Installation

To install vsftpd, you must enter the following command:

apt-get install vsftpd

Configuration

First you need to open the configuration file using your text editor. This example uses vim

vim /etc/vsftpd.conf

vsftpd allows anonymous users to access the server by default. This feature is considered a serious security vulnerability. To disable, you must enter an anonymous login by changing the following line:

anonymous_enable=NO

To enable local login, uncomment the following:

local_enable=YES

The following command enables the download:

write_enable=YES

Next, you need to save the file and close the text editor. Then run vsftpd as a daemon:

service vsftpd start

This step is final in order to enter the FTP server from your local computer.

Add a New User Account

To create a user account, you need to use the adduser command. We recommend using a strong password for the user! An example of a strong password is aoQ7w52!OKvA$Pfz. Next, you can enter values ​​for user information, or press ENTER to leave these fields blank.

# adduser example_user
Adding user `example_user' ...
Adding new group `example_user' (1001) ...
Adding new user `example_user' (1001) with group `example_user' ...
Creating home directory `/home/example_user' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for example_user
Enter the new value, or press ENTER for the default
        Full Name []: Example User
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] y

Add User to Sudo Group

You can add a new user to the sudo group using the usermod command

# usermod -aG sudo example_user

Test

Switch to a New user

# su - example_user

Make sure you are the new whoami user, then test sudo access with sudo whoami which should return root

$ whoami
example_user
$ sudo whoami
[sudo] password for example_user:
root

Done!

Installing Cockpit

For installing this web server please ise the following command

apt install cockpit -y

Start the Cockpit service using the systemctl utility. To run the service Cockpit you can use the systemctl utility

systemctl start cockpit

For checking the Cockpit servise work you can use the following commang

systemctl status cockpit

Further configuration: working with the Firewall

The next important step is to configure the UFW to enable the Cockpit web interface (TCP port is designated 9090). This can be done with the following command:

ufw allow 9090/tcp

Then you need to open access to the Cockpit web console. To do this, you need to open the web console in your browser and then make changes to example_IP to your IP address of the virtual server

http://example.com:9090

This completes the Cockpit setup and installation.

First stage before updating

First, update your Ubuntu

apt upgrade

Then restart your server

reboot

Next, do the following:

apt update && sudo apt upgrade -y

After that, you need to remove unused packages and kernels to free up space in your /boot partition

apt --purge autoremove

Then you need to edit the update manager configuration file. This can be done as follows:

nano /etc/update-manager/release-upgrades

Find the line starting with Prompt =. Make sure it is not commented out and the lts value matches the one shown:

Prompt=lts

Running Updates

First, we recommend checking the backups again. Then run the update tool on your Ubuntu, then enter Y

do-release-upgrade

Then follow the instructions that you see in your terminal and click carefully. This will be followed by the removal of packages, with which you must agree by clicking on Y

Additional IP price is $ 3

Next, to set up an alternate IP address in Debian and Ubuntu, follow these steps:

Log into your VPS using SSH. As the root user, open the /etc/network/interfaces file in your preferred text editor. Then add the following text to the file:

# The primary network interface
auto eth0:0
iface eth0:0 inet static
address xxx.xxx.xxx.xxx
netmask 255.255.255.0

Next, replace xxx.xxx.xxx.xxx with the new IP address that you want to add to your VPS. Then save the changes in the same /etc/network/interfaces file and then exit your text editor. To restart the network interfaces on your server, you need to run the command:

ifdown -a --exclude = lo; ifup -a --exclude = lo

To verify that the procedure completed successfully, enter the following command:

ifconfig

The new IP address must be associated with interface eth0.

Backup process

We recommend a way to back up a MySQL or MariaDB database using the mysqldump dump command.

echo "SHOW DATABASES;" | sudo mysql

This command displays a list of your databases. Make sure you know which .sql file you need, and then simply run the following command to backup to the file.

sudo mysqldump example_database > $(date +"%F").sql

The command described above will back up the example_database to a file with a date ending in .sql. It is also possible to change the name of this file to any other, although saving the file name as a date will be useful if you accidentally delete an important row or column. Use date –help to learn about other ways to style your date.

Recovery

Here you need to find the .sql file that you created and run the following:

sudo mysql example_database < filename.sql

Migrating to MariaDB from MySQL

The first thing to do is back up each of your databases:

sudo mysqldump example_database > example_database.sql

After that, you will need to install MariaDB, which will replace MySQL, and restore your databases by following these steps for each database.

sudo mysql example_database < example_database.sql

user@localhost:~$ sudo apt update
user@localhost:~$ sudo apt install openvpn easyrsa

Basic configuration

• Configuration file

Copy the example from the documentation folder

user@localhost:~$ sudo cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

Go to the program settings folder

user@localhost:~$ cd /etc/openvpn

Open the main configuration file in a text editor

user@localhost:~$ sudo nano server.conf

Set the dh parameter pointing to the file ‘/etc/openvpn/dh.pem’

dh /etc/openvpn/dh.pem

After, you need to find the line:

;push redirect-gateway def1 bypass-dhcp "

Then uncomment it

push redirect-gateway def1 bypass-dhcp

Find the user parameter and set its value to nobody:

user nobody

The same thing with the group:

group nobody

The paths to keys and certificates:

ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
tls-auth /etc/openvpn/ta.key 0

• Generation of keys and certificates

user@localhost:~$ mkdir -p ~/easy-rsa
user@localhost:~$ cp cp -rf /usr/share/easy-rsa/3.0.3/* ~/easy-rsa
user@localhost:~$ cd ~/easy-rsa

user@localhost:~$ ./easyrsa init-pki

A pki folder will be created with utility files in subdirectories

user@localhost:~$ ./easyrsa gen-dh

It will take some time and the file will be generated in the easy-rsa / pki / dh.pem folder

user@localhost:~$ ./easyrsa build-ca

You will be asked for a new password for the private key of your root certificate.

Plese, enter the password and write it down in a safe place, this password will be requested every time that everyone else signs this certificate.

user@localhost:~$ ./easyrsa build-server-full server nopass
user@localhost:~$ ./easyrsa build-client-full client nopass

user@localhost:~$ sudo cp pki/ca.crt pki/dh.pem pki/private/server.key pki/issued/server.crt /etc/openvpn/
user@localhost:~$ sudo chown root /etc/openvpn/*

Check the operability of the configuration

user@localhost:~$ sudo openvpn /etc/openvpn/server.conf

We get something like this “exhaust”

Tue Aug 13 09:31:11 2019 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Aug 13 09:31:11 2019 Diffie-Hellman initialized with 2048 bit key
Tue Aug 13 09:31:11 2019 Outgoing Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Tue Aug 13 09:31:11 2019 Incoming Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Tue Aug 13 09:31:11 2019 ROUTE_GATEWAY 172.16.2.1/255.255.255.0 IFACE=eth0 HWADDR=52:54:00:10:3b:15
Tue Aug 13 09:31:11 2019 TUN/TAP device tun0 opened
Tue Aug 13 09:31:11 2019 TUN/TAP TX queue length set to 100
Tue Aug 13 09:31:11 2019 /sbin/ip link set dev tun0 up mtu 1500
Tue Aug 13 09:31:11 2019 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Tue Aug 13 09:31:11 2019 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Tue Aug 13 09:31:11 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Aug 13 09:31:11 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Aug 13 09:31:11 2019 UDPv4 link local (bound): [AF_INET][undef]:1194
Tue Aug 13 09:31:11 2019 UDPv4 link remote: [AF_UNSPEC]
Tue Aug 13 09:31:11 2019 MULTI: multi_init called, r=256 v=256
Tue Aug 13 09:31:11 2019 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Tue Aug 13 09:31:11 2019 IFCONFIG POOL LIST
Tue Aug 13 09:31:11 2019 Initialization Sequence Completed

Press Ctrl + C and interrupt the process

Tue Aug 13 09:31:12 2019 event_wait : Interrupted system call (code=4)

Tue Aug 13 09:31:14 2019 /sbin/ip route del 10.8.0.0/24

Tue Aug 13 09:31:14 2019 Closing TUN/TAP interface

Tue Aug 13 09:31:14 2019 /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2

Tue Aug 13 09:31:14 2019 SIGINT[hard,] received, process exiting

We start OpenVPN as a service, systemd allows you to run individual configurations by entering a name through ‘@’

user@localhost:~$ sudo systemctl start openvpn@server
user@localhost:~$ systemctl status openvpn@server

Open port 1194 in the firewall

If firewalld is active, we execute the commands

user@localhost:~$ sudo firewall-cmd --zone public --add-service=openvpn
user@localhost:~$ sudo firewall-cmd --runtime-to-permanent

For those who prefer iptables + netfilter-persistent before prohibiting rules, insert something like this

(It depends heavily on the current settings and before adding see what rules are already in iptables -nvL –line command)

user@localhost:~$ sudo iptables -I INPUT 4 -p tcp --dport 1194 -j ACCEPT user@localhost:~$ sudo service netfilter-persistent save

For those who chose nftables, we add the line in the /etc/nftables.conf file in the (chain) input chain before the prohibition rules

ip tcp dport 1194 accept

Reload the rules

On this, the basic setup on the server side can be considered complete

• VPS, with the installed operating system Ubuntu 18.04;
• The static IP address of your vps (primary IP);
• Root access user

Download and Install Ajenti

First you need to add the repo key, it will serve to check the packages that you will install later

wget http://repo.ajenti.org/debian/key -O- | sudo apt-key add -

Then add the real repo to your list of sources.

echo "deb http://repo.ajenti.org/ng/debian main main ubuntu" | sudo tee -a /etc/apt/sources.list

Now update your packages and start the installation

sudo apt-get update && sudo apt-get install ajenti

After the installation is complete, need to start the Ajenti server

sudo service ajenti restart

If you followed the steps above correctly, your console will contain * started

Ajenti Opening

Open Ajenti in your browser by going to https://192.0.2.0:8000. If the browser shows privacy error using this link, then this is completely normal and safe, go to your site.

Next, log in by entering your personal user data

Username: root
Password: admin

Customizing and Configuring Ajenti

Then please Click the Password button in the sidebar. Then enter admin under the old password and select a new, secure password. In the console, restart Ajenti, then log in with the new password

sudo service ajenti restart

Agenti Home – Ajenti Dashboard. It can be configured to display information about your server and uptime. You can further add more widgets by clicking Add Widget at the top

Ubuntu update

First you need to update the list of available Ubuntu packages

sudo apt-get update -y

Next, you need to install updates

sudo apt-get upgrade -y

Create your user sudo

You can add a user by executing the following command:

adduser <username>

Further, after the user is successfully added, it will be proposed to install the necessary information about this user

Enter the new value, or press ENTER for the default
Full Name []: Test User
Room Number []: 01
Work Phone []: 5555555
Home Phone []: 5555555
Other []:

After successfully adding all the information and data, you need to add a new user to the sudo group

usermod -aG sudo <username>

To verify this, run the following command

ls -la /root

Web server setup

You can install either Apache, either Nginx.

To install Apache, use the following command:

sudo apt-get install apache2 -y
sudo systemctl start apache2.service

For Nginx, use the following command:

sudo apt-get install nginx -y
sudo systemctl start nginx.service

Install PHP 7.2

PHP 7.2 is included in the default Ubuntu repository for 18.04. You can list each of the available PHP 7.2 packages with the following command:

apt-cache pkgnames | grep php7.2

Next, to install the packages necessary for your application, enter the command:

sudo apt-get install php -y
sudo apt-get install php-{bcmath,bz2,intl,gd,mbstring,mysql,zip,fpm} -y

After that, restart your web server. This will allow PHP to get to work. For Apache, use the following command:

systemctl restart apache2.service

For Nginx, use the following command:

systemctl restart nginx.service

Confirm the PHP version:

php -v

If the correct steps have been taken before, then the conclusion should be as follows:

PHP 7.2.10-0ubuntu0.18.04.1 (cli) (built: Sep 13 2018 13:45:02) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.10-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies

The main PHP 7.2 configuration file will be saved as /etc/php/7.2/fpm/php.ini. You can use the vi text editor to change the corresponding settings in this file:

sudo vi /etc/php/7.2/fpm/php.ini

IMPORTANT!!
If you are making any updates to this file, then you will definitely need to restart your web server (Apache or Nginx).

Recommended Updates of Your Server

The first step to complete the installation is to update your system to the latest stable version:

sudo apt-get update -y
sudo apt-get upgrade -y

Java Installation

Maven 3.6.3 or higher requires JDK 1.7 or higher installed. We will install OpenJDK, which is the default Java development and runtime environment on Ubuntu 20.04. First, install OpenJDK:

sudo apt-get install -y default-jdk

After that, you should check the Java version

java -version

The output will be similar to the following:

openjdk version "11.0.9.1" 2020-11-04
OpenJDK Runtime Environment (build 11.0.9.1+1-Ubuntu-Oubuntu1.20.04)
OpenJDK 64-Bit Server VM (build 11.0.9.1+1-Ubuntu-Oubuntu0.20.04, mixed mode, sharing)

Apache Maven Installation

The next step will be followed by the actual installation of Apache Maven. The first step is to change your working directory to /opt/ directory:

cd /opt/

Install Apache Maven can be installed from the official website. Installation is described in the command below:

sudo wget https://www-us.apache.org/list/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz

After successful completion of the download, you can unpack the downloaded archive using the command below:

sudo tar -xvzf apache-maven-3.6.3-bin.tar.gz

Then rename the extracted directory:

sudo mv apache-maven-3.6.3 maven

Installation environment variables

After the given resource has been successfully installed, you need to set up environment variables such as PATH, M2_HOME, JAVA_HOME. You can do this by creating a mavenenv.sh file inside the /etc/profile.d/ directory:

sudo vi /etc/profile.d/mavenenv.sh

Then, you should add what is described below:

export JAVA_HOME = / usr / lib / jvm / default-java
export M2_HOME = / opt / maven
export PATH = $ {M2_HOME} / bin: $ {PATH}

Then you need to save and close the file and make it executable:

sudo chmod + x /etc/profile.d/mavenenv.sh

Now you can load the environment variables:

source /etc/profile.d/mavenenv.sh