su -
apt install sudo
adduser spout sudosudo apt update
sudo apt upgradesudo apt install byobu
byobu
# Launch auto at login
byobu-enablesudo nano /etc/ssh/sshd_config
Port 7022
sudo service ssh restartsudo apt install ufw
sudo nano /etc/default/ufw
IPV6=no
sudo ufw disable
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
# ufw allow ssh
sudo ufw allow 7022/tcp
sudo ufw allow http
sudo ufw show added
sudo ufw enable
sudo ufw statussudo apt install fail2ban
sudo nano /etc/fail2ban/jail.conf
destemail = [email protected]
action = %(action_mwl)s
# action_ => simple ban
# action_mw => ban et envoi de mail
# action_mwl => ban, envoi de mail accompagné des logs
sudo service fail2ban restartsudo apt install exim4-config
sudo dpkg-reconfigure exim4-config- internet site; mail is sent and received directly using SMTP
- System mail name: ENTER
- IP-addresses: ENTER
- Other destinations: ENTER
- Domains to relay mail for: ENTER
- Machines to relay mail for: ENTER
- Keep number of DNS-queries minimal: NO
- Delivery method: mbox format
- Split configuration into small files: NO
sudo apt-get -y install apt-transport-https lsb-release ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sudo sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
sudo apt-get updatehttps://www.geek17.com/fr/content/debian-9-stretch-installer-et-configurer-mariadb-65 https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-debian-9
sudo apt install mariadb-server
sudo mysql_secure_installationsudo mysql -u root -pUSE mysql;
UPDATE user SET plugin='' WHERE user='root';
FLUSH PRIVILEGES;
EXIT;mysql -u root -psudo apt install php8.2-fpm php8.2-gd php8.2-mysql php8.2-pgsql php8.2-sqlite3 php8.2-mbstring php8.2-xml php8.2-intl php8.2-curl php8.2-zip php8.2-soap php8.2-redissudo apt install nginx
sudo nano /etc/nginx/sites-available/default
root /var/www;
index index.php index.html index.htm
# Uncomment location ~\.php$ {
# Uncomment include snippets/fastcgi-php.conf;
# Uncomment fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
sudo service nginx reload
sudo chown www-data:www-data /var/www
sudo chmod g+w /var/www
# Gzip
sudo nano /etc/nginx/nginx.conf
# Uncomment:
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
sudo nano /etc/nginx/nginx.conf
# Uncomment:
server_tokens off;
sudo service nginx reloadsudo dpkg-reconfigure locales
# fr_FR.UTF-8
# nl_NL.UTF-8
locale -asudo apt install gettextsudo apt install redis-serversudo apt install clamav clamav-freshclamsudo nano /usr/bin/adminer-update
#!/bin/bash
wget -O /var/www/adminer.php https://www.adminer.org/latest.php
sudo chmod +x /usr/bin/adminer-update
sudo adminer-updatesudo apt install curlcurl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
sudo python get-pip.pypip install --user pipenv
nano ~/.profile
export PATH="$PATH:~/.local/bin"
source ~/.profilesudo apt install gitcurl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash
nano ~/.bashrc
export PATH="/home/spout/.pyenv/bin:$PATH"
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"sudo apt install zip unzipwget http://downloads.sourceforge.net/project/optipng/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz
tar -xvzf optipng-0.7.7.tar.gz
cd optipng-0.7.7
./configure
make
sudo make installsudo apt install libjpeg-dev
wget https://www.kokkonen.net/tjko/src/jpegoptim-1.4.6.tar.gz
tar -xvzf jpegoptim-1.4.6.tar.gz
cd jpegoptim-1.4.6
./configure
make
sudo make installhttps://www.vultr.com/docs/how-to-install-teamspeak-3-server-on-debian-9-stretch
sudo adduser --disabled-login teamspeak
sudo su teamspeak
cd
wget https://files.teamspeak-services.com/releases/server/3.9.1/teamspeak3-server_linux_amd64-3.9.1.tar.bz2
tar xvf teamspeak3-server_linux_amd64-3.9.1.tar.bz2
rm teamspeak3-server_linux_amd64-3.9.1.tar.bz2
cd teamspeak3-server_linux_amd64
touch .ts3server_license_acceptedsudo nano /etc/init.d/teamspeak#!/bin/sh
### BEGIN INIT INFO
# Provides: teamspeak
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Description: Teamspeak 3 Server
### END INIT INFO
######################################
# Customize values for your needs: "User"; "DIR"
USER="teamspeak"
DIR="/home/teamspeak/teamspeak3-server_linux_amd64"
###### Teamspeak 3 server start/stop script ######
case "$1" in
start)
su $USER -c "${DIR}/ts3server_startscript.sh start"
;;
stop)
su $USER -c "${DIR}/ts3server_startscript.sh stop"
;;
restart)
su $USER -c "${DIR}/ts3server_startscript.sh restart"
;;
status)
su $USER -c "${DIR}/ts3server_startscript.sh status"
;;
*)
echo "Usage: {start|stop|restart|status}" >&2
exit 1
;;
esac
exit 0sudo chmod +x /etc/init.d/teamspeak
sudo update-rc.d teamspeak defaults
sudo service teamspeak startsudo ufw allow 9987/udp
sudo ufw allow 30033/tcp
sudo ufw allow 10011/tcpsudo apt install mcsudo usermod -g www-data spout
sudo chown www-data:www-data /var/www
sudo chmod g+w /var/wwwhttps://certbot.eff.org/instructions?ws=other&os=debianbuster
sudo ufw allow httpshttps://snapcraft.io/docs/installing-snap-on-debian
sudo apt install snapd
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo snap set certbot trust-plugin-with-root=ok
nano /etc/nginx/sites-available/example.com
location ~ /.well-known {
allow all;
root /var/www;
}
sudo nginx -t
sudo service nginx reload
sudo certbot certonly --webroot -w /var/www/ -d example.com -d www.example.com --rsa-key-size 4096
# Wildcard
certbot certonly --manual --preferred-challenges dns --register -d example.com -d *.example.com
sudo certbot renew --dry-run
sudo crontab -e
0 */12 * * * certbot renew --quiet --post-hook "service nginx reload"
sudo openssl dhparam -out /etc/ssl/private/dhparams.pem 4096
sudo nano /etc/nginx/nginx.conf
##
# SSL Settings
##
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
#ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/ssl/private/dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";https://certbot-dns-ovh.readthedocs.io/en/stable/
sudo snap install certbot-dns-ovh
mkdir -p /root/.secrets/certbot
nano /root/.secrets/certbot/ovh.ini
# OVH API credentials used by Certbot
dns_ovh_endpoint = ovh-eu
dns_ovh_application_key = MDAwMDAwMDAwMDAw
dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
sudo certbot certonly --dns-ovh --dns-ovh-credentials /root/.secrets/certbot/ovh.ini --dns-ovh-propagation-seconds 60 -d example.com -d *.example.comsudo apt install supervisorsudo apt install python-dev
sudo apt install python3-devsudo apt install default-libmysqlclient-devsudo apt install libtiff5-dev libjpeg62-turbo-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-devsudo apt install libcurl4-openssl-devsudo apt install libxml2-dev libxslt1-devsudo apt install libffi-devhttps://www.postgresql.org/download/linux/debian/
sudo nano /etc/apt/sources.list.d/pgdg.list
deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update
sudo apt install postgresql-11 postgresql-11-postgis-2.5
sudo nano /etc/postgresql/11/main/pg_hba.conf
local all all trust # replace peer with trust
sudo service postgresql restart
sudo -u postgres -i
psql -U postgres
ALTER USER postgres with password 'secret';
exit;
sudo nano /etc/postgresql/11/main/pg_hba.conf
local all postgres md5 # replace trust with md5
sudo service postgresql restart
# Create user
sudo su - postgres
createuser -s spout -P
# Create DB
createdb test_db
# Drop all tables
DROP SCHEMA public CASCADE;
CREATE SCHEMA public;
GRANT ALL ON SCHEMA public TO postgres;
GRANT ALL ON SCHEMA public TO public;
# Restore backup
psql -d database_name -U spout -f backup.sqlsudo mkdir /usr/share/GeoLite2
cd /usr/share/GeoLite2
sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
sudo tar -xvzf GeoLite2-City.tar.gz
sudo mv GeoLite2-City_20190924/GeoLite2-City.mmdb .
sudo rm -rf GeoLite2-City_20190924/
sudo rm GeoLite2-City.tar.gzcurl https://rclone.org/install.sh | sudo bashsudo wget https://raw.githubusercontent.com/spout/debian-10-install-cheatsheet/master/backup.php -O /opt/backup.php
sudo nano /opt/backup.php
sudo chmod +x /opt/backup.php
sudo ln -s /opt/backup.php /etc/cron.daily/backup
sudo run-parts --test /etc/cron.dailyhttps://docs.netdata.cloud/packaging/installer/#one-line-installation https://docs.netdata.cloud/docs/running-behind-nginx/#why-nginx
sudo apt install ncducurl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt-get install -y nodejssudo apt install htophttps://www.linuxuprising.com/2021/09/how-to-install-oracle-java-17-lts-on.html
su -
echo "deb http://ppa.launchpad.net/linuxuprising/java/ubuntu focal main" | tee /etc/apt/sources.list.d/linuxuprising-java.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 73C3DB2A
apt update
exit
sudo apt install oracle-java17-installer --install-recommends