These are the basic steps to repeat each time you create a new server on linode, code snippets included.
Creating a new linode
This one is easy. You log in to your Linode Manager, where your linodes are listed and click Add a Linode. Then you choose a plan, a location and a location and click the big button Add this Linode!
Creating a disk image
Go to your new linode dashboard. You may want to rename your linode first in the settings tab, at least I always do that. Then go to the dashboard tab and click Deploy an Image. Choose the image and set up your partitions. You will not be able – at least on the 4G linode – to choose more than 512MB swap, but you may need more in some circumstances. Don’t worry about this now, we will resize the partitions in the next step.
Resizing the swap
On 4G linode I like to have 2G of swap space to prevent mysql from crashing because of exhausted RAM.
On your linode dashboard first choose the main partition that is by default named after the operating system you are running. Click edit and insert the new size of the disk, which will be (supposing you have a 80G storage) 79572MB, then click Save changes.
After eddit the Swap Image disk and enter 2048M as a new size. Make sure the storage stats display 0MB Free when it’s done: you don’t want to waste your space.
On DigitalOcean, the volume is already mounted and ready, but there is no swap space. To create a new swap file follow this procedure (click).
Boot the baby
It’s time to boot the baby. I usually set up my dns at this point (I use Cloudflare for the matter), so I can login using my new domain name instead of the IP address. You will find your linode’s IP address in your Remote Access tab.
To boot up, obviously, click the Boot button in your dashboard.
Log in
You will log in as root for the first time and with the password you choose when creating the linode. One of the first tasks will be however, to create a new sudo user for yourself, paste in your public ssh key and disable password login. This is one of the basic security steps you need to perform.
But first let’s update all the installed packages to the latest versions.
~# apt update && upgrade
At this point, there’s actually no real need to reboot the system, however, you may still want to do it, just to check that everything boots up normaly.
Create a user
It’s time to create a new sudo user.
~# adduser shifu
You will get prompted for the password and a bunch of other stuff. Just fill in as you please. When it’s done, give this user sudo privileges.
~# usermod -aG sudo shifu
Test if it works by switching user to your new user and trying to use sudo.
~# su shifu
~# sudo su
[sudo] password for shifu: (enter password)
root@localhost: /home/shifu#
If you see the last line, it means it’s working. Exit as root and stay logged in as your username in your home directory. While you’re in, create your .ssh directory and authorized_keys file filled with your pub key (you create an ssh key pair on your local machine).
~$ mkdir .ssh
~$ chmod 700 .ssh
~$ cd .ssh
~$ echo "your public key content" >> authorized_keys
~$ chmod 700 authorized_keys
That’s it. Now you should try if your key login is working. Log off your server completely and try to login, using your username instead of root this time. If the ssh-key based login is working, you should not be prompted for a password by the server and be logged directly in.
We can now safely turn of password authentication and prevent all those botnets, who are constantly trying random passwords to log in and make our site a little bit mor safe. Open the file
~$ sudo vi /etc/ssh/sshd_config
You can search in Vi if you hit / and write what you search right after it. You hit “n” to go to the next result. Find this line:
#PasswordAuthentication yes
Change it to
PasswordAuthentication no
Remember to remove the hash at the beginning of the line, as it makes the line a comment, save and exit. To do this, first press Esc to leave the edit mode, and then wq and enter to save and leave. To leave Vi without saving instead, you write q! and enter.
Don’t forget to restart the ssh service for the changes to take effect
$ sudo systemctl restart sshd
If anything goes wrong and you are locked out your ssh for any reason (like, if you crush the only computer holding the private key), remember, you can always log with your password in using Lish, the Linode shell accessible from your Linode dashboard. Lish is the equivalent of plugging your keyboard and screen directly to the server.
Setup the hostname and FQDN
This step is important especially if your linode will be sending mails.
To do this open as sudo the file /etc/hostname and change it to the appropriate value. On Linode, the default hostname will be localhost. Change it to whatever you like, for example box1. This setting will however be taken only after the next restart. Since you don’t want to restart your server, you can change your hostname for this session using the command
~$ sudo hostname box1
~$ #You can now check if it works like bellow
~$ hostname
box1
To change the FQDN you will have to open your /etc/hosts file and add the following line.
127.0.0.1 localhost # this line already exists
127.0.0.1 box1.yourdomainname.ext box1
Assuming yourdomainname.ext is a domain you own. This changes take effect immediatly.
~$ hostname --fqdn
box1.yourdomainname.ext
However, they don’t persist. You should edit the /etc/hostname file for that matter. And change “localhost” to your hostname “box1”.
Conclusion
These are the basic settings you need to perform on every new linode. After this is all set up, you can start installing whatever the software you want to run. Good luck!