Initial steps for installing dependencies

By default, the Snap daemon is enabled on most Ubuntu server distributions. In any case, install it with the following command.

apt install snapd

Check the installed version of snap.

sudo snap version

Next, make a output and you cah show it (For ubuntu 22.04)

 snap    2.57.1
 snapd   2.57.1
 series  16
 ubuntu  22.04
 kernel  5.15.0-41-generic

Then you can install tne NextCloud programm. Use this command with snap

snap install nextcloud

Configure your NextCloud

The first step in your successful configuration should be to configure UFW to allow HTTP network traffic on server port 80. Please use this command

ufw allow 80/tcp

Next, you should allow access to https in order for everything to work fine. Use this command:

ufw allow 443/tcp

After you have made the necessary changes, you should reload the firewall. Use command to reload:

 ufw reload

To activate the NextCloud database and configuration file values, visit your server’s IP address using a web browser.

 http://Your_IP_Address

Now it remains to enter a username and a strong password to create the first administrator account. Then open your most preferred text editor and edit the main NextCloud configuration file.

nano /var/snap/nextcloud/current/nextcloud/config/config.php

Find the “trusted_domains” =>` section and replace the server IP address with your domain name as shown below.

 'trusted_domains' =>
    array (
       0 => 'nextcloud.Your_Domain_Name.com',
     ),

Then save and close the file. Install the Let’s Encrypt SSL certificate to secure your NextCloud server with HTTPS by running the following command.

nextcloud.enable-https lets-encrypt

You can find how to install your security certificate here (based on your web server).

First of all, it is recommended to update and upgrade the packages before any installation:

sudo apt-get update
sudo apt-get upgrade

Installing dependencies required for Ly

To install ly you will need to install some very important dependencies . For simplicity, run the following command:

apt-get install build-essential libpam0g-dev libxcb-xkb-dev git -y

Install Ly

The next step is to install ly display manager. Start by opening a terminal window and clone the repository as shown below (use this Git guide link):

git clone --recurse-submodules https://github.com/nullgemm/ly.git

Once completed, navigate to the directory

cd ly

Run the compile command as shown below (just paste the command):

make

After compilation is complete, run the following command to test the display manager in the current tty session.

sudo make run

Once you’ve successfully tested, the next step is to install Ly and its systemd services. The command looks like this:

make install

After a successful installation, you should run the command below to enable the systemd service

systemctl enable ly

Install the CrowdSec Agent

Login to the server using SSH, or VNC with a non-root user who has sudo privileges. To get started, it is recommended that you log into your server with a sudo user. You can do it like this:

ssh any-user@<Your_IP_Address>

Next, it is recommended to download a special script. It will add the given repository – packagecloud.io to the list of sources and the packagecloud.io GPG key to check the downloads. Just copy the command (using curl)

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash

Install CrowdSec

After successfully installing a special script, you can proceed with the installation of CrowdSec. This can be done by following the following command:

apt install crowdsec

Next, you need to check this installation. Just enter the following command:

systemctl status crowdsec

The result will be something like this:

crowdsec.service - Crowdsec agent
    Loaded: loaded (/lib/systemd/system/crowdsec.service; enabled; vendor pres>
    Active: active (running) since ... etc.

You will be able to upload a list of required manipulations with your CrowdSec. The helper can be called like this command:

cscli machines list

Install a Firewall

It is highly recommended to install a firewall. This will be useful and very important as using the CrowdSec agent to prevent intrusions into your system. Install as below:

apt install crowdsec-firewall-bouncer-iptables -y

You can view the important points regarding the firewall like this:

cscli alerts list

cscli decisions list

cscli metrics 

adduser --disabled-login user_for_teamspeak

Then switch to this user to make certain manipulations and changes. This can be done like this:

su user_for_teamspeak

Before you click on the link below, check the official TeamSpeak website for versions and updates. If it does not match, change the number in the version number of this utility.

Now is using the last version – 3.5.6

wget https://files.teamspeak-services.com/releases/server/3.5.6/teamspeak3-server_linux_amd64-3.5.6.tar.bz2

After successfully installation, unpack the downloaded archive.

tar xvfj teamspeak3-server_linux_amd64-*.tar.bz2

Copy all contents from the extracted directory to the teampeak user’s home directory.

cp teamspeak3-server_linux_amd64/* -R /home/user_for_teamspeak/

The download file isn’t required from now. It means, that you can delete it.

teamspeak3-server_linux_amd64-*.tar.bz2

Then you need to accept the license agreement. You will be able to create a special file

/home/user_for_teamspeak/.ts3server_license_accepted

Log out of the user’s TeamSpeak session. You can use the following command:

exit

Then, after successfully log out, you can create a systemd service file to start Teamspeak on boot.

nano /lib/systemd/system/ts3server.service

Then you need to add the following text. After adding, you need to save it

[Unit]
Description=TeamSpeak 3 Server
After=network.target

[Service]
WorkingDirectory=/home/user_for_teamspeak
User=user_for_teamspeak
ExecStart=/home/user_for_teamspeak/ts3server_minimal_runscript.sh
ExecStop=/home/user_for_teamspeak/ts3server_startscript.sh stop
ExecReload=/home/user_for_teamspeak/ts3server_startscript.sh restart
Restart=always
RestartSec=15

[Install]
WantedBy=multi-user.target

Then please restart systemd system

systemctl daemon-reload

Launch and enable your installed TeamSpeak utilite to start on boot.

systemctl start ts3server
systemctl enable ts3server

Then you’ll be able to switch to user teampeak

su user_for_teamspeak

The last step is to get the ServerAdmin privilege key needed to connect to the server for the first time

/home/user_for_teamspeak/logs/ts3server_*

To download, also you can use this link

These special KVM servers have many purposes, such as:

• file storage
• organization of personal cloud storage
• data backup
• installation of personal or SOHO systems for working with files and documents (as a NextCloud, Seafile, and the like).

This is the perfect solution for you if you are looking to organize your storage in a way that is safe and secure. We all prefer to make reserves, in any area of ​​life it is an absolutely irreplaceable thing, in that there is an emergency storage for some personal needs and requirements. Therefore, today the relevance and importance of backups is undoubtedly of great importance in life. No matter how much technology is developed today, the backup process always takes place and there will never be that this process loses its relevance or value. To host websites and other projects, you must use SSD VDS or dedicated servers.

The advantage of backup storage is also that it solves the problem of data transfer and working with shared documents.Even if there are a lot of duplicated components on your server, all the data can be on an expensive array with a large excess, no one is immune from the fact that there will be logical errors, there will be a certain human factor. Learn more about the importance of backups here.

As far as Linux distributions are concerned, you may well need to test the systems before launching them. To do this, it is worth taking into account the important rc.local file in order to put the appropriate and necessary commands there. This is necessary in order to make it possible to execute them at system startup.

How to use RC.local on CentOS 8

Update your system

yum update

Initially, you should check the status of the “rc-local” service. To do this, enter the following special command:

systemctl status rc-local

The answer will be unequivocal: the service is inactive. The next step is to create the rc-local file inside systemd. You can do it like this:

nano /etc/systemd/system/rc-local.service

Then you need to just copy and paste the following content inside it by CTRL+S and CTRL+X

[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99

[Install]
WantedBy=multi-user.target

Then, after the successful actions taken earlier, you need to make the file executable. This means that the commands will be executed. Follow the instructions below:

chmod +x /etc/rc.local

Enable and start the rc-local service using the commands below.

systemctl enable rc-local

Then you need to start the service and also get the status with the following command:

systemctl start rc-local
systemctl status rc-local

Once you have successfully started the service, you can then access the “/etc/rc.local” file with a text editor. We used the nano editor for this. Use the following command:

nano /etc/rc.local

The file is now in open format, and you can then enter commands at the end of the file. All these commands will be executed when the server starts. We have created a directory and a text file inside that directory, as seen in the image above. After that, it is recommended to restart the rc.local service as follows.

systemctl restart rc-local

After rebooting the system, you will see that the required directory and file will be created in the specified location.

chmod +x /etc/rc.d/rc.local

lspci | egrep 'VGA|NVIDIA'

As for the lists of NVIDIA drivers, they are all freely available in the official and paid Debian 11 package repositories. However, they are disabled by default. To enable them, issue the following command:

apt-add-repository contrib

To enable the non-free package repository, run the following command:

apt-add-repository non-free

Then make updates

apt-get update

Now let’s move on to the installation steps. To install the NVIDIA drivers, run the following command:

apt install nvidia-driver

Then confirm setting [Y]. Once you have confirmed the installation of the NVIDIA drivers and all required dependencies, wait for the installation to complete and reboot the server with the following command:

reboot

Add GPG key and important RethinkDB repository

The RethinkDB team has its own repository for Ubuntu Linux. Add the repository to your APT. When you enter the RethinkDB command, you get the output of the repository that is already on your Ubuntu server. You need to add this using a special command, which is described below:

source /etc/lsb-release && echo "deb https://download.rethinkdb.com/repository/ubuntu-$DISTRIB_CODENAME $DISTRIB_CODENAME main" | sudo tee /etc/apt/sources.list.d/rethinkdb.list

This package, which you need to install, is signed with a GPG key from the RethinkDB team. It is very important to add it, because it will help you avoid any warnings in the future. Run the following command to save the changes:

wget -qO- https://download.rethinkdb.com/repository/raw/pubkey.gpg | sudo apt-key add - OK

After you have successfully added the key and repository described above, you should upgrade the packages. To do this, do the following:

apt update -y

Installing RethinkDB

To install RethinkDB for your Ubuntu 20 server, run the following simple command, which is described below:

apt install rethinkdb -y

Enter the following commands to have your utility always run during server boot.

systemctl start rethinkdb
systemctl enable rethinkd

mysql -u root -p

Create a new database.

create a new database chevereto;

Then you need to create a new database user by following command

CREATE USER `superadmin`@`Your_Host` IDENTIFIED BY 'strong-passwd';

Grant the user full access rights to the Chevereto database.

GRANT ALL PRIVILEGES ON chevereto.* TO admin@localhost;

Then you need to Updated the root role MySQL

FLUSH PRIVILEGES;

Then – EXIT command (finish)

EXIT

Install Chevereto

You can download from the Git repository. This is available from the link shown below:

wget https://github.com/Chevereto/Chevereto-Free/archive/1.0.9.tar.gz

Next, you need to extract the file:

tar -xvzf 1.0.9.tar.gz

Then add the following to this directory:

<?php
$config['db_name'] = 'cheveretodb';
$config['db_user'] = 'chevereto';
$config['db_pass'] = 'password';
$config['admin_password'] = 'password';

Next, you need to give permission to the Chevereto directory. You can do this with the following command:

chown -R www-data:www-data /var/www/html/chevereto
chmod -R 777 /var/www/html/chevereto

Then you need to configure the Firewall. Firstly, you need to allow HTTP Connections (80 port)

ufw allow in http

And also HTTPS connection (443 port)

ufw allow in https

Preliminary Actions

First you need to update your server. To do this, enter a simple command:

apt update && upgrade

It is worth noting that the installation is not difficult, since Fail2Ban is already included in the repositories of your Debian 11. Installation is easy, just enter the command:

apt install fail2ban

After you set it up, please check. The verification step is extremely important for making future adjustments:

systemctl status fail2ban

If Fail2ban is not running on your instance, you need to run it. This can be done with the following command:

systemctl start fail2ban

Next, move on to configuring Fail2ban. This is necessary for proper launch. Enter the following command:

systemctl enable fail2ban

Configuring Fail2Ban

If the first installation step was successfully completed and verified, then you can proceed to the Fail2ban configuration. Fail2ban is installed bundled with a default configuration file. This file contains configurable settings in Fail2ban. The file location is as follows:

/etc/fail2ban/jail.conf

The file contains settings known as filters for configuring Fail2ban. This tool also has many options in its configuration file. These options can be useful for specific scripts and services that work with each other on your Linux machine.

• The bantime value is the exact time during which the malicious IP is blocked
• The maxretry value – The number of times the user will try to login. If the limit is exceeded, the IP address is blocked.
• The ignoreip value is the networks you trust. All networks you enter here will bypass Fai2Ban filtering.
• The enable value allows Fail2ban to confirm whether you want this jail to be enabled or disabled.

Next is to talk about jails. It has an individual customization option. Jails can increase the security of your Linux computer in many ways. You can add different filters to your server services. The first step is to create the jail.local configuration file. You can do it like this:

touch /etc/fail2ban/jail.local

Open jail.local in a text editor of your choice.

nano /etc/fail2ban/jail.local.

After the clarifications above have been provided regarding hail conf. you will be able to apply this directly to the configuration.

enabled = true
port = ssh
bantime = 10h
maxretry = 12
ignoreip = Any_IP

[apache-badbots]
enabled = true
port = http,https, smtp...
bantime = 72h
maxretry = 3

[squid]
enabled = false
port = 80,443,25, 1234...