Server Setup Guide

# Connect to your server
ssh root@your-server-ip

# Update system packages
apt update && apt upgrade -y  # Ubuntu/Debian
yum update -y                 # CentOS/RHEL

# Create new user
adduser username

# Add to sudo group
usermod -aG sudo username     # Ubuntu/Debian
usermod -aG wheel username    # CentOS/RHEL

# Switch to new user
su - username

# On your local machine, generate SSH key
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

# Copy public key to server
ssh-copy-id username@your-server-ip

# Or manually copy the key
mkdir ~/.ssh
nano ~/.ssh/authorized_keys
# Paste your public key here
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

# Edit SSH configuration
sudo nano /etc/ssh/sshd_config

# Recommended settings:
Port 2222                    # Change default port
PermitRootLogin no          # Disable root login
PasswordAuthentication no   # Use keys only
PubkeyAuthentication yes    # Enable key auth
MaxAuthTries 3              # Limit auth attempts

# Restart SSH service
sudo systemctl restart ssh

# Enable UFW
sudo ufw enable

# Allow SSH (use your custom port)
sudo ufw allow 2222/tcp

# Allow HTTP and HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Check status
sudo ufw status

# Start and enable firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld

# Allow services
sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

# Reload configuration
sudo firewall-cmd --reload

# Install Fail2Ban
sudo apt install fail2ban     # Ubuntu/Debian
sudo yum install fail2ban     # CentOS/RHEL

# Configure Fail2Ban
sudo nano /etc/fail2ban/jail.local

# Add configuration:
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3

[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

# Start and enable service
sudo systemctl start fail2ban
sudo systemctl enable fail2ban

# Install Nginx
sudo apt install nginx       # Ubuntu/Debian
sudo yum install nginx       # CentOS/RHEL

# Start and enable service
sudo systemctl start nginx
sudo systemctl enable nginx

# Basic configuration
sudo nano /etc/nginx/sites-available/default

# Example configuration:
server {
    listen 80;
    server_name your-domain.com;
    root /var/www/html;
    index index.html index.php;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }
}

# Test configuration
sudo nginx -t

# Reload Nginx
sudo systemctl reload nginx

# Install Apache
sudo apt install apache2     # Ubuntu/Debian
sudo yum install httpd       # CentOS/RHEL

# Start and enable service
sudo systemctl start apache2  # Ubuntu/Debian
sudo systemctl start httpd    # CentOS/RHEL
sudo systemctl enable apache2 # Ubuntu/Debian
sudo systemctl enable httpd   # CentOS/RHEL

# Basic configuration
sudo nano /etc/apache2/sites-available/000-default.conf

# Example configuration:
<VirtualHost *:80>
    ServerName your-domain.com
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

# Enable site and reload
sudo a2ensite 000-default
sudo systemctl reload apache2

# Install MySQL/MariaDB
sudo apt install mysql-server    # Ubuntu/Debian
sudo yum install mariadb-server  # CentOS/RHEL

# Start and enable service
sudo systemctl start mysql       # Ubuntu/Debian
sudo systemctl start mariadb     # CentOS/RHEL
sudo systemctl enable mysql      # Ubuntu/Debian
sudo systemctl enable mariadb    # CentOS/RHEL

# Secure installation
sudo mysql_secure_installation

# Create database and user
sudo mysql -u root -p

CREATE DATABASE your_database;
CREATE USER 'your_user'@'localhost' IDENTIFIED BY 'strong_password';
GRANT ALL PRIVILEGES ON your_database.* TO 'your_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

# Install PostgreSQL
sudo apt install postgresql postgresql-contrib  # Ubuntu/Debian
sudo yum install postgresql-server postgresql-contrib  # CentOS/RHEL

# Initialize database (CentOS/RHEL only)
sudo postgresql-setup initdb

# Start and enable service
sudo systemctl start postgresql
sudo systemctl enable postgresql

# Create database and user
sudo -u postgres psql

CREATE DATABASE your_database;
CREATE USER your_user WITH PASSWORD 'strong_password';
GRANT ALL PRIVILEGES ON DATABASE your_database TO your_user;
\q

# Install PHP and common extensions
sudo apt install php php-fpm php-mysql php-curl php-gd php-mbstring php-xml php-zip

# Configure PHP-FPM
sudo nano /etc/php/7.4/fpm/php.ini

# Recommended settings:
memory_limit = 256M
upload_max_filesize = 64M
post_max_size = 64M
max_execution_time = 300

# Restart PHP-FPM
sudo systemctl restart php7.4-fpm

# Install Certbot
sudo apt install certbot python3-certbot-nginx  # For Nginx
sudo apt install certbot python3-certbot-apache # For Apache

# Obtain certificate
sudo certbot --nginx -d your-domain.com         # For Nginx
sudo certbot --apache -d your-domain.com        # For Apache

# Auto-renewal setup
sudo crontab -e
# Add this line:
0 12 * * * /usr/bin/certbot renew --quiet

# Install htop and iotop
sudo apt install htop iotop nethogs

# Install Netdata (real-time monitoring)
bash <(curl -Ss https://my-netdata.io/kickstart.sh)

# Access Netdata at http://your-server-ip:19999

# Install logwatch
sudo apt install logwatch

# Configure logwatch
sudo nano /etc/logwatch/conf/logwatch.conf

# Set email for reports
MailTo = your-email@example.com
Range = yesterday
Detail = Med

# Test logwatch
sudo logwatch --detail Med --mailto your-email@example.com --range yesterday

# Create backup script
sudo nano /usr/local/bin/backup.sh

#!/bin/bash
# Backup script

BACKUP_DIR="/backup"
DATE=$(date +%Y%m%d_%H%M%S)

# Create backup directory
mkdir -p $BACKUP_DIR

# Backup databases
mysqldump -u root -p your_database > $BACKUP_DIR/database_$DATE.sql

# Backup website files
tar -czf $BACKUP_DIR/website_$DATE.tar.gz /var/www/html

# Backup configuration files
tar -czf $BACKUP_DIR/config_$DATE.tar.gz /etc/nginx /etc/apache2 /etc/mysql

# Remove old backups (keep 7 days)
find $BACKUP_DIR -name "*.sql" -mtime +7 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete

echo "Backup completed: $DATE"

# Make script executable
sudo chmod +x /usr/local/bin/backup.sh

# Add to crontab
sudo crontab -e
# Add this line for daily backup at 2 AM:
0 2 * * * /usr/local/bin/backup.sh

# Optimize system limits
sudo nano /etc/security/limits.conf

# Add these lines:
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536

# Optimize kernel parameters
sudo nano /etc/sysctl.conf

# Add these lines:
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 65536 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.netdev_max_backlog = 5000

# Apply changes
sudo sysctl -p

# Edit Nginx configuration
sudo nano /etc/nginx/nginx.conf

# Optimize settings:
worker_processes auto;
worker_connections 1024;

gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml;

# Enable caching
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    expires 1y;
    add_header Cache-Control "public, immutable";
}

# Development tools
sudo apt install git curl wget vim nano

# System monitoring
sudo apt install htop iotop nethogs ncdu

# Network tools
sudo apt install nmap tcpdump wireshark-common

# Compression tools
sudo apt install zip unzip p7zip-full

# Text processing
sudo apt install jq xmlstarlet

# Check top processes
top
htop

# Check specific process
ps aux | grep process_name

# Check memory usage
free -h
cat /proc/meminfo

# Find memory-hungry processes
ps aux --sort=-%mem | head

# Check disk usage
df -h
du -sh /*

# Find large files
find / -type f -size +100M 2>/dev/null

# Check network connectivity
ping google.com
traceroute google.com

# Check open ports
netstat -tulpn
ss -tulpn