Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

setupadmin@tin:~$ sudo apt update

Hit:1 http://ca.archive.ubuntu.com/ubuntu jammy InRelease

Hit:2 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease

Hit:3 http://security.ubuntu.com/ubuntu jammy-security InRelease

Hit:4 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

2 packages can be upgraded. Run 'apt list --upgradable' to see them.

setupadmin@tin:~$ sudo apt upgrade

Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

Calculating upgrade... Done

The following packages have been kept back:

python3-update-manager update-manager-core

0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.

Table of Contents

Introduction

Describes production proven Bonsai Framework approach to setup of a Ubuntu

...

Server version 22.

Bash script version is also maintained for quick setup.

Initial Setup

To follow through these tutorials you should have basic understanding of networks and know how to edit files on Ubuntu through terminal or sftp.

Note

For security reasons may want to replace the account names in this tutorial especially setupadmin with something else of your choosing.

Download

If you are working for a large organization, it is recommended to use the LTS (Long Term Support) version,

https://www.ubuntu.com/download/server

...

Hosting at Home

...

Before paying for hosting, practice on your desktop using virtualization technology. If you have minimal needs, you might want to host from home.

...

Hosting Company

When using a hosting company, currently KVM based solutions the most cost effective where 1GB of RAM is required. See the Bonsai Framework discussion on Hosting for further details.

Cloud

You may also consider using Cloud with instructions here,

  • Azure (to write though it's pretty point and click)
  • AWS

Follow this article for Home Server Virtualization.

Installing from Scratch in a Virtual Environment

If you are installing Ubuntu from scratch within a Virtual environment Ubuntu has a special Virtual option to optimize performance.

Tip

These instructions are currently written and then updated for Ubuntu 12.10, 13.x, 14.04.2 (April 2015), 16.04.1 (Oct 2016)

You may use these instructions for other versions, but there may be slight differences in the order of events.

  1. Select your language and press Enter.
  2. On the install screen hit F4
    1. Select Install a minimal virtual machine and press enter.
    2. There will be no apparent change on install screen, but don't worry it worked.
  3. Install Ubuntu Server should be highlighted by default (if not select it), press enter.
  4. You will be prompted for Language, choose English.
  5. When asked for Country, choose your country, in our case we use Canada.
  6. When asked to configure the keyboard, provided you are using English,
    1. Choose No to "Detect keyboard layout"?
    2. Select English (US) to "Country of origin for the keyboard".
    3. English (US) to "Keyboard layout".
  7. For hostname, applying the Bonsai framework naming standards we will use, bonsaih0v00a
  8. The first account is privileged. Use for Full name: Setup Admin
  9. Username for your account: setupadmin
  10. Password for you acount. The Bonsai Framework password standard should suffice. By default we will not be enabling any services like ssh.
  11. "Encrypt your home directory?" No (you can choose yes here, but in a closed server environment this will probably cause more head-ache then add to security)
  12. When asked for your time zone, pick your time zone.
  13. On Partitions disk choose Guided - use entire disk and set up LVM (Here's what LVM does).
  14. When asked to select disk partition, usually you will only have one. By default that will be selected. Just push Enter.
  15. "Write the change to disks and configure LVM?" Choose Yes.
  16. For partition prompts choose defaults, how big for swap or root ect, just go with defaults. This used to be important but now with LVM and modern Linux systems this is no longer that important.
  17. "Amount of volume group to use for guided partitioning:" Continue.
  18. One final confirmation, "Write the changes to disk?" Yes.
  19. HTTP proxy information. Unless you are behind a proxy (unlikely unless you on a company network), leave blank, Continue.
  20. "How do you want to manage to upgrades on this system?" For maximum control, use, No automatic updates. For large enterprise environments consider Ubuntu Landscape.
  21. "Choose software to install:" do not select anything. If OpenSSH server is required, make sure to use a very very strong password and switch to SSH key authentication as soon as possible. Systems can be compromised within 1 hour.
  22. Assuming this is a new server, Yes to "Install the GRUB boot loader to the master boot record?".
  23. Installation complete. Choose Continue to reboot the system.

Boot up your Virtual Server.

Be default, "*Try or Install Ubuntu Server" will be selected. Hit "Enter".

Language selection : Use the Up/Down arrow keys to select your language and then hit "Enter".

Installer update available : If you have a fast connection use "Update to the new installer". "Enter".

Keyboard configuration : "Enter" unless you have a special keyboard.

Choose type of install :

  1. Use your up arrow to move the cursor to "Search for third-party drivers" and hit space-bar to enable, it will select it like this "[X]"
  2. Go back down to "Done" and hit "Enter".

Network connections : You should see something under NAME adjacent to DHCPv4. Record it. In my case, ens33 and 10.0.0.211/24. "Enter".

Configure proxy : You should not be using a proxy for home use. "Enter".

Configure Ubuntu archive mirror : Some values will start showing up. You should see somethign like "Hit:1 http://...". Once you see "Reading package lists...", hit "Enter".

Guided storage confguration : Move to Done and "Enter".

Storage configuration : "Enter".

Confirm destruction action : select "Continue", "Enter"

Profile setup :

  • Your name: Setup Admin
  • Your server's name: tin (whatever you want, but don't use spaces or strange charcters)
  • Pick a username: setupadmin
  • Choose a password: The Bonsai Framework password standard should suffice.
  • Done

Upgrade to Ubuntu Pro : We won't need so "Enter".

SSH Setup : Hit space-bar to select then select "Done", "Enter".

Third-party driver : You may see "No applicable third-part drivers are available locally or online". That is fine. "Continue".

Featured Server Snaps : Navigate to "Done", "Enter".

Stuck : At this point you'll see the Ubuntu OS being installed and and when complete you'll see "Reboot Now", select and "Enter", you might see some messages,

  • [FAILED] Failed unmounting /cdrom
  • Please remove the installation medium, then press ENTER:

Go ahead and press "Enter" and you may love your mouse control for a bit. That's ok, just wait.

Reboot Complete : Due to quirk in virtual machines, you may not see your prompt to login. Instead you might see "[ OK ] Reached target Cloud-init target. That's ok, just hit "Enter" and then you'll see the login prompt. IN my case, "tin login: ".

Hosting Company

When using a hosting company, currently KVM based solutions the most cost effective where 1GB of RAM is required. See the Bonsai Framework discussion on Hosting for further details.

Cloud

You may also consider using Cloud with instructions here,

  • Azure (to write though it's pretty point and click)
  • AWS

Starting from a Server Hosted Solution

With most Virtual Server Hosting solutions you will be asked to select a virtual server image operating system which is then built as defined by the hosting provider. Some providers also allow you to install from a linked iso image which provides the most fined grained control and security.

Warning

Some hosting providers modify the Ubuntu Setup or only let you load a pre-configured image. In that case they are just asking for credentials.

With older hosting provider they may ask for a root password. Make sure to select a VERY complex password for the root account. It might be a little annoying, but as you walk through the article you will find that we actually stop using root altogether.

Modern Cloud servers like Microsoft Azure will create a default user account or provide option to provide your public ssh keys. For now choose password. SSH keys with how to load them into your OS will be covered later.

Server Overview

In this example, the server is a virtual machine provided by a hosting company and the following attributes,

Server Name - tinman
Memory - 1024 MB
Disk Space - 40 GB

Info

Our current preferred Virtual Server Hosting solution is vServer Center which also allows users to install Ubuntu from scratch. See the Bonsai Framework discussion on Hosting for further details.

Login

The very first thing to do is to log into the server. There are two main types of login, remote and console.

With a remote login, you are not physically at the machine. This is often accomplished using SSH. By default following these instructions SSH login will not be enabled.

With a console login, you are for all intents and purposes physically at the server. Most hosted solution provide a web based interface to simulate this type of behaviour.

We'll start with console login in your virtual machine and you'll see something like below. Note your IPv4 address, in my case 10.0.0.211.

Code Block
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-91-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage


  System information as of Thu Dec 21 06:18:18 AM UTC 2023


  System load:            0.009765625
  Usage of /:             8.4% of 57.77GB
  Memory usage:           19%
  Swap usage:             0%
  Processes:              201
  Users logged in:        1
  IPv4 address for ens33: 10.0.0.211
  IPv6 address for ens33: 2607:fea8:52a1:ce00::a5c2
  IPv6 address for ens33: 2607:fea8:52a1:ce00:20c:29ff:fe64:cfb1

Expanded Security Maintenance for Applications is not enabled.

44 updates can be applied immediately.
To see these additional updates run: apt list --upgradable

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status

Last login: Thu Dec 21 06:14:05 2023
setupadmin@tin:~$ 

Security First

I usually immediately install fail2ban,

Code Block
sudo apt-get install fail2ban

You don't need to know what it does right away (other than it blocks a user from logging for a period of time after too many incorrect passwords) but it makes your box much safer.

Warning

If your system is on the Internet and you only have SSH login with a user name and password, make sure it is strong. Your password can be broken in within minutes.

You also want to go straight to SSH RSA Key Based Authentication.

Synchronize Server Time

The ntp daemon calculates the drift of your system clock and continuously adjusts it. 

Determine the systems current timezone,

Code Block
languagebash
date # determine current timezone

If you did a fresh setup, you should have the correct time zone and you can skip this step. If your timezone is incorrect, change it,

Code Block
languagebash
sudo dpkg-reconfigure tzdata # sets the timezone

Before proceeding to below instructions, please do an update on ubuntu setup

Code Block
languagebash
sudo apt-get update # updates your basic installation

Install the ntp daemon,

Code Block
languagebash
sudo apt-get install ntp
Info

If you do not want to spare the processing power and memory, consider using other approaches documented by the Ubuntu Community or the traditional cron approach.

Select a Locale

If you used a hosting company like Slice or Rackspace chances are the server image provided is minimal with no locale set. This will cause problems with Perl (used to install quite a few things) and in my case, it caused me head-aches setting up PostgreSQL.

Code Block
languagebash
locale # Look at your current locale.
LANG=en_CA.UTF-8
LC_CTYPE="en_CA.UTF-8"
LC_NUMERIC="en_CA.UTF-8"
LC_TIME="en_CA.UTF-8"
LC_COLLATE="en_CA.UTF-8"
LC_MONETARY="en_CA.UTF-8"
LC_MESSAGES="en_CA.UTF-8"
LC_PAPER="en_CA.UTF-8"
LC_NAME="en_CA.UTF-8"
LC_ADDRESS="en_CA.UTF-8"
LC_TELEPHONE="en_CA.UTF-8"
LC_MEASUREMENT="en_CA.UTF-8"
LC_IDENTIFICATION="en_CA.UTF-8"
LC_ALL=
setupadmin@tinman:~$

If the results show an error or the locale is not set up for UTF-8 as shown above, then run the following commands,

Panel

If you are not from Canada, you can choose another language, just make sure to use UTF-8.

Code Block
languagebash
sudo locale-gen en_CA.UTF-8
sudo update-locale LANG=en_CA.UTF-8

If you changed the locale, log off and then back on.

Finally, verify the locale changes took effect,

Code Block
languagebash
setupadmin@tinman:~$ locale
LANG=en_CA.UTF-8
LC_CTYPE="en_CA.UTF-8"
LC_NUMERIC="en_CA.UTF-8"
LC_TIME="en_CA.UTF-8"
LC_COLLATE="en_CA.UTF-8"
LC_MONETARY="en_CA.UTF-8"
LC_MESSAGES="en_CA.UTF-8"
LC_PAPER="en_CA.UTF-8"
LC_NAME="en_CA.UTF-8"
LC_ADDRESS="en_CA.UTF-8"
LC_TELEPHONE="en_CA.UTF-8"
LC_MEASUREMENT="en_CA.UTF-8"
LC_IDENTIFICATION="en_CA.UTF-8"
LC_ALL=
setupadmin@tinman:~$

Update Repositories

...

Check if you're up to date,

Code Block
languagebash
sudo apt update
Hit:1 http://ca.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:4 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
45 packages can be upgraded. Run 'apt list --upgradable' to see them.

In my case I have 45 packages that can be updated. I'll update them,

Code Block
languagebash
sudo apt-get update

If you are behind a proxy you may run into a problem with how the proxy is caching. To resolve the  GPG errors follow my instructions on resolving proxy caching issues with Ubuntu Updates.

 upgradeReading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
 ubuntu-pro-client-l10n
The following packages have been kept back:
 python3-update-manager update-manager-core
The following packages will be upgraded:
 apparmor apt apt-utils bind9-dnsutils bind9-host bind9-libs cloud-init cryptsetup cryptsetup-bin
 cryptsetup-initramfs distro-info-data git git-man initramfs-tools initramfs-tools-bin
 initramfs-tools-core irqbalance kpartx libapparmor1 libapt-pkg6.0 libcryptsetup12 libldap-2.5-0
 libldap-common libnetplan0 libnss-systemd libpam-systemd libsgutils2-2 libsystemd0 libudev1
 multipath-tools netplan.io python3-software-properties sg3-utils sg3-utils-udev
 software-properties-common sosreport systemd systemd-hwe-hwdb systemd-sysv systemd-timesyncd
 ubuntu-advantage-tools ubuntu-drivers-common udev
43 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 19.2 MB of archives.
After this operation, 5,565 kB disk space will be freed.
Do you want to continue? [Y/n]

Just hit "Enter" is the same as typing Y then hitting "Enter".

If you see a prompt to restart services, go ahead and move the cursor to OK, "Enter".

You can confirm you upgrade with running the "update command" again.

Code Block
languagebash
setupadmin@tin:~$ sudo apt update

Hit:1 http://ca.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:4 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
2 packages can be upgraded. Run 'apt list --upgradable' to see them.

In this case there's two packages that have been held back. That's ok.

Update Server

General Upgrades

Next perform a dist-upgrade. 

Code Block
languagebash
sudo apt-get dist-upgrade # upgrade to the newest kernel

Once you have applications and software running and stable, it is advisable to only perform incremental upgrades and judiciously perform dist-upgrades as appropriate.

During the update, all the update installers are downloaded to your system and kept there for future reference in case you need to re-install. With fast connections, this is not necessary. Clean up,

Code Block
languagebash
sudo apt-get autoclean # use this if you only want to clean out nolonger used packages
sudo apt-get clean # clean out all downloaded packages - I usually use this one
sudo apt-get autoremove # cleans out unused packages
Info

Read Upgrading Ubuntu Packages for more in depth details.

Since this is still a fresh system, restart the system,

Code Block
languagebash
sudo reboot

Shutdown Server

Shutdown your server with this command,


Code Block
languagebash
sudo shutdown -h now


Next Steps

Continue to Ubuntu Firewall Software.