kato
/
installation_guides


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126
							### Debian Server Installation Guide ###

##################################################

# Connecting to Server
ssh root@207.246.121.231

##################################################

# Configuring Users
passwd &&
useradd -s /bin/bash -m user &&
passwd user &&
sudo usermod -aG sudo user

##################################################

# Configuring SSH Authentication
ssh-keygen -t rsa -b 4096 &&
ssh-copy-id -i ~/.ssh/id_rsa.pub user@207.246.121.231 &&
ssh user@207.246.121.231

##################################################

# Updating Server
sudo apt update && sudo apt upgrade -y &&

# Installing Packages
sudo apt install -y nginx python3-certbot-nginx rsync apparmor apparmor-utils fail2ban &&

# Configuring Editor
echo -e "set number relativenumber\nset hlsearch\nset incsearch\nsyntax on\nnnoremap ZW :w<CR>\nnnoremap S :%s//<Left>" | tee ~/.vimrc > /dev/null &&

# Configuring Firewall
sudo ufw allow 80 && sudo ufw allow 443 && sudo ufw allow 2356 && sudo ufw delete allow 22/tcp &&
sudo ufw reload &&

# Configuring AppArmor
sudo systemctl enable apparmor &&

# Configuring Fail2ban
sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local &&
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local &&
sudo sed -i 's/#allowipv6 = auto/allowipv6 = auto/' /etc/fail2ban/fail2ban.local &&
sudo sed -i '/backend =.*%(sshd_backend)/a enabled = true\nmaxretry = 3\nbantime = 31536000\nfindtime = 18144000' /etc/fail2ban/jail.local &&
sudo systemctl enable fail2ban.service &&
sudo systemctl start fail2ban.service &&

# Configuring SSH
sudo sed -i 's/#Port 22/Port 2356/' /etc/ssh/sshd_config &&
sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config &&
sudo sed -i 's/#StrictModes yes/StrictModes yes/' /etc/ssh/sshd_config &&
sudo sed -i 's/#MaxAuthTries 6/MaxAuthTries 1/' /etc/ssh/sshd_config &&
sudo sed -i 's/#MaxSessions 10/MaxSessions 1/' /etc/ssh/sshd_config &&
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config &&
sudo sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config &&
sudo sed -i 's/UsePAM yes/UsePAM no/' /etc/ssh/sshd_config &&
sudo systemctl reload sshd &&

# Nginx
sudo sed -i 's/# server_tokens off;/server_tokens off;/' /etc/nginx/nginx.conf &&
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/website.com &&
echo 'server {
        listen 80;
        listen [::]:80;


        root /var/www/website.com;

        index index.html index.htm index.nginx-debian.html;

        server_name website.com www.website.com;

        gzip on;
        gzip_min_length 1100;
        gzip_buffers 4 32k;
        gzip_types text/plain application/x-javascript text/xml text/css;
        gzip_vary on;

        # Media: images, icons, video, audio, HTC
        location ~* \.(?:jpg|jpeg|gif|png|ico|svg|webp|mp3)$ {
                expires 1M;
                access_log off;
                # max-age must be in seconds
                add_header Cache-Control "max-age=2629746, public";
}

        # CSS and Javascript
        location ~* \.(?:css|js)$ {
                expires 1y;
                access_log off;
                add_header Cache-Control "max-age=31556952, public";
}

        location / {
                if ($request_uri ~ ^/(.*)\.html(\?|$)) {
                return 302 /$1;
        }
                try_files $uri $uri.html $uri/ =404;
        }


}' | sudo tee /etc/nginx/sites-available/website.com > /dev/null &&
sudo ln -s /etc/nginx/sites-available/website.com /etc/nginx/sites-enabled/ &&
sudo chmod -R 777 /var/www/ &&
mkdir /var/www/website.com &&
sudo systemctl reload nginx &&

# Certbot
sudo certbot --nginx --register-unsafely-without-email &&

# Crontab
echo "0 0 * * 0 /usr/local/bin/backupscript" | crontab - &&
echo "0 */1 * * * certbot --nginx renew" | sudo crontab - &&

# Backups
mkdir ~/backups &&
echo '#!/bin/sh
rsync -artvzP /var/www/website.com ~/backups/$(date "+%d_%m_%Y")' | sudo tee /usr/local/bin/backupscript > /dev/null &&
sudo chmod +x /usr/local/bin/backupscript

##################################################

# Syncing Website
rsync -rtvzPe 'ssh -p 2356' ~/documents/websites/website.com user@207.246.121.231:/var/www/ --delete