|Table of Contents|
Describes production proven Bonsai Framework approach to setup of a Ubuntu server.
Bash script version is also maintained for quick setup.
To follow through these tutorials you should have basic understanding of networks and know how to edit files on Ubuntu through terminal or sftp.
For security reasons may want to replace the account names in this tutorial especially setupadmin with something else of your choosing.
If you are working for a large organization, it is recommended to use the LTS (Long Term Support) version,
Your Own Home System
Before paying for hosting, practice on your desktop using virtualization technology. If you have minimal needs, you might want to host from home.
When using a hosting company, currently KVM based solutions the most cost effective where 1GB of RAM is required. See the Bonsai Framework discussion on Hosting for further details.
- Azure (to write though it's pretty point and click)
Installing from Scratch in a Virtual Environment
If you are installing Ubuntu from scratch within a Virtual environment Ubuntu has a special Virtual option to optimize performance.
- Select your language and press Enter.
- On the install screen hit F4
- Select Install a minimal virtual machine and press enter.
- There will be no apparent change on install screen, but don't worry it worked.
- Install Ubuntu Server should be highlighted by default (if not select it), press enter.
- You will be prompted for Language, choose English.
- When asked for Country, choose your country, in our case we use Canada.
- When asked to configure the keyboard, provided you are using English,
- Choose No to "Detect keyboard layout"?
- Select English (US) to "Country of origin for the keyboard".
- English (US) to "Keyboard layout".
- For hostname, applying the Bonsai framework naming standards we will use, bonsaih0v00a
- The first account is privileged. Use for Full name: Setup Admin
- Username for your account: setupadmin
- Password for you acount. The Bonsai Framework password standard should suffice. By default we will not be enabling any services like ssh.
- "Encrypt your home directory?" No (you can choose yes here, but in a closed server environment this will probably cause more head-ache then add to security)
- When asked for your time zone, pick your time zone.
- On Partitions disk choose Guided - use entire disk and set up LVM (Here's what LVM does).
- When asked to select disk partition, usually you will only have one. By default that will be selected. Just push Enter.
- "Write the change to disks and configure LVM?" Choose Yes.
- For partition prompts choose defaults, how big for swap or root ect, just go with defaults. This used to be important but now with LVM and modern Linux systems this is no longer that important.
- "Amount of volume group to use for guided partitioning:" Continue.
- One final confirmation, "Write the changes to disk?" Yes.
- HTTP proxy information. Unless you are behind a proxy (unlikely unless you on a company network), leave blank, Continue.
- "How do you want to manage to upgrades on this system?" For maximum control, use, No automatic updates. For large enterprise environments consider Ubuntu Landscape.
- "Choose software to install:" do not select anything. If OpenSSH server is required, make sure to use a very very strong password and switch to SSH key authentication as soon as possible. Systems can be compromised within 1 hour.
- Assuming this is a new server, Yes to "Install the GRUB boot loader to the master boot record?".
- Installation complete. Choose Continue to reboot the system.
Starting from a Server Hosted Solution
With most Virtual Server Hosting solutions you will be asked to select a virtual server image operating system which is then built as defined by the hosting provider. Some providers also allow you to install from a linked iso image which provides the most fined grained control and security.
Some hosting providers modify the Ubuntu Setup or only let you load a pre-configured image. In that case they are just asking for credentials.
With older hosting provider they may ask for a root password. Make sure to select a VERY complex password for the root account. It might be a little annoying, but as you walk through the article you will find that we actually stop using root altogether.
Modern Cloud servers like Microsoft Azure will create a default user account or provide option to provide your public ssh keys. For now choose password. SSH keys with how to load them into your OS will be covered later.
In this example, the server is a virtual machine provided by a hosting company and the following attributes,
The very first thing to do is to log into the server. There are two main types of login, remote and console.
If your system is on the Internet and you only have SSH login with a user name and password, make sure it is strong. Your password can be broken in within minutes.
Synchronize Server Time
The ntp daemon calculates the drift of your system clock and continuously adjusts it.
Select a Locale
If you used a hosting company like Slice or Rackspace chances are the server image provided is minimal with no locale set. This will cause problems with Perl (used to install quite a few things) and in my case, it caused me head-aches setting up PostgreSQL.
If you are not from Canada, you can choose another language, just make sure to use UTF-8.
If you changed the locale, log off and then back on.
Finally, verify the locale changes took effect,
As of Ubuntu 8.10 it this has been simplified. We used to have to edit the sources.list to point your server to the universe and multi verse repository in order to install more popular packages. Now, even the minimal Server install already has what you need. So we can go straight to updating the indexes,
If you are behind a proxy you may run into a problem with how the proxy is caching. To resolve the GPG errors follow my instructions on resolving proxy caching issues with Ubuntu Updates.
Next perform a dist-upgrade.
Continue to Ubuntu Firewall Software.