Creating a fresh server on Linode

These are the basic steps to repeat each time you create a new server on linode, code snippets included.

Creating a new linode

This one is easy. You log in to your Linode Manager, where your linodes are listed and click Add a Linode. Then you choose a plan, a location and a location and click the big button Add this Linode!

Creating a disk image

Go to your new linode dashboard. You may want to rename your linode first in the settings tab, at least I always do that. Then go to the dashboard tab and click Deploy an Image. Choose the image and set up your partitions. You will not be able – at least on the 4G linode – to choose more than 512MB swap, but you may need more in some circumstances. Don’t worry about this now, we will resize the partitions in the next step.

Resizing the swap

On 4G linode I like to have 2G of swap space to prevent mysql from crashing because of exhausted RAM. 

On your linode dashboard first choose the main partition that is by default named after the operating system you are running. Click edit and  insert the new size of the disk, which will be (supposing you have a 80G storage) 79572MB, then click Save changes.

After eddit the Swap Image disk and enter 2048M as a new size. Make sure the storage stats display 0MB Free when it’s done: you don’t want to waste your space.

Boot the baby

It’s time to boot the baby. I usually set up my dns at this point (I use Cloudflare for the matter), so I can login using my new domain name instead of the IP address. You will find your linode’s IP address in your Remote Access tab.

To boot up, obviously, click the Boot button in your dashboard.

Log in

You will log in as root for the first time and with the password you choose when creating the linode. One of the first tasks will be however, to create a new sudo user for yourself, paste in your public ssh key and disable password login. This is one of the basic security steps you need to perform.

But first let’s update all the installed packages to the latest versions.

~# apt update && upgrade

At this point, there’s actually no real need to reboot the system, however, you may still want to do it, just to check that everything boots up normaly.

Create a user

It’s time to create a new sudo user.

~# adduser shifu

You will get prompted for the password and a bunch of other stuff. Just fill in as you please. When it’s done, give this user sudo privileges.

~# usermod -aG sudo shifu

Test if it works by switching user to your new user and trying to use sudo.

~# su shifu
~# sudo su
[sudo] password for shifu: (enter password)
[email protected]: /home/shifu# 

If you see the last line, it means it’s working. Exit as root and stay logged in as your username in your home directory. While you’re in, create your .ssh directory and authorized_keys file filled with your pub key (you create an ssh key pair on your local machine).

~$ mkdir .ssh
~$ chmod 700 .ssh
~$ cd .ssh
~$ echo "your public key content" >> authorized_keys
~$ chmod 700 authorized_keys

That’s it. Now you should try if your key login is working. Log off your server completely and try to login, using your username instead of root this time. If the ssh-key based login is working, you should not be prompted for a password by the server and be logged directly in.

We can now safely turn of password authentication and prevent all those botnets, who are constantly trying random passwords to log in and make our site a little bit mor safe. Open the file 

~$ sudo vi /etc/ssh/sshd_config

You can search in Vi if you hit / and write what you search right after it. You hit “n” to go to the next result. Find this line:

#PasswordAuthentication yes

Change it to 

PasswordAuthentication no

Remember to remove the hash at the beginning of the line, as it makes the line a comment, save and exit. To do this, first press Esc to leave the edit mode, and then wq and enter to save and leave. To leave Vi without saving instead, you write q! and enter.

If anything goes wrong and you are locked out your ssh for any reason (like, if you crush the only computer holding the private key), remember, you can always log with your password in using Lish, the Linode shell accessible from your Linode dashboard. Lish is the equivalent of plugging your keyboard and screen directly to the server.

Setup the hostname and FQDN

This step is important especially if your linode will be sending mails.

To do this open as sudo the file /etc/hostname and change it to the appropriate value. On Linode, the default hostname will be localhost. Change it to whatever you like, for example box1. This setting will however be taken only after the next restart. Since you don’t want to restart your server, you can change your hostname for this session using the command

~$ sudo hostname box1
~$ #You can now check if it works like bellow
~$ hostname
box1

To change the FQDN you will have to open your /etc/hosts file and add the following line.

127.0.0.1    localhost # this line already exists
127.0.0.1    box1.yourdomainname.ext box1

Assuming yourdomainname.ext is a domain you own.  This changes take effect immediatly.

~$ hostname --fqdn
box1.yourdomainname.ext

Conclusion

These are the basic settings you need to perform on every new linode. After this is all set up, you can start installing whatever the software you want to run. Good luck!