We are now Leftshift!
Click here to go to our new website




The Discussion Delegate

Answers to the Ultimate Questions about the Web, Mobile and Vercingetorix


How to setup your new VPS Ubuntu server

This post was created on August 26th, 2011 by Sudhanshu and has 36 comments. It has been filed under , , ,

Every time you purchase a new Linux VPS, you need to go ahead and set it up for use. Even though we manage to do one server a month, we always seem to forget one thing or the other. So we decided to write down the things that we do. I thought it would be a good thing to share it with everybody as well, so that we could get a few comments about what we’re doing wrong, and people who do it the first time can probably pick up a few things from here.

If you haven’t purchased a server yet, I would suggest you go read The Guide to VPS Servers first.

I have a fascination with Ubuntu and I think it’s the easiest to work with, so I’m going to go ahead and assume that you’re working on the same too.

Okay, now that you have a server, let’s start setting it up.

# Update Ubuntu to get the latest packages
$ aptitude update
$ aptitude safe-upgrade
$ aptitude install htop
$ locale-gen en_US.UTF-8
$ update-locale LANG=en_US.UTF-8

# Set the hostname
$ vi /etc/hostname
Here you need add your hostname, for example vxtindia.com

# Add the admin group and user
$ adduser admin
$ visudo
You need to add the following here
%admin ALL=(ALL) ALL

# Add the other users
$ adduser admin2
$ usermod -a G admin admin2
$ adduser deploy
$ adduser deploy2
$ usermod -a -G deploy deploy2
It's also a good idea to add this for each user
$ vi .bashrc
and the add the following at the end of the file
- PS1='\[\033[0;35m\]\u@\h\[\033[0;33m\] \w\[\033[00m\]: '

# Install Git (if you don’t use it, please start now)
aptitude install git-core

# Edit SSH Config to make it more secure
$ vi /etc/ssh/sshd_config
Once inside, make sure that the following values match
Port 8888
Protocol 2
UseDNS no
Once you're done run the command below

$ /etc/init.d/ssh reload

# Install Apache2
$ aptitude install apache2
$ vi /etc/apache2/apache2.conf
Once inside, make sure the following values are set
KeepAliveTimeout 5
Timeout 30
MaxKeepAliveRequests 400

$ vi /etc/apache2/conf.d/servername.conf
Set the following here
ServerName vxtindia.com

$ vi /etc/apache2/conf.d/security
Set the following here
ServerTokens Minimal
ServerSignature Off

$ apache2ctl restart
$ aptitude install lynx

# Install MYSQL
$ aptitude install mysql-server mysql-client

# Install phpmyadmin
$ aptitude install phpmyadmin

# Install PHP
$ aptitude install php5 php5-json php5-cli php5-mysql php5-dev php5-curl php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl
$ apache2ctl restart

# Install postfix
$ aptitude install postfix telnet mailutils
Set/Choose the following options here
Internet Site
System Mail Name = vxtindia.com
Note: postfix log files are at /var/log/mail.info, /var/log/mail.warn, /var/log/mail.err, /var/log/mail.log
Note: postfix config files are at /etc/postfix

$ vi /etc/postfix/main.cf
Set the hostname here
myhostname = vxtindia.com

$ vi /etc/mailname
Set it again here
vxtindia.com

$ postfix reload
$ vi /etc/aliases
Note: save it to external email where server can report abuse
postmaster: abuse@vxtindia-external.com
Note: Change reverse DNS by going to https://www.linode.com/members/linode/rdns.cfm
vxtindia.com

# Install Munin (Master)
$ aptitude install munin munin-node
$ vi /etc/munin/munin.conf
It should like the following
dbdir /var/lib/munin
htmldir /var/cache/munin/www
logdir /var/log/munin
rundir /var/run/munin
contact.vxtindia.command mail -s "Munin notification" server@vxtindia.com
[vxtindia.com]
    address 127.0.0.1
    use_node_name yes

$ chown -R munin /var/cache/munin/www/
$ vi /etc/munin/munin-node.conf
Set the following
host 127.0.0.1

$ service munin-node restart
Note: You can also use /etc/init.d/munin-node restart
$ vi /etc/apache2/sites-enabled/000-default
Here you set the following
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
    Options FollowSymLinks
    AllowOverride AuthConfig
    Order allow,deny
    Allow from all
</Directory>

$ apache2ctl restart
$ vi /var/cache/munin/www/.htaccess
Make sure the following are there
AuthUserFile /var/cache/munin/.htpasswd
AuthGroupFile /dev/null
AuthName "Munin"
AuthType Basic
 
<Limit GET>
    require valid-user
</Limit>

$ cd /var/cache/munin
$ htpasswd -c .htpasswd admin

# Install Munin (Slave)
$ aptitude install munin-node
$ vi /etc/munin/munin-node.conf
Add the following
allow ^72\.14\.190\.63$
host 69.164.194.243

$ vi /etc/iptables.up.rules
Add the following
# Munin
-I INPUT -p tcp --dport 4949 -m state --state NEW,ESTABLISHED -j ACCEPT
-I OUTPUT -p tcp --dport 4949 -m state --state ESTABLISHED -j ACCEPT

$ iptables-restore < /etc/iptables.up.rules
$ /etc/init.d/munin-node restart
 
Note: Add details to the master
$vi /etc/munin/munin.conf
[a1.88things.com]
    address 69.164.194.243
    user_node_name yes

$ vi /etc/iptables.up.rules
-I OUTPUT -p tcp --dport 4949 -m state --state NEW,ESTABLISHED -j ACCEPT
-I INPUT -p tcp --dport 4949 -m state --state ESTABLISHED -j ACCEPT

$ iptables-restore < /etc/iptables.up.rules
$ /etc/init.d/munin-node restart

# Install Munin Plugins
$ aptitude install libwww-perl
$ munin-node-configure --suggest
$ ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/apache_accesses
$ ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/apache_processes
$ ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/apache_volume
$ ln -s /usr/share/munin/plugins/ip_ /etc/munin/plugins/ip_

# Setting up IPtables
$ iptables -F
Add this
$ vi /etc/iptables.up.rules
*filter
 
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
 
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
 
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
 
# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport 8888 -j ACCEPT
 
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
 
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
 
COMMIT

$ iptables-restore < /etc/iptables.up.rules
$ vi /etc/network/if-pre-up.d/iptables
Add this to the file
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules

$ chmod +x /etc/network/if-pre-up.d/iptables
$ /etc/init.d/ssh restart

# Install Fail2ban
$ aptitude install fail2ban
$ cd /etc/fail2ban/
$ cp jail.conf jail.local
$ vi jail.local
Add this
destemail = someaddress@vxtindia.com
mta = mail

$ service fail2ban restart

This constitutes your basic server setup. There are a ton of more things that you can do, but for setting up a development server, this should be more than enough.

If you are still curious, here are a few more things you should have a look at
1. LogRotate (Part 1, Part 2)
2. VirtualHosts (Part 1, Part 2)
3. WordPress Backup (1, 2, 3, 4, 5, 6)
4. Hosting Git (1, 2, 3, 4)

Do you have more things that you do, please let me know in the comments.

Responses are currently closed.
We are a Pune, India based firm specializing in building PHP, iPhone and Android applications. You can also catch our latest updates via RSS or follow us on Twitter. To invite us to work on a project, please get in touch via the Contact page and we'll get back to you at the earliest.

36 Responses to “ How to setup your new VPS Ubuntu server ”

  1. od3n says:

    nice write up. been looking for this a while. you have any guide for setup nginx instead of apache?

  2. Sudhanshu says:

    Well, installing nginx shouldn’t be too difficult, I guess this should do it
    $ sudo aptitude install nginx
    $ sudo /etc/init.d/ngnix start
    To start nginx automatically at boot add it like this
    $ update-rc.d nginx defaults

    The conf is at /etc/nginx/nginx.conf and sites available are at /etc/nginx/sites-available/default

    Here’s one of my old articles about how to remove nginx from your system – http://sudhanshuraheja.com/2007/09/remove-nginx-from-ubuntu-fiesty-fawn/

    Please let me know if that helps.

  3. od3n says:

    well thanks Sudhanshu for the response. bookmarked!

  4. [...] der VXTIndia Blog gibt es einen letzten Beitrag, der Ihnen eine sehr komplette Anleitung , um die Einrichtung eines VPS-Server Ubunut mit all der Software benötigen Sie eine (mehr als) [...]

  5. [...] the VXTIndia blog there’s a recent post that gives you a very complete guide to setting up a VPS server running Ubunut with all of the software you’d need to get a (more than) [...]

  6. I have a fascination with Ubuntu and I think it’s the easiest to work with, so I’m going to go ahead and assume that you’re working on the same too.

  7. Sudhanshu says:

    Yes, we use ubuntu too

  8. Hello, i think that i noticed you visited my site thus i came to ?return the choose?.I’m trying to to find issues to enhance my site!I suppose its ok to use some of your ideas!!

  9. I’ve been exploring for a bit for any high quality articles or blog posts on this kind of space . Exploring in Yahoo I eventually stumbled upon this web site. Reading this info So i’m happy to express that I have an incredibly good uncanny feeling I came upon just what I needed. I most undoubtedly will make sure to don?t fail to remember this web site and provides it a look regularly.

  10. Sudhanshu says:

    Thanks. Glad to have helped.

  11. [...] site will be very popular and thereby help you clear up relevance and profits for these promos so that you can install such great customer responsible for people to view what can be difficult to determine the kind of service. The [...]

  12. [...] to be hosted on a “web hosting customer feedback published you will never have to keep their performance and high speed connection plans. Many professional usage in case there has been an extensive [...]

  13. Mark Greenberg says:

    Great article. I will follow it. I am setting up a vps server to host a single website. Do you know of a good article for the DNS settings for a single site on a server?

  14. Sudhanshu says:

    Thanks Mark. I usually don’t host the DNS myself, if that is what you’re asking for. I usually just use the DNS panel of the domain registrar or the company I get the VPS from. If you want to make it more secure, you should try out CloudFlare (https://www.cloudflare.com/). One of my older clients used it, and it was really effective!

  15. Mark Greenberg says:

    Thanks for your reply. I am a novice. No, I am not trying to host the DNS myself. I am just trying to set up the master zone A records on my server so my domain registrar finds my actual site. I’ve got it working for the www, but I want FTP and mail also. Do I need BIND or can it be done in the Apache config files?

    BTW, I got ‘error at line 2′ when I tried: iptables-restore < /etc/iptables.up.rules. Can you imagine why?

    I sincerely appreciate your greater knowledge!

  16. Sudhanshu says:

    Hi Mark,

    You need to add both ‘with the www’ and ‘without the www’. Usually you can leave it empty. Also, once you are done with that, you should signup for Google Webmasters, link you new domain, and tell google that it should not consider ‘with the www’ and ‘without the www’ to be separate domains.

    Next, about setting up FTP, you can try this – http://articles.slicehost.com/2008/5/28/secure-ftp-transfers

    Next, for outgoing email, you can use postfix (it’s easier to setup than sendmail). The instructions for that are already in the post. For incoming email, I would suggest you sign up for Google Apps. Here is a link to their free account – http://www.google.com/apps/intl/en/group/index.html

    Finally, about the error with iptables, you might try to remove the line break after the first line ‘*filter’ and then add the line break again. We don’t need an extra line between those two. It might help to get the exact problem.

    - Sudhanshu

  17. Do you care if I quote your article on my Self Help Forum? I think your writing would suit my readers perfectly. Well, thanks for writing this.

  18. Sudhanshu says:

    Sure, no problem!

  19. rif says:

    can you make a guide that works for 11.10?

  20. Sudhanshu says:

    Sure, we will work something out.

  21. David says:

    Does this work for the latest version of ubuntu?

  22. Sudhanshu says:

    I haven’t tried it with the latest version. Are you getting any issues with it?

  23. Washo says:

    Hello,
    thanks for tut.
    Why there is UseDNS no setting on SSH conf?
    Thank you.

  24. Sudhanshu says:

    @Washo, it reduces the amount of time it takes up before you see the password prompt while logging in!

  25. Umbee says:

    Nice guide, if you go for a managed VPS however you can just tell your hosting company what you need and relax and run you business. Also might be worth trying to create an template that has all your tweaks included?

  26. tay says:

    $ vi /etc/iptables.up.rules
    -I OUTPUT -p tcp –dport 4949 -m state –state NEW,ESTABLISHED -j ACCEPT
    -I INPUT -p tcp –dport 4949 -m state –state ESTABLISHED -j ACCEPT
    $ iptables-restore < /etc/iptables.up.rules

    got the same error as mark… did not quite understand what you meant about removing line break '*filter*

  27. Sudhanshu says:

    That is definitely there, though it’s always good to know when all needs to be done.

  28. Sudhanshu says:

    You need to remove the extra line between the lines
    *filter

    # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn’t use lo0

  29. emperor says:

    Pls can u setup a vps server without having a hostname?

  30. Sudhanshu says:

    You can certainly do that. You can use anything there if you’re not hoping to send out emails or have a way to identify your server.

  31. Glenn says:

    Hi Sir,

    I would like to ask, if this VPS set up can be access using IP outside the network? I just need a development server where i can access it outside network for some reason.

  32. Sudhanshu says:

    It depends on where is the server located. If you setup a server internally, then it will won’t be available outside the network.

  33. [...] the VXTIndia blog there’s a recent post that gives you a very complete guide to setting up a VPS server running Ubunut with all of the software you’d need to get a (more [...]




Social


Find us on Facebook
Follow us on Github
Track us on Basecamp