A new Ubuntu server

apt-get update
apt-get upgrade
apt install nginx
apt install mariadb-server
mysql_secure_installation
apt install php-fpm php-mysql
snap install core
snap refresh core
snap install --classic certbot
ufw allow 'Nginx HTTP'
ufw status

# Add a user for yourself.
adduser {username}

# Add your user to the sudo group.
usermod -aG sudo {username}

# Switch to that user.
su - {username}
cd ~/

# Create a file structure for your SSH configuration.
mkdir .ssh
touch .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

# Open the authorized keys file and paste a public key of yours.
vi .ssh/authorized_keys

# As root (or sudo), see config below
vi /etc/ssh/sshd_config
service ssh restart

sshd_config

This will ensure logins as the root user are disabled, logins with passwords are disabled, and logins with preconfigured keys are enabled.

Certbot

Once a good enough server configuration is applied in Nginx, Certbot can be pretty magical. Just running it with the --nginx flag will parse through your existing nginx site configs and inject SSL specific blocks.

certbot --nginx

Sources:

Last modified: Thu Jun 17 2021 01:37:11 GMT+0000 (Coordinated Universal Time)