Ubuntu Linux Operating System

Ubuntu Server Setup

Who will find the tutorial ‘Ubuntu Server Setup’ useful?

Whether you are using Google Cloud Platform, Digital Ocean, AWS web solutions, or any other unmanaged VM hosting provider, the chance is, you will have to start your webserver from scratch.

If you don’t feel confident in your Linux server administration skills, purchase a $5/mo VM at DigitalOcean or Free 1 Year AWS or any other cloud hosting provider, and start building your web server. You will be learning in the process of creating and updating of the server.

The way you create a user, setting a password, and starting the first project may vary. Different hosting providers have different names for their VM. Digital Ocean uses the term droplet, while Google Cloud hosting refers to them as a ‘VM Instance’. More or less the process is similar, going into details for anyone of them is out of scope of this article.

Prerequisites

Your Droplet, Compute Engine Instance, or any other VM running.

Ubuntu Server Setup

The assumption is you have a root user name/password and the IP address of the virtual machine. Login into your VM for the first time with Open SSH client or PuTTY (Windows)

$ ssh root@your_new_server_ip

First thing when you login into your server is to update the packages and install all the latest version. You do this with the two consecutive commands.

sudo apt update
sudo apt upgrade

Next step is to change the root password. This is a precautionary measure.

sudo passwd

Root user is an administrative user in Linux, you only use it when working on the server. Root privileges are too high, that is why you do not use it on a regular basis. Therefore the next step is to create a normal user. For the sake of this example I created a user called jamie. Notice the usernames and passwords are case sensitive.

$ adduser Jamie

While adding a user you will answer several question, starting with the user’s password. Choose a strong password for your real world user. Also fill out all the different information. If you wish to skip particular field, hit ENTER. It is your own server, after all.

Granting Superuser Privileges to the new User

Having to enter the root password every time you need to do administrative tasks is rather daunting prospect. Instead you can give “superuser” privileges to our new user. This way you will not have to log out of our normal user and log back in as the root account. Any time you need to do administrative task, you will add sudo before the command.

Run the command that will make our new user a member of the sudo (superusers) group as root (because only root can change other users):

$ usermod -aG sudo jamie

Setup Ubuntu Native Firewall UFW

UFW stands for Uncomplicated Firewall and so it is. It is easy to setup, to add or remove ports, interfaces, and protocols. Also, UFW is installed by default on Debian and Ubuntu. If not, try installing it using :

$ sudo apt install ufw

UFW Initial Setting

Alternatively, you can check if the UFW is already installed by typing the following command:

$ sudo ufw status

After the installation, UFW is disabled by default, so the answer will be

Status: inactive

Enabling UFW is easy. After that comes setting the default policy. The best practice is to allow outgoing and deny incoming connections by default. If you don’t specify the protocol, the policy will apply to all three of them: tcp, udp, and icmp

$ sudo ufw enable
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing

One of the first services to allow after enabling UFW is SSH. The default SSH port is 22, but people often choose another port from 1024 to 65535 just to avoid their logs cluttered by the port scanners.

$ sudo ufw allow ssh

Or alternatively, if you are using a port above 1024 (IANA registered ports that can be used by another service), the port 22022 in the example, the command would be:

$ sudo ufw allow 22022/tcp

You can view the allowed connections with the following UFW command.

$ sudo ufw status

The output will be something similar

Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere

Leave a Comment

Your email address will not be published. Required fields are marked *