Skip to content

Latest commit

 

History

History
559 lines (434 loc) · 11.1 KB

README.md

File metadata and controls

559 lines (434 loc) · 11.1 KB

debian-10-install-cheatsheet

sudo

su -
apt install sudo
adduser spout sudo

Update

sudo apt update
sudo apt upgrade

byobu

sudo apt install byobu
byobu

# Launch auto at login
byobu-enable

SSH

sudo nano /etc/ssh/sshd_config
Port 7022

sudo service ssh restart

Firewall

https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server

sudo apt install ufw

sudo nano /etc/default/ufw
IPV6=no

sudo ufw disable
sudo ufw enable

sudo ufw default deny incoming
sudo ufw default allow outgoing

# ufw allow ssh
sudo ufw allow 7022/tcp
sudo ufw allow http

sudo ufw show added
sudo ufw enable
sudo ufw status

fail2ban

sudo apt install fail2ban
sudo nano /etc/fail2ban/jail.conf

destemail = [email protected]
action = %(action_mwl)s

# action_ => simple ban
# action_mw => ban et envoi de mail
# action_mwl => ban, envoi de mail accompagné des logs

sudo service fail2ban restart

Mail

sudo apt install exim4-config
sudo dpkg-reconfigure exim4-config
  1. internet site; mail is sent and received directly using SMTP
  2. System mail name: ENTER
  3. IP-addresses: ENTER
  4. Other destinations: ENTER
  5. Domains to relay mail for: ENTER
  6. Machines to relay mail for: ENTER
  7. Keep number of DNS-queries minimal: NO
  8. Delivery method: mbox format
  9. Split configuration into small files: NO

DEB.SURY.ORG

https://deb.sury.org/

sudo apt-get -y install apt-transport-https lsb-release ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sudo sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
sudo apt-get update

MariaDB

https://www.geek17.com/fr/content/debian-9-stretch-installer-et-configurer-mariadb-65 https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-debian-9

sudo apt install mariadb-server
sudo mysql_secure_installation
sudo mysql -u root -p
USE mysql;
UPDATE user SET plugin='' WHERE user='root';
FLUSH PRIVILEGES;
EXIT;
mysql -u root -p

PHP

sudo apt install php8.2-fpm php8.2-gd php8.2-mysql php8.2-pgsql php8.2-sqlite3 php8.2-mbstring php8.2-xml php8.2-intl php8.2-curl php8.2-zip php8.2-soap php8.2-redis

nginx

sudo apt install nginx

sudo nano /etc/nginx/sites-available/default

root /var/www;
index index.php index.html index.htm

# Uncomment location ~\.php$ {
# Uncomment include snippets/fastcgi-php.conf;
# Uncomment fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

sudo service nginx reload

sudo chown www-data:www-data /var/www
sudo chmod g+w /var/www

# Gzip
sudo nano /etc/nginx/nginx.conf
# Uncomment:
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

sudo nano /etc/nginx/nginx.conf
# Uncomment:
server_tokens off;

sudo service nginx reload

Locales

sudo dpkg-reconfigure locales

# fr_FR.UTF-8
# nl_NL.UTF-8

locale -a

Gettext

sudo apt install gettext

Redis

sudo apt install redis-server

ClamAV

sudo apt install clamav clamav-freshclam

Adminer

sudo nano /usr/bin/adminer-update

#!/bin/bash
wget -O /var/www/adminer.php https://www.adminer.org/latest.php

sudo chmod +x /usr/bin/adminer-update
sudo adminer-update

CURL

sudo apt install curl

pip

curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
sudo python get-pip.py

Pipenv

pip install --user pipenv

nano ~/.profile
export PATH="$PATH:~/.local/bin"

source ~/.profile

Git

sudo apt install git

pyenv

curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash

nano ~/.bashrc

export PATH="/home/spout/.pyenv/bin:$PATH"
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"

ZIP

sudo apt install zip unzip

OptiPNG

wget http://downloads.sourceforge.net/project/optipng/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz
tar -xvzf optipng-0.7.7.tar.gz
cd optipng-0.7.7
./configure
make
sudo make install

Jpegoptim

sudo apt install libjpeg-dev

wget https://www.kokkonen.net/tjko/src/jpegoptim-1.4.6.tar.gz
tar -xvzf jpegoptim-1.4.6.tar.gz
cd jpegoptim-1.4.6
./configure
make
sudo make install

TeamSpeak

https://www.vultr.com/docs/how-to-install-teamspeak-3-server-on-debian-9-stretch

sudo adduser --disabled-login teamspeak
sudo su teamspeak
cd
wget https://files.teamspeak-services.com/releases/server/3.9.1/teamspeak3-server_linux_amd64-3.9.1.tar.bz2
tar xvf teamspeak3-server_linux_amd64-3.9.1.tar.bz2
rm teamspeak3-server_linux_amd64-3.9.1.tar.bz2
cd teamspeak3-server_linux_amd64
touch .ts3server_license_accepted
sudo nano /etc/init.d/teamspeak
#!/bin/sh
### BEGIN INIT INFO
# Provides:         teamspeak
# Required-Start:   $local_fs $network
# Required-Stop:    $local_fs $network
# Default-Start:    2 3 4 5
# Default-Stop:     0 1 6
# Description:      Teamspeak 3 Server
### END INIT INFO

######################################
# Customize values for your needs: "User"; "DIR"

USER="teamspeak"
DIR="/home/teamspeak/teamspeak3-server_linux_amd64"

###### Teamspeak 3 server start/stop script ######

case "$1" in
start)
su $USER -c "${DIR}/ts3server_startscript.sh start"
;;
stop)
su $USER -c "${DIR}/ts3server_startscript.sh stop"
;;
restart)
su $USER -c "${DIR}/ts3server_startscript.sh restart"
;;
status)
su $USER -c "${DIR}/ts3server_startscript.sh status"
;;
*)
echo "Usage: {start|stop|restart|status}" >&2
exit 1
;;
esac
exit 0
sudo chmod +x /etc/init.d/teamspeak
sudo update-rc.d teamspeak defaults

sudo service teamspeak start
sudo ufw allow 9987/udp
sudo ufw allow 30033/tcp
sudo ufw allow 10011/tcp

Midnight Commander

sudo apt install mc

www-data

sudo usermod -g www-data spout
sudo chown www-data:www-data /var/www
sudo chmod g+w /var/www

HTTPS / Let's encrypt

https://certbot.eff.org/instructions?ws=other&os=debianbuster

sudo ufw allow https

Install certbot via snapd

https://snapcraft.io/docs/installing-snap-on-debian

sudo apt install snapd
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo snap set certbot trust-plugin-with-root=ok


nano /etc/nginx/sites-available/example.com

location ~ /.well-known {
    allow all;
    root /var/www;
}

sudo nginx -t
sudo service nginx reload

sudo certbot certonly --webroot -w /var/www/ -d example.com -d www.example.com --rsa-key-size 4096
# Wildcard
certbot certonly --manual --preferred-challenges dns --register -d example.com -d *.example.com

sudo certbot renew --dry-run

sudo crontab -e
0 */12 * * * certbot renew --quiet --post-hook "service nginx reload"

sudo openssl dhparam -out /etc/ssl/private/dhparams.pem 4096

sudo nano /etc/nginx/nginx.conf

##
# SSL Settings
##

#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
#ssl_prefer_server_ciphers on;

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/ssl/private/dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

Certbot OVH plugin (wildcard)

https://certbot-dns-ovh.readthedocs.io/en/stable/

sudo snap install certbot-dns-ovh

mkdir -p /root/.secrets/certbot
nano /root/.secrets/certbot/ovh.ini

# OVH API credentials used by Certbot
dns_ovh_endpoint = ovh-eu
dns_ovh_application_key = MDAwMDAwMDAwMDAw
dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw

sudo certbot certonly --dns-ovh --dns-ovh-credentials /root/.secrets/certbot/ovh.ini --dns-ovh-propagation-seconds 60 -d example.com -d *.example.com

Supervisor

sudo apt install supervisor

Python libs

Dev

sudo apt install python-dev
sudo apt install python3-dev

MySQL

sudo apt install default-libmysqlclient-dev

Pillow (jpeg, tiff, ...):

sudo apt install libtiff5-dev libjpeg62-turbo-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev

CURL

sudo apt install libcurl4-openssl-dev

lxml

sudo apt install libxml2-dev libxslt1-dev

Cryptography

sudo apt install libffi-dev

PostgreSQL

https://www.postgresql.org/download/linux/debian/

sudo nano /etc/apt/sources.list.d/pgdg.list

deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update
sudo apt install postgresql-11 postgresql-11-postgis-2.5

sudo nano /etc/postgresql/11/main/pg_hba.conf
local   all         all                               trust     # replace peer with trust

sudo service postgresql restart

sudo -u postgres -i
psql -U postgres
ALTER USER postgres with password 'secret';
exit;

sudo nano /etc/postgresql/11/main/pg_hba.conf
local   all         postgres                          md5       # replace trust with md5

sudo service postgresql restart

# Create user
sudo su - postgres
createuser -s spout -P

# Create DB
createdb test_db

# Drop all tables
DROP SCHEMA public CASCADE;
CREATE SCHEMA public;
GRANT ALL ON SCHEMA public TO postgres;
GRANT ALL ON SCHEMA public TO public;

# Restore backup
psql -d database_name -U spout -f backup.sql

GeoLite2

sudo mkdir /usr/share/GeoLite2
cd /usr/share/GeoLite2
sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
sudo tar -xvzf GeoLite2-City.tar.gz
sudo mv GeoLite2-City_20190924/GeoLite2-City.mmdb .
sudo rm -rf GeoLite2-City_20190924/
sudo rm GeoLite2-City.tar.gz

Backup

Rclone

https://rclone.org/

curl https://rclone.org/install.sh | sudo bash
sudo wget https://raw.githubusercontent.com/spout/debian-10-install-cheatsheet/master/backup.php -O /opt/backup.php
sudo nano /opt/backup.php
sudo chmod +x /opt/backup.php
sudo ln -s /opt/backup.php /etc/cron.daily/backup
sudo run-parts --test /etc/cron.daily

netdata

https://docs.netdata.cloud/packaging/installer/#one-line-installation https://docs.netdata.cloud/docs/running-behind-nginx/#why-nginx

NCurses Disk Usage

sudo apt install ncdu

Node.js

curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt-get install -y nodejs

htop

sudo apt install htop

Java 17 LTS

https://www.linuxuprising.com/2021/09/how-to-install-oracle-java-17-lts-on.html

su -
echo "deb http://ppa.launchpad.net/linuxuprising/java/ubuntu focal main" | tee /etc/apt/sources.list.d/linuxuprising-java.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 73C3DB2A
apt update
exit

sudo apt install oracle-java17-installer --install-recommends