Setting up a full Debian 8 Jessie server

cobito

This summer I plan to upgrade my Debian 7 server to 8. Before doing so, and to make it a clean process, I have documented myself and in the process I have created a mini-guide to get the server up and running.

The guide is divided into 8 sections:

1. It talks about which edition of Debian to use and the complete installation process using the graphical wizard.

2. It covers basic concepts for working with configuration files from the console, the root user and the whole topic of file ownership and permissions in Linux.

3. It is a small section where the installation is finalized by doing things like assigning a local static IP to the machine.

4. It begins the installation of web services which have included Apache, PHP and MariaDB. Within the Apache section there are numerous subcategories where it is explained how to configure the different parameters and some interesting modules.

5. Here content management systems (CMS) will be installed. Wordpress, ownCloud and Moodle have been chosen. The process is quite similar for all three and, barring minor differences, any CMS built in PHP that uses MySQL is installed more or less the same way.

6. This section deals with Transmission and aMule clients run as background processes managed through a web interface or a GUI remotely. Basically it is everything needed to put together an emule-pc that consumes a ridiculous amount of resources.

7. Other services such as FTP, email sending and Samba (CIFS) have also been covered,

8. Finally some tools will be installed to manage and monitor the server remotely.

All sections have two sub-sections: procedure and explanation. In the 'procedure' section only the list of commands and templates for configuration files are given. To know the details of what those commands do and the different configuration parameters, one can refer to the 'explanation'.

For some sections, I have not been very clear about the structuring and I do not know if they will be clear enough. I have also tried to make all sections independent of each other, so that if for example you want to install only Wordpress, you only need to read the section dedicated to its installation by going to the references indicated when necessary.

The link to the mini-guide is this: Guide to set up a server on Debian 8 Jessie.

Any questions or suggestions are welcome.

Fassou

Good contribution

cobito

@Fassou:

Buena aportación

Gracias. Espero que le sirva a alguien en algún momento para algo.

Yorus

I'm sure I will. I always have some trouble with Apache and that part will be useful. When I have the setup up and running again, I'll take a look.

Sent from my Aquaris E4 using Tapatalk

oscarbui

Great tutorial, I just wanted to add, if you don't mind, a couple of notes that you may already know but have omitted for some reason.

To copy and paste on TTY using the mouse, there is the "gpm" package, which makes this simple task much easier.

The text is selected the same way as with the X and to paste we press the secondary button.

You can also make SSH more secure by editing the file /etc/ssh/sshd_config:

PermitRootLogin no

Since root, apart from being root :fumeta:, will probably be the user who receives the most attacks.

MaxAuthTries 2

The number of times we can make mistakes when entering the user-password.

AllowUsers usuario1 usuario2

The accounts indicated in the section will be the only ones that can access.

Once we save the changes we restart the server:

/etc/init.d/ssh restart

There are more options in this file, but these may be the most important.

In case you are as paranoid as I am, I was going to suggest "denyhosts" but they haven't included it in Jessie (for now I remain in Wheezy) and it is used to ban IPs.

And finally, although it is probably a matter of taste, I prefer to have the server in the DMZ and I install "ufw", a firewall that "works" on iptables but with simple and intuitive commands.

And that's all, I hope that something is useful to you and thanks again for the tuto.

cobito

Thanks for the notes, oscarbui. I find the topic of setting up SSH particularly interesting and will include it in the next edition.

The topic of not allowing root login personally doesn't work for me, because I manage the file system quite frequently with FISH and I need to be able to access it as root to modify certain files.

Limiting the number of attempts seems very interesting to me. A few months ago I wrote a bash script that read the ssh log periodically and if it saw more than 10 failed login attempts from an IP, it banned that IP with IPtables. I think your solution is more practical, to be honest.

Best regards and I'm glad you like the guide.