apt-get update
apt-get upgrade
apt install nginx
apt install mariadb-server
mysql_secure_installation
apt install php-fpm php-mysql
snap install core
snap refresh core
snap install --classic certbot
ufw allow 'Nginx HTTP'
ufw status
# Add a user for yourself.
adduser {username}
# Add your user to the sudo group.
usermod -aG sudo {username}
# Switch to that user.
su - {username}
cd ~/
# Create a file structure for your SSH configuration.
mkdir .ssh
touch .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
# Open the authorized keys file and paste a public key of yours.
vi .ssh/authorized_keys
# As root (or sudo), see config below
vi /etc/ssh/sshd_config
service ssh restart
This will ensure logins as the root user are disabled, logins with passwords are disabled, and logins with preconfigured keys are enabled.
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
Once a good enough server configuration is applied in Nginx, Certbot can be pretty magical. Just running it with the --nginx
flag will parse through your existing nginx site configs and inject SSL specific blocks.
certbot --nginx
Last modified: Thu Jun 17 2021 01:37:11 GMT+0000 (Coordinated Universal Time)