase blank, no need for password
  • ls ~/.ssh to show files in local machine
  • Get the public key, cat ~/.ssh/id_rsa.pub
  • Copy it
  • cd ~/.ssh and vim authorized_keys
  • Paste key
  • Repeat steps for deployer user
  • su deployer then mkdir ~/.ssh fix permissions chmod 700 ~/.ssh
  • vim ~/.ssh/authorized_keys and paste key
  • chmod 600 ~/.ssh/authorized_keys to restrict this from being modified
  • exit to return to root user

Disable Password from Server

  • sudo vim /etc/ssh/sshd_config
  • Find PasswordAuthentication and set that to no
  • Turn on PubkeyAuthentication yes
  • Turn off ChallengeResponseAuthentication no
  • Reload the SSH service sudo systemctl reload ssh
  • Test new user in a new tab to prevent getting locked out

Setting Up Firewall

  • View all available firewall settings
  • sudo ufw app list
  • Allow on OpenSSH so we don't get locked out
  • sudo ufw allow OpenSSH
  • Enable Firewall
  • sudo ufw enable
  • Check the status
  • sudo ufw status

Install Linux, Nginx, MySQL, PHP

Nginx

  • sudo apt update enter root password
  • sudo apt install nginx enter Y to install
  • sudo ufw app list For firewall
  • sudo ufw allow 'Nginx HTTP' to add NGINX
  • sudo ufw status to verify change
  • Visit server in browser

MySQL

  • sudo apt install mysql-server enter Y to install
  • sudo mysql_secure_installation to run automated securing script
  • Press N for VALIDATE PASSWORD plugin
  • Set root password
  • Remove anonymous users? Y
  • Disallow root login remotely? N
  • Remove test database and access to it? Y
  • Reload privilege tables now? Y
  • sudo mysql to enter MySQL CLI
  • SELECT user,authentication_string,plugin,host FROM mysql.user; to verify root user's auth method
  • ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'STRONG_PASSWORD_HERE'; to set a root password
  • SELECT user,authentication_string,plugin,host FROM mysql.user; to verify root user's auth method
  • FLUSH PRIVILEGES; to apply all changes
  • mysql -u root -p to access db from now on, enter password STRONG_PASSWORD_HERE

Docker

Basic Nginx

server {
        listen 80;

        server_name cloudraya.jvm.my.id www.cloudraya.jvm.my.id;
        index index.html index.htm;
        access_log /var/log/nginx/customer-app.log;
        error_log  /var/log/nginx/customer-app-error.log error;

        location / {

                proxy_pass http://127.0.0.1:9003;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
       }
}
  • sudo ln -s /etc/nginx/sites-available/YOUR.DOMAIN.COM /etc/nginx/sites-enabled/ to create symlink to enabled sites
  • sudo unlink /etc/nginx/sites-enabled/default to remove default link
  • sudo nginx -t test the whole config
  • sudo systemctl reload nginx to apply all changes
  • sudo vim /var/www/html/info.php to start a new PHP file, fill it with <?php phpinfo();
  • sudo rm /var/www/html/info.php optional command to get rid of test file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment