Debian 9 install cheatsheet
sudo
https://www.geek17.com/fr/content/debian-9-stretch-installer-et-configurer-sudo-61
su
apt install sudo
adduser spout sudo
Update
sudo apt update
sudo apt upgrade
byobu
sudo apt install byobu
byobu
SSH
sudo nano /etc/ssh/sshd_config
Port 7022
sudo service ssh restart
Firewall
sudo apt install ufw
sudo nano /etc/default/ufw
IPV6=no
sudo ufw disable
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
# ufw allow ssh
sudo ufw allow 7022/tcp
sudo ufw allow http
sudo ufw show added
sudo ufw enable
sudo ufw status
ufw port forwarding
sudo ufw allow 10022/tcp
nano /etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"
nano/etc/ufw/before.rules
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 10022 -j REDIRECT --to-port 7022
COMMIT
sudo ufw enable
fail2ban
sudo apt install fail2ban
sudo nano /etc/fail2ban/jail.conf
destemail = votremail@domain.com
action = %(action_mwl)s
# action_ => simple ban
# action_mw => ban et envoi de mail
# action_mwl => ban, envoi de mail accompagné des logs
sudo service fail2ban restart
sudo apt install exim4-config
sudo dpkg-reconfigure exim4-config
- internet site; mail is sent and received directly using SMTP
- System mail name: ENTER
- IP-addresses: ENTER
- Other destinations: ENTER
- Domains to relay mail for: ENTER
- Machines to relay mail for: ENTER
- Keep number of DNS-queries minimal: NO
- Delivery method: mbox format
- Split configuration into small files: NO
- Root and postmaster mail recipient: ENTER
DEB.SURY.ORG
sudo apt-get -y install apt-transport-https lsb-release ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sudo sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
sudo apt-get update
MariaDB
https://www.geek17.com/fr/content/debian-9-stretch-installer-et-configurer-mariadb-65 https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-debian-9
sudo apt install mariadb-server
sudo mysql_secure_installation
sudo mysql -u root -p
UPDATE user SET plugin='' WHERE user='root';
FLUSH PRIVILEGES;
EXIT;
mysql -u root -p
PHP
sudo apt install php7.2-fpm php7.2-gd php7.2-mysql php7.2-pgsql php7.2-sqlite3 php7.2-mbstring php7.2-xml php7.2-intl
nginx
sudo apt install nginx
sudo nano /etc/nginx/sites-available/default
root /var/www;
index index.php index.html index.htm
# Uncomment location ~\.php$ {
# Uncomment include snippets/fastcgi-php.conf;
# Uncomment and change (PHP7) fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
sudo service nginx reload
sudo chown www-data:www-data /var/www
sudo chmod g+w /var/www
# Gzip
sudo nano /etc/nginx/nginx.conf
# Uncomment:
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
sudo nano /etc/nginx/nginx.conf
# Uncomment:
server_tokens off;
sudo service nginx reload
Locales
sudo dpkg-reconfigure locales
# fr_FR.UTF-8
# nl_NL.UTF-8
locale -a
Gettext
sudo apt install gettext
Redis
sudo apt install redis-server
ClamAV
sudo apt install clamav clamav-freshclam
Adminer
sudo nano /usr/bin/adminer-update
#!/bin/bash
wget -O /var/www/adminer.php https://www.adminer.org/latest.php
sudo chmod +x /usr/bin/adminer-update
sudo adminer-update
CURL
sudo apt install curl
pip
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
sudo python get-pip.py
Pipenv
pip install --user pipenv
nano ~/.profile
export PATH="$PATH:~/.local/bin"
source ~/.profile
pyenv
curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash
nano ~/.bashrc
export PATH="/home/spout/.pyenv/bin:$PATH"
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
ZIP
sudo apt install zip unzip
Git
sudo apt install git
OptiPNG
wget http://downloads.sourceforge.net/project/optipng/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz
tar -xvzf optipng-0.7.7.tar.gz
cd optipng-0.7.7
./configure
make
sudo make install
Jpegoptim
sudo apt install libjpeg-dev
wget https://www.kokkonen.net/tjko/src/jpegoptim-1.4.6.tar.gz
tar -xvzf jpegoptim-1.4.6.tar.gz
cd jpegoptim-1.4.6
./configure
make
sudo make install
TeamSpeak
https://www.vultr.com/docs/how-to-install-teamspeak-3-server-on-debian-9-stretch
sudo adduser --disabled-login teamspeak
sudo su teamspeak
cd
wget http://dl.4players.de/ts/releases/3.5.0/teamspeak3-server_linux_amd64-3.5.0.tar.bz2
tar xvf teamspeak3-server_linux_amd64-3.5.0.tar.bz2
rm teamspeak3-server_linux_amd64-3.5.0.tar.bz2
cd teamspeak3-server_linux_amd64
touch .ts3server_license_accepted
sudo nano /etc/init.d/teamspeak
#!/bin/sh
### BEGIN INIT INFO
# Provides: teamspeak
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Description: Teamspeak 3 Server
### END INIT INFO
######################################
# Customize values for your needs: "User"; "DIR"
USER="teamspeak"
DIR="/home/teamspeak/teamspeak3-server_linux_amd64"
###### Teamspeak 3 server start/stop script ######
case "$1" in
start)
su $USER -c "${DIR}/ts3server_startscript.sh start"
;;
stop)
su $USER -c "${DIR}/ts3server_startscript.sh stop"
;;
restart)
su $USER -c "${DIR}/ts3server_startscript.sh restart"
;;
status)
su $USER -c "${DIR}/ts3server_startscript.sh status"
;;
*)
echo "Usage: {start|stop|restart|status}" >&2
exit 1
;;
esac
exit 0
sudo chmod +x /etc/init.d/teamspeak
sudo update-rc.d teamspeak defaults
sudo service teamspeak start
sudo ufw allow 9987/udp
sudo ufw allow 30033/tcp
sudo ufw allow 10011/tcp
Midnight Commander
sudo apt install mc
www-data
sudo usermod -g www-data spout
sudo chown www-data:www-data /var/www
sudo chmod g+w /var/www
HTTPS / Let's encrypt
https://memo-linux.com/configurer-le-serveur-web-nginx-en-https-avec-letsencrypt-sous-debian-jessie/ https://certbot.eff.org/lets-encrypt/debianstretch-other
sudo ufw allow https
sudo nano /etc/apt/sources.list
deb http://ftp.debian.org/debian stretch-backports main
sudo apt update
sudo apt install certbot -t stretch-backports
nano /etc/nginx/sites-available/example.com
location ~ /.well-known {
allow all;
root /var/www;
}
sudo nginx -t
sudo service nginx reload
sudo certbot certonly --webroot -w /var/www/ -d example.com -d www.example.com --rsa-key-size 4096
sudo certbot renew --dry-run
sudo crontab -e
0 */12 * * * certbot renew --quiet
openssl dhparam -out /etc/ssl/private/dhparams.pem 4096
sudo nano /etc/nginx/nginx.conf
##
# SSL Settings
##
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
#ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/ssl/private/dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
Supervisor
sudo apt install supervisor
Python libs
Dev
sudo apt install python-dev
sudo apt install python3-dev
MySQL
sudo apt install default-libmysqlclient-dev
Pillow (jpeg, tiff, ...):
sudo apt install libtiff5-dev libjpeg62-turbo-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.5-dev tk8.5-dev
CURL
sudo apt install libcurl4-openssl-dev
lxml
sudo apt install libxml2-dev libxslt1-dev
Cryptography
sudo apt install libffi-dev
PostgreSQL
sudo nano /etc/apt/sources.list.d/pgdg.list
deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update
sudo apt install postgresql-11 postgresql-11-postgis-2.5
sudo nano /etc/postgresql/11/main/pg_hba.conf
local all all trust # replace peer with trust
sudo service postgresql restart
psql -U postgres
ALTER USER postgres with password 'secret';
exit;
sudo nano /etc/postgresql/11/main/pg_hba.conf
local all postgres md5 # replace trust with md5
sudo service postgresql restart
# Create user
sudo su - postgres
createuser -s spout -P
# Create DB
createdb test_db
# Drop all tables
DROP SCHEMA public CASCADE;
CREATE SCHEMA public;
GRANT ALL ON SCHEMA public TO postgres;
GRANT ALL ON SCHEMA public TO public;
# Restore backup
psql -d database_name -U spout -f backup.sql
GeoIP
sudo apt install geoip-bin geoip-database
cd /usr/share/GeoIP
sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
sudo gunzip GeoLiteCity.dat.gz
GeoLite2
cd /usr/share/GeoIP
sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
sudo tar -xvzf GeoLite2-City.tar.gz
sudo mv GeoLite2-City_20181113/GeoLite2-City.mmdb .
Backup-Manager
https://documentation.online.net/fr/dedicated-server/tutorials/backup/configure-backup/start
wget https://github.com/sukria/Backup-Manager/archive/master.zip -O backup-manager.zip
unzip backup-manager.zip
cd Backup-Manager-master/
sudo make install
sudo cp /usr/local/share/backup-manager/backup-manager.conf.tpl /etc/backup-manager.conf
sudo nano /etc/backup-manager.conf
export BM_ARCHIVE_METHOD="tarball mysql pgsql"
BM_TARBALL_TARGETS[2]="/home"
BM_TARBALL_TARGETS[3]="/var/www"
export BM_MYSQL_ADMINPASS="secret"
export BM_MYSQL_DBEXCLUDE="information_schema mysql performance_schema"
export BM_PGSQL_ADMINLOGIN="postgres"
export BM_PGSQL_ADMINPASS="secret"
export BM_UPLOAD_METHOD="ftp"
export BM_UPLOAD_FTP_USER="secret"
export BM_UPLOAD_FTP_PASSWORD="secret"
export BM_UPLOAD_FTP_HOSTS="secret"
export BM_UPLOAD_FTP_DESTINATION="/"
sudo nano /etc/cron.daily/backup-manager
#!/bin/sh
test -x /usr/local/sbin/backup-manager || exit 0
/usr/local/sbin/backup-manager
sudo chmod +x /etc/cron.daily/backup-manager
sudo /usr/local/sbin/backup-manager
# Fix /usr/bin/backup-manager-purge not found
sudo ln -s /usr/local/bin/backup-manager-purge /usr/bin/backup-manager-purge
nano /etc/backup-manager-email
#!/usr/bin/php
<?php
$emails = ['spam@gmail.com'];
$archives = '/var/archives';
$hostname = gethostname();
$message = [];
$totalSize = [];
function byteconvert($bytes)
{
$symbol = array('B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB');
$exp = floor(log($bytes) / log(1024));
return sprintf('%.2f ' . $symbol[$exp], ($bytes / pow(1024, floor($exp))));
}
$ymd = date('Ymd');
foreach (glob("$archives/*") as $filename) {
$basename = basename($filename);
if (strpos($basename, ".$ymd.") !== false) {
$size = filesize($filename);
$totalSize[] = $size;
$message[] = sprintf('%s (%s)', $basename, byteconvert($size));
}
}
$message[] = '';
$message[] = sprintf('Total: %s', byteconvert(array_sum($totalSize)));
foreach ((array) $emails as $email) {
mail($email, "[$hostname] Backup OK", implode("\n", $message));
}
sudo chmod +x /etc/backup-manager-email
sudo nano /etc/backup-manager.conf
export BM_POST_BACKUP_COMMAND="/etc/backup-manager-email"
sudo apt install sendmail
netdata
https://docs.netdata.cloud/packaging/installer/#one-line-installation
NCurses Disk Usage
sudo apt install ncdu
Node.js
curl -sL https://deb.nodesource.com/setup_11.x | sudo -E bash -
sudo apt-get install -y nodejs
htop
sudo apt install htop