# VPS - first setup (change placeholder, noticeable by sqare brackets) ## 1. Get lastest Updates You want to start up-to-date: ```bash apt update apt upgrade apt dist-upgrade ``` ## 2. add user, change passwords Add a user for security, so you dont have to work with the root user (optional) ```bash # add new user and add it to the sudo group adduser [YOUR_USERNAME] usermod -aG sudo [YOUR_USERNAME] # Change root password passwd # logout and log back in with your new user exit ``` ## 3. generate SSH Keys Generate SSH keys, so you can authenticate yourself with a key instead of a password. Improves your security, as you can disable password authentication completely. Execute this on your VPS: ```bash ssh-keygen ``` Execute this on your local command line: ```bash ssh-copy-id [YOUR_USERNAME]@[YOUR_VPS_IP] ``` ## 4. disable password authentication ```bash sudo nano /etc/ssh/sshd_config # uncomment following lines in the file and add your username from step 2: PermitRootLogin no PasswordAuthentication no AllowUsers [YOUR_USERNAME] Protocol 2 ``` ## 5. set hostname Yout probably want to set your own hostname for the machine. Chooce what you like: ```bash sudo hostnamectl set-hostname [YOUR_NEW_HOSTNAME] ``` ## 6. install requiered packages This is my own set of packages, you can change your list as you like: ```bash sudo apt install tmux tree htop traceroute nmap bc colordiff net-tools \ apt-transport-https ca-certificates curl software-properties-common git \ cifs-utils gcc ncdu jq make iperf sqlite3 php7.2-cli ufw gnupg-agent moreutils ``` ## 7. enable a firewall (we use ufw) ```bash sudo ufw allow 22/tcp sudo ufw show added sudo ufw enable sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow 80/tcp sudo ufw allow 9000/tcp sudo ufw allow 443/tcp ``` ## 8. install Docker ```bash # add repository gpg key curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - # add repository sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" # install docker tools sudo apt install docker-ce docker-ce-cli containerd.io # add docker user, add your user to docker group (from step 2) sudo groupadd docker sudo usermod -aG docker [YOUR_USERNAME] ``` ## 9. add mount directory Some of docker containers will need permanent storage. I like grouping all mount directories in their own subdirectory. Create them: ```bash sudo mkdir -p /swarm/volumes sudo chown -R [YOUR_USERNAME]:[YOUR_USERNAME] /swarm # make subdirectories for your first docker services: mkdir -p /swarm/volumes/portainer/data mkdir -p /swarm/volumes/traefik/logs mkdir -p /swarm/volumes/nextcloud/{config,custom_apps,data,themes,mysql} ``` ## 10. init docker swarm you want to install a single node docker swarm: ```bash docker swarm init ``` ## 11. deploy portainer for easier deployment of your docker services, you can install portainer: ```bash cd /swarm/volumes/portainer nano stack-compose.yml ``` In the opening editor (nano), copy the content of the gist file [services_portainer_stack-compose.yml](https://gist.github.com/robin-moser/4795174d4bd7abc40f9fa5a5caa6cdbe/raw/40266c6c171b4972563823336b132f3b7e7c1ae5/services_portainer_stack-compose.yml) and save the file. after that, run: ```bash docker stack deploy --compose-file stack-compose.yml Portainer ``` After the stack is deployed, you should be able to open portainer over http://[YOUR_VPS_IP_OR_DOMAIN]:9000 and go through installation. ## 12. deploy traefik Add the traefik configuration file: ```bash cd /swarm/volumes/traefik nano traefik.toml ``` In the opening editor (nano), copy the content of the gist file [services_traefik_traefik.toml](https://gist.github.com/robin-moser/4795174d4bd7abc40f9fa5a5caa6cdbe/raw/40266c6c171b4972563823336b132f3b7e7c1ae5/services_traefik_traefik.toml) and save the file. Now, deploy the traefik load-balancer over the portainer interface: go to the portainer web interface (from step 11), go to "stacks" and click "add new stack". Name the Stack "Traefik" and copy the content of [services_traefik_stack-compose.yml](https://gist.github.com/robin-moser/4795174d4bd7abc40f9fa5a5caa6cdbe/raw/40266c6c171b4972563823336b132f3b7e7c1ae5/services_traefik_stack-compose.yml) into the editor field. Wait for it to download the docker images and to start. ## 13. deploy Nextcloud last, deploy Nextcloud over the portainer web interface: go to the portainer web interface (from step 11), go to "stacks" and click "add new stack". Name the Stack "Nextcloud" and copy the content of [services_nextcloud_stack-compose.yml](https://gist.github.com/robin-moser/4795174d4bd7abc40f9fa5a5caa6cdbe/raw/40266c6c171b4972563823336b132f3b7e7c1ae5/services_nextcloud_stack-compose.yml) into the editor field. Below the editor, click 4x on the grey button "add environment variable". You need to add following variables, listed with " key - value ": key | value --- | --- DB_ROOT_PASSWORD | [GENERATE_A_STRONG_PASSWORD_AND_PASTE_IT_HERE] DB_PASSWORD | [GENERATE_ANOTHER_STRONG_PASSWORD_AND_PASTE_IT_HERE] DB_NAME | nextcloud DB_USER | nextcloud then, click "deploy". Wait for the services to start, this could take a moment. After that, you should be able to navigate to https://cloud.yourdomain.com and go through nextcloud installation steps. Below the admin credentials, expand "storage and database" to select your database as "mysql/mariadb": Use your values from the previously set environment variables. Replace the database-host "localhost" with "mysql". ## 14. all done, start clouding!