LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

LowEndSetup: Initializing and Reinitializing Your VPS

Power ButtonIf you frequently setup new VPSes or re-initialize them, you may find yourself typing the same commands over and over. There are various technologies to alleviate these hassles and get your environment consistently setup every time without all the manual work.

Big Boy Solutions

If you’re managing many systems, you may wish to invest in Ansible or some other configuration management tool such as Puppet, Chef, or Salt. If your provider supports it, you could consider using cloud-init, which allows you to declare configurations using a YAML syntax.

A Low End Solution

Since I’m generally using lowend providers whose environments do not support fancy cloud tools, I generally use the following method to setup new hosts.

After logging in as root, I do the following:

apt-get -y install git
git clone https://github.com/raindog308/setup.git
cd setup
./setup_debian10.sh <hostname>

This repository is a private repo on github, so it’s available anywhere.

The Setup Script

This is an example of a setup script I use.

#!/bin/bash

HOSTNAME_FQDN=${1}

if [ -z "${HOSTNAME_FQDN}" ] ; then
  echo "ERROR: HOSTNAME_FQDN not set!"
  echo "Aborting."
  exit 1
fi

Takes the hostname as a first argument, since there’s no way for the script to know what we want to call the box. So, as an example, I’d execute this as

  ./setup_debian10.sh deb10.lowend.party

Continuing with the script:

echo "updating sshd config"
sed -i 's/^Port/^#Port/' /etc/ssh/sshd_config
echo "Port 5555" >> /etc/ssh/sshd_config
sed -i 's/^PermitRootLogin/#PermitRootLogin/' /etc/ssh/sshd_config
echo "PermitRootLogin prohibit-password" >> /etc/ssh/sshd_config
sed -i 's/^UseDNS/#UseDNS/' /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
systemctl restart ssh

I precede each section with an echo command stating what it’s doing to make troubleshooting easier (otherwise many commands execute silently).

These commands setup sshd, specifically:

  • change the port
  • disable root password logins
  • disable UseDNS

Note that for each configuration change there are two commands:

  1. a sed in-place edit command that comments out any existing config for that directive. So for example, any line that begins with Port is commented out
  2. an echo statement that appends the sshd directive to the sshd_config file. (It does not matter what order directives appear in).
echo "updating /etc/profile"
echo "set -o vi" >> /etc/profile
echo "alias ll='ls -al'" >> /etc/profile

These are some “creature comforts” I put in /etc/profile. You could also put them in individual user .bash_profiles.

echo "generating locales"
locale-gen --purge en_US.UTF-8

This sets my preferred locale.

echo "setting timezone"
timedatectl set-timezone America/Los_Angeles

This sets my preferred timezone.

echo "apt-get update"
apt-get update 
print "apt-get upgrade"
apt-get -y upgrade

This updates apt and applies all upgrades.

echo "apt-get faves"
apt-get -y install unzip dnsutils nmap

These are tools I find useful to have on all systems. You may have a different list.

echo "setting hostname"
echo $HOSTNAME_FQDN > /etc/hostname
hostname -F /etc/hostname

Here we set the hostname, both in the config file and for the running system.

echo "configuring root .ssh"
if [ ! -d /root/.ssh ] ; then
  mkdir /root/.ssh
fi
if [ ! -d /root/.ssh ] ; then
  echo "ERROR: could not mkdir /root/.ssh"
  echo "Aborting."
exit 1
fi
chown root:root /root/.ssh
chmod 700 /root/.ssh
echo 'ssh-rsa SSH-KEY-TEXT-HERE' > /root/.ssh/authorized_keys
chown root:root /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

These commands ensure that root’s .ssh is setup properly and installs my ssh key.

Further Improvements

  • This is a sample of how to do a quick and dirty system setup that only takes a couple commands. Some other things you might consider doing:
  • adding users (e.g., “useradd -m -s /bin/bash raindog308”). If you want to set passwords, read this article.
  • setting root’s password
  • git cloning setup files for nginx and other web components, then using sed (or perl) to tweak the setups for what you’re doing
  • setting up mail (e.g., postfix), including configuring aliases and running newaliases
  • setting up additional scripts to setup different kinds of servers, so you can call the main, universal setup and then call other scripts as needed

 

raindog308

2 Comments

  1. The git repository over at github.com/raindog308/setup.git doesn’t seem to exist anymore.

    October 14, 2021 @ 5:33 am | Reply
  2. Why re-invent the wheel when you could Ansible it?

    February 20, 2022 @ 8:22 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *