Debian Server
Material in Courses: Networks Wt1 Tags: Web OpsThis is a short Manual on how to configure a Debian virtual Server hosted at HTW FB4.
General Things
Snowflakes
Configuring a server manually results in a Snowflake Server.
I’ve logged the config changes as best I could in this repo, check the commits: https://github.com/htw-imi-networks/example-config
Shell & Path
… TBD
Path
# echo $PATH
Editor
You should be able to survive in one of the available editors, e.g. VI
Set the default editor to ensure it is used eg. by visudo:
root@infrastructure:~ # update-alternatives --config editor
Firewall
There is a script that configures the firewall. Don’t touch it for now. If you want to,
# sudo vi ~root/firewall.sh
# sudo ~root/firewall.sh
First Login
Initial Configuration of Debian Virtual Machines
Each group will get and share a virtual machine for the term. The machines will be assigned in the lab.
Note: replace with the name of your server - see BNF
Setup Users for all Team Members
You should always log in with a different user and become root once you are on the machine. Use the given user local
for the first login:
# ssh local@<your-server>.f4.htw-berlin.de
Then, become root and create a user for each person in your group. It’s convenient to use the same user name as on your local machine.
local@<your-server>:~ # su -
Password:
root@<your-server>:~ # adduser <username>
Adding user `<username>' ...
Adding new group `<username>' (1001) ...
Adding new user `<username>' (1001) with group `<username>' ...
Creating home directory `/home/<username>' ...
Copying files from `/etc/skel' ...
New password:
Edit Path
/usr/sbin is missing in the path, add it to bashrc.
# echo "export PATH=/usr/sbin/:$PATH" >> ~/.bashrc
Public Key Authorisation
It’s convenient to set up public key authorization. To do so, generate
a key pair per user and add the public key to the file ~/.ssh/authorized_keys
On your machine:
# ssh-keygen -t rsa -b 4096 -C "barne.<username>@htw-berlin.de"
Copy the key:
# ssh-copy-id -i ~/.ssh/id_rsa.pub <username>@<your-server>.f4.htw-berlin.de
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/<username>/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
<username>@<your-server>.f4.htw-berlin.de's password:
Number of key(s) added:
1
Now try logging into the machine, with:
"ssh '<username>@<your-server>.f4.htw-berlin.de'"
and check to make sure that only the key(s) you wanted were added.
Add Users to Sudoers
What is Sudo
SU - Substitute User Do - Do
- execute a command as root.
As you all administrate the server, you should add all users to the sudoers.
Add User to Group sudo
Login and become root.
# ssh local@<your-server>
# su -
Add users to unix group “sudo”
root@infrastructure:~ # adduser <user> sudo
Adding user `kleinen' to group `sudo' ...
Adding user kleinen to group sudo
Done.
-> jetzt geht sudo mit password.
Enable passwordless sudo
Edit /etc/sudoers using the visudo command (which does not necessarily open vi as the command suggests, but your default editor - see above).
Note: In general, this is a bad idea - but for practicing server setup, it’s convenient. If something goes wrong, we’ll just throw away the server.
root@infrastructure # visudo
and add the line %sudo ALL=(ALL) NOPASSWD: ALL
- see this commit
Install Nginx
Installing Nginx is pretty straightforward. I found a good introduction from Digital Ocean,just follow it - but skip the firewall part!
How to Install Nginx on Debian 10 | DigitalOcean
(Firewall: we don’t have the newer ufw firewall yet. For now, you don’t need to adjust the firewall settings, Port 80 is open, so you don’ t need to do anything)
- systemctl status nginx
- systemctl stop nginx
- systemctl start nginx
Create a configuration and link it to sites-enabled
# sudo vi /etc/nginx/sites-available/infrastructure
...
# sudo ln -s /etc/nginx/sites-available/infrastructure /etc/nginx/sites-enabled/
see the commit for the complete example.
Operation System & Debian Doc
You can get info about the os with lsb_release -a
- Chapter 1. GNU/Linux tutorials
- Debian – Documentation
- contains the administrator’s handbook and the Debian reference