## Ubuntu 20.04 ### Installing gDebi ```sudo apt install gdebi-core``` ## Sharing Drives via Samba - Install the taskel and samba server packages - ```sudo tasksel install samba-server``` - ```sudo cp /etc/samba/smb.conf /etc/samba/smb.conf_backup``` - ```sudo bash -c 'grep -v -E "^#|^;" /etc/samba/smb.conf_backup | grep . > /etc/samba/smb.conf'``` - ```sudo nano /etc/samba/smb.conf``` - add an entry to the end of the file: - ``` [public] comment = public anonymous access path = /var/samba/ browsable =yes create mask = 0660 directory mask = 0771 writable = yes guest ok = yes ``` - restart the service ```sudo systemctl restart smbd``` ## VS Code Installation - [Visual Studio Code on Linux](https://code.visualstudio.com/docs/setup/linux) - or ```sudo snap install --classic code``` - or if you like living on the edge ```sudo snap install --classic code-insiders``` #### VS Code Post Installation ``` code /etc/sysctl.conf ``` - add the following line to the end of the sysctl.conf file ``` fs.inotify.max_user_watches=524288 ``` - enter the following command in your shell ``` sudo sysctl -p ``` - make sure VS Code isn't listening to unnecessary files ``` "files.watcherExclude": { "**/.git/objects/**": true, "**/.git/subtree-cache/**": true, "**/node_modules/*/**": true } ``` ## Git Installation ``` sudo apt install git -y ``` ## SSH Key Generation Simply follow the prompts. There is no need to enter a password. Continue to hit the enter/return key until you see ASCII art. ``` ssh-keygen ``` ### *Note* If for some reason, when you attempt to clone a repository and you receive a `sign_and_send_pubkey: signing failed: agent refused operation` - this means your key for one reason or another hasn't been added. If this is the case, enter the following commands: ``` chmod 700 ~/.ssh && chmod 600 ~/.ssh/* && ssh-add ``` ## ZSH Installation ``` sudo apt update -y && sudo apt upgrade -y && sudo apt install zsh -y && sudo apt install powerline fonts-powerline -y && git clone https://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh ``` #### Create a new ZSH config file ``` cp ~/.oh-my-zsh/templates/zshrc.zsh-template ~/.zshrc ``` #### Edit ZSH configuration File (up to you what you change) ``` nano .zshrc or code .zshrc ``` ## Make ZSH your default shell ``` chsh -s /bin/zsh ``` ## Reboot Machine ``` sudo reboot ``` ## NVM Installation [Original post...](https://github.com/nvm-sh/nvm) ``` sudo apt install curl -y && curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.35.3/install.sh | bash ``` ``` export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")" [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm ``` #### Troubleshooting If you receive an error message regarding manpath i.e.: `manpath: can't set the locale;...`, please run the following command: ```sudo locale-gen "en_US.UTF-8"``` ## Mongo DB Installation ``` sudo apt update && sudo apt upgrade -y && sudo apt install mongodb -y && sudo systemctl status mongodb (to check status) ``` #### Mongo Terminal Commands ``` sudo systemctl status mongodb sudo systemctl stop mongodb sudo systemctl start mongodb sudo systemctl restart mongodb ``` ## NGINX Installation ``` sudo apt update && sudo apt install nginx -y sudo ufw allow 'Nginx HTTP' && sudo ufw status (it's ok if it says inactive) ``` To enable: ```sudo ufw enable``` #### Adding website entries ``` sudo touch /etc/nginx/sites-available/YOUR_DOMAIN_NAME.com ``` #### Example Configuration ``` server { listen 80; root /var/www/html; index index.php index.html index.htm index.nginx-debian.html; server_name example.com; location / { try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; } location ~ /\.ht { deny all; } } ``` #### Test NGINX Configuration ``` sudo nginx -t ``` #### Activate Site ``` sudo ln -s /etc/nginx/sites-available/YOUR_DOMAIN_NAME.com /etc/nginx/sites-enabled/ ``` #### Reload NGINX Configuration ``` sudo systemctl reload nginx ``` #### Adding a Reverse Proxy for Node.JS based Applications ``` sudo ln -s /etc/nginx/sites-available/YOUR_SITE_CONFIGURATION_FILE /etc/nginx/sites-enabled/ ``` 
server {
  listen 80 kanebridge.local;
  listen [::]:80 kanebridge.local;

  server_name _;

  location / {
    # default port, could be changed if you use next with custom server
    proxy_pass http://localhost:3000;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;

    # if you have try_files like this, remove it from our block
    # otherwise next app will not work properly
    # try_files $uri $uri/ =404;
  }
}
#### Activate Site ``` sudo ln -s /etc/nginx/sites-available/YOUR_SITE_CONFIGURATION /etc/nginx/sites-enabled ``` ### Restart NGINX: ``` sudo systemctl restart nginx ``` #### Add Custom domains to hosts file ``` code /etc/hosts ``` ## MySQL Installation ``` sudo apt install mysql-server mysql-common mysql-client -y && sudo systemctl start mysql && sudo systemctl enable mysql && sudo mysql_secure_installation && systemctl start mysql ``` additional reading: [How to install MySQL](https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-18-04) #### Check MySQL server status ``` service mysql status ``` #### Export MySQL database Assuming that you're not a crazy person and pass your db password into the command line, you have a file located at your home directory named `.my.cnf` that is populated with the following values: ``` [mysqldump] user=YOURUSERNAME password=YOUR_PASSWORD ``` ### Checking which Auth method root is using ```SELECT user,authentication_string,plugin,host FROM mysql.user;``` If you notice that it's using the auth_socket plugin, execute the following command to use 'mysql_native_password`: ``` ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password'; ``` ``` mysqldump YOUR_DB_USER_NAME YOUR_TARGET_DATABASE > YOUR_LOCAL_DIRECTORY/NAME_OF_YOUR_SQL_FILE.sql ``` ### Import MySQL database ``` mysqldump YOUR_DB_USER_NAME YOUR_TARGET_DATABASE < YOUR_LOCAL_DIRECTORY/NAME_OF_YOUR_SQL_FILE.sql ``` ### Purge MySQL ```sudo apt remove --purge mysql-server mysql-client mysql-common -y``` ```sudo apt autoremove -y``` ```sudo apt autoclean``` ##### Remove the MySQL folder: ```rm -rf /etc/mysql``` ##### Delete all MySQL files on your server: ```sudo find / -iname 'mysql*' -exec rm -rf {} \;``` ## PHP Installation ``` sudo apt install -y software-properties-common && sudo add-apt-repository universe && sudo add-apt-repository ppa:ondrej/php && sudo apt update && sudo apt install php7.4-cli php7.4-fpm php7.4-bcmath php7.4-curl php7.4-gd php7.4-intl php7.4-json php7.4-mbstring php7.4-mysql php7.4-opcache php7.4-sqlite3 php7.4-xml php7.4-zip -y && php --version ## take that version and apply it to the next command) ``` ### PHP Additional Extensions ``` sudo apt update && sudo add-apt-repository ppa:ondrej/php -y && sudo apt update && sudo apt install php7.4-cli \ php7.4-fpm \ php7.4-bcmath \ php7.4-curl \ php7.4-gd \ php7.4-intl \ php7.4-json \ php7.4-mbstring \ php7.4-odbc \ php7.4-mysql \ php7.4-opcache \ php7.4-sqlite3 \ php7.4-xml \ php7.4-zip -y ``` ### Switching PHP Versions ```sudo update-alternatives --config php``` Then select the version you desire. ## Composer - PHP Package Manager Make sure to get the latest instructions as I maintain this document when I have the time. https://getcomposer.org/download/ [Composer](https://getcomposer.org/download/) ``` sudo apt update && sudo apt install curl php-cli php-mbstring git unzip -y && cd ~ && php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && HASH="$(wget -q -O - https://composer.github.io/installer.sig)" php -r "if (hash_file('SHA384', 'composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" && sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer && sudo rm composer-setup.php ``` ### Fixing Laravel Permissions issues You have a few options here, by default the user:group for php is www-data:www-data. You can simply add the www-data user to your group for example: ```id cesar``` Should list out all of the groups your belong to. In my case, it's cesar:cesar (user:group). What I did to resolve any permissions issue is add the www-data user to my group (since by default whenever you clone a repo, your user is the owner and group. TLDR; ``` sudo adduser www-data YOUR_USER_NAME ``` ## Android Studio - [Download here](https://developer.android.com/studio) - their installation instructions have been solid. I've never had an issue within the Ubuntu distro - Make sure to note that you will need to install KVM to run Android emulators ## Laravel + [Installing Laravel](https://laravel.com/docs/6.x#installing-laravel) + ZSH [Laravel Plugins](https://learninglaravel.net/run-artisan-from-anywhere-in-with-laravel-artisan-plugin-for-zsh) ## Memcached ``` sudo apt update -y && sudo apt upgrade -y && sudo apt install memcached libmemcached-tools -y && systemctl start memcached && systemctl enable memcached ``` ### To check if Memcached is running ```ps aux | grep memcached``` ### Edit Memcached settings ```code /etc/memcached.conf``` ### Restart Memcached ```systemctl restart memcached``` ### Memcached Authentication Layer [DigitalOcean Instructions](https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-memcached-on-ubuntu-18-04) ### Install PHP Memcached Extension ```sudo apt install php-memcached -y``` ## Redis - In-Memory Cache or Persistent Database ``` sudo apt install redis-server -y ``` ### Stop/Start/Enabled Redis Server (only type one at a time obviously :-P) ``` sudo systemctl restart redis.service ``` ### Check Redis Status ``` sudo systemctl status redis ``` ## How to mount a Windows based shared folder ``` sudo apt install nfs-common && sudo apt install cifs-utils -y ``` ``` sudo mount -t cifs //WINDOWS-COMPUTER-NAME/SHARED-FOLDER /home/YOUR-LINUX-HOST-USERNAME/DESTINATION-PATH -o username=YOUR-LINUX-HOST-USERNAME,uid=$(id -u),gid=$(id -g),forceuid,forcegid,password=YOUR-PASSWORD ``` ## Installing SSL Certificates via [Certbot](https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx) - Open a terminal shell - Add the following repository with the following command: ```sudo add-apt-repository ppa:certbot/certbot``` - Run apt updates with the following command: ```sudo apt update``` - Install Certbot's NGINX package with the following command: ```sudo snap install --classic certbot``` - Reload NGINX with the following command: ```sudo systemctl reload nginx``` - Then modify firewall rules: ``` sudo ufw allow 'Nginx Full' sudo ufw delete allow 'Nginx HTTP' ``` - Generate a SSL certificate: ```sudo certbot --nginx -d example.com -d www.YOUR-DOMAIN.com``` ## NGINX Auto Restart (on cashes) Sometimes Nginx can crash for various reasons. If you prefer to make Nginx automatically restart after a crash, then we need to edit the Nginx service unit. First, copy the original Nginx service unit to the /etc/systemd/system/ directory. ```sudo cp /lib/systemd/system/nginx.service /etc/systemd/system/nginx.service``` Then edit the service unit. ```sudo nano /etc/systemd/system/nginx.service``` Add the following line in the [service] section. ``` Restart=always RestartSec=2 ``` Like so: ```[Service] Type=forking PIDFile=/var/run/nginx.pid ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s TERM $MAINPID Restart=always RestartSec=2 ``` This will make Nginx try to restart itself every 2 seconds after a crash. Save and close the file. Then restart Nginx. ```sudo systemctl restart nginx``` ### Mounting a Windows NTFS shared network drive/folder ``` sudo apt update sudo apt install cifs-utils -y ``` ### Craft related ### ENSURE YOUR LOCAL USER ACCOUNT BELONGS TO THE SAME GROUP AS WWW-DATA (Nginx User) ```chmod a+x craft``` ``` sudo chmod -R 774 .env && sudo chmod -R 774 composer.json && sudo chmod -R 774 composer.lock && sudo chmod -R 774 config/license.key && sudo chmod -R 774 storage/* && sudo chmod -R 774 vendor/* && sudo chmod -R 774 web/cpresources/* ``` ``` sudo chown -R www-data:www-data ./storage/* ``` ## Jenkins CD/CI Installation ``` sudo apt install openjdk-8-jdk -y && wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add - && sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list' && sudo apt update && sudo apt install jenkins -y && sudo systemctl start jenkins ``` ### Check status of Jenkins ```sudo systemctl status jenkins``` ### Updating Jenkins ``` sudo service jenkins stop && /usr/share/jenkins && sudo mv jenkins.war jenkins.war.old && sudo wget https://updates.jenkins-ci.org/latest/jenkins.war && sudo service jenkins start ``` * If you experience issues with access, run the following command: ```sudo chown root:root jenkins.war``` ### NetExtender VPN **Note:** Make sure to select the correct filter in the dropdown. By default it selects "Global VPJN Client (32-Bit)". Please change that selection to NetExtender + Visit the following site and download the appropriate platform installation file for [NetExtender](https://www.mysonicwall.com/muir/freedownloads) #### NetExtender required PPD ``` sudo apt install pptpd ``` ### Python 2 ```sudo apt install python2``` ### Java ```sudo apt install default-jre``` ### Installing OpenSSH ``` sudo apt install openssh-client && sudo apt install openssh-server ``` ### OpenSSH Commands ``` sudo systemctl stop ssh sudo systemctl start ssh sudo systemctl restart ssh sudo systemctl disable ssh sudo apt remove opnessh-server sudo systemctl status httpd ``` ### Configure OpenSSH OpenSSH server config file – sshd_config (located in /etc/ssh/) OpenSSH client config file – ssh_config (located in /etc/ssh/) Update the following to secure SSH: ``` PermitRootLogin no ChallengeResponseAuthentication no PasswordAuthentication no PermitEmptyPasswords no UsePAM no AuthenticationMethods publickey PubkeyAuthentication yes Port [YOUR DESIRED PORT] ``` If you REALLY want to be safe: ``` sudo ufw allow from 192.168.171.1/29 to any port 22 ``` ### Install Fail2Ban ``` sudo apt update && sudo apt upgrade && sudo apt install -y fail2ban ``` ### Fail2Ban Configure a Jail :) ``` sudo nano /etc/fail2ban/jail.local ``` Paste the following: ``` [sshd] enabled = true port = YOUR DESIRED PORT filter = sshd logpath = /var/log/auth.log maxretry = 3 ``` ### Fail2Ban Bailing an IP from Jail ``` sudo fail2ban-client set sshd unbanip IP_ADDRESS ``` ### Fail2Ban Commands ``` sudo systemctl start fail2ban sudo systemctl enable fail2ban ``` ### Install Jenkins ```sudo apt update``` ```sudo apt install jenkins``` ### Upgrade Jenkins + Navigate to `/usr/share/jenkins` + Stop the jenkins server ```sudo service jenkins stop``` + Move existing jenkins war file ```sudo mv jenkins.war jenkins.war.old``` + Download latest jenkins war file ```/usr/share/jenkins && sudo wget https://updates.jenkins-ci.org/latest/jenkins.war``` + Start the Jenkins server ```sudo service jenkins start``` ### Install [Docker](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04) - ```sudo apt update``` - ```sudo apt install apt-transport-https ca-certificates curl software-properties-common``` - ```curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -``` - ```sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"``` - ```sudo apt update``` - ```apt-cache policy docker-ce``` - ```sudo apt install docker-ce``` - ```sudo systemctl status docker``` ### Running Docker without Sudo - ```sudo usermod -aG docker ${USER}``` - ```su - ${USER}``` - Confirm that the docker group has been added: ```id -nG``` #### Installing [Docker Compose](https://docs.docker.com/compose/install/) -```sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose``` - ```sudo chmod +x /usr/local/bin/docker-compose``` - ```sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose``` ## Additional Software #### Skype ```sudo snap install skype --classic``` #### Slack ```sudo snap install slack --classic``` #### Ferdi Messaging Consolidation Platform [Get Ferdi](https://getferdi.com/download) ### Kazam Screencast ```sudo apt install kazam``` ### OBS Studio ``` sudo add-apt-repository ppa:obsproject/obs-studio -y && sudo apt update -y && sudo apt install obs-studio -y ``` ### Upgrading Ubuntu 18.04 LTS to 20.04 LTS - ```sudo apt update && sudo apt upgrade``` - ```sudo reboot``` - ```sudo apt install update-manager-core``` - ```sudo do-release-upgrade``` - ```sudo reboot``` - ```sudo apt update``` - ```sudo apt list --upgradable``` - ```sudo apt upgrade``` - ```sudo reboot``` - ```sudo apt --purge autoremove``` - ```sudo apt install update-manager-core``` - ```sudo do-release-upgrade``` - *IF YOU RECEIVE THE FOLLOWING OR SIMILAR MESSAGE*: Checking for a new Ubuntu release There is no development version of an LTS available. To upgrade to the latest non-LTS develoment release set Prompt=normal in /etc/update-manager/release-upgrades - Run the following command: ```sudo do-release-upgrade -d``` - Check version :) ```lsb_release -a``` ### Installing Howdy (Windows like Hello) ``` sudo apt install v4l-utils``` - Visit [Howdy](https://github.com/boltgolt/howdy) and follow their installation steps