The Ultimate Ubuntu Server Install 24.04LTS: Difference between revisions

From ScottWiki
Jump to navigation Jump to search
 
(29 intermediate revisions by 2 users not shown)
Line 12: Line 12:
Network Configuration: Use the cursor keys to configure the network interface with a static IP address. (set the IPv6 option to Do Not Use)
Network Configuration: Use the cursor keys to configure the network interface with a static IP address. (set the IPv6 option to Do Not Use)
Internet Proxy: Set to whatever you user (none if you don't user one)
Internet Proxy: Set to whatever you user (none if you don't user one)
Make sure you select "Use Third Party Drivers" if you for example have an NVIDIA card.
Select Install SSH server with relevant options (if you want to use certs etc)
Select Install SSH server with relevant options (if you want to use certs etc)


Line 21: Line 22:


This will configure the system disk, with automatic boot / root / swap partitions. You can specify extra disks later and mount them if needed.
This will configure the system disk, with automatic boot / root / swap partitions. You can specify extra disks later and mount them if needed.
You can also enter manual mode and select other disks and choose your mount points.
You can also enter manual mode and select other disks and choose your mount points. You may want to set up LV volumes if you want to resize partitions later.


If you want to be safe, disconnect all disks apart from the one on which you want the do the install, (then add them later)
If you want to be safe, disconnect all disks apart from the one on which you want the do the install, (then add them later)
Line 47: Line 48:
Mount points used were.. (which in this case were manually configured as I did not want to lose existing data)
Mount points used were.. (which in this case were manually configured as I did not want to lose existing data)


<pre>
Prolong the life of SSDs with
/srv/media (using ext4)
 
/srv/data (using ext4)
nano /etc/sysctl.d/local.conf
/srv/backup (using ext4)
 
</pre>
And add this line
 
vm.swappiness=20
 
Make live with
systemctl restart procps.service


== User Config ==
== User Config ==
Line 100: Line 107:
PasswordAuthentication no
PasswordAuthentication no
#PermitEmptyPasswords no
#PermitEmptyPasswords no
# Enable this is you only want to allow people to login using a PSK.
ChallengeResponseAuthentication no
</pre>
</pre>


You can toggle PasswordAuthentication yes /no to allow you to copy the key with the command.
systemctl reload ssh


ssh-copy-id username@hostname  (keep it all short)
ssh-keygen (you may need to run this command 1st if you don't have a keypair, (VM machine)


As a one off, key exchange.
systemctl reload ssh


To reload ssh (after changing this file) - Do this securely via OpenVPN.
To reload ssh (after changing this file) - Do this securely via OpenVPN.
Line 116: Line 121:
== Fix the console text scroll speed (if there is an issue when using NVIDIA drivers) ==
== Fix the console text scroll speed (if there is an issue when using NVIDIA drivers) ==


THIS IS NOW FIXED WITH NEWER NVIDIA DRIVERS
'''THIS IS NOW FIXED This step is not necessary if you select - use Third Party Drivers during the install.'''


<pre>
<pre>
Line 155: Line 160:


Change to the netplan directory.
Change to the netplan directory.
NOTE: You may need to set the DNS server to be the local router - until you have set up BIND, then you can go back and edit this again.


  cd /etc/netplan
  cd /etc/netplan
Line 160: Line 167:




Content of the 00-installer-config.yaml
Content of the 00-solaris.yaml


<pre>
<pre>
Line 175: Line 182:
       dhcp4: false
       dhcp4: false
       addresses: [ 10.3.200.1/16 ]
       addresses: [ 10.3.200.1/16 ]
       gateway4: 10.3.1.1
       routes:
      - to: default
        via: 10.3.1.1
       nameservers:
       nameservers:
         search: [ scottworld.net ]
         search: [ scottworld.net ]
Line 185: Line 194:




Here is an example if you have dual nics and want to team / bond them.
Here is an example if you have dual NICs and want to team / bond them.




Line 209: Line 218:
       dhcp4: false
       dhcp4: false
       addresses: [ 192.168.3.200/24 ]
       addresses: [ 192.168.3.200/24 ]
       gateway4: 192.168.3.1
       routes:
      - to: default
        via: 10.3.1.1
       nameservers:
       nameservers:
         search: [ scottworld.net ]
         search: [ scottworld.net ]
Line 222: Line 233:
Disable the cloud network configuration.
Disable the cloud network configuration.


  nano /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
  touch /etc/cloud/cloud-init.disabled


Add this statement to the empty file.
Update the permissions on the netplan config to remove the global r/w permissions


  network: {config: disabled}
  chomd 600 /etc/netplan/00-solaris.yaml


Apply the changes
Apply the changes
Line 234: Line 245:
Reboot and check the network configuration with  
Reboot and check the network configuration with  
   
   
  ifconfig
  ip addr


You should have an interface of br0: with the ip you specified.
You should have an interface of br0: with the ip you specified.


<pre>
root@solaris:/home/sysadmin# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
      valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether ec:b1:d7:3e:4e:36 brd ff:ff:ff:ff:ff:ff
    altname enp0s25
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ee:06:d4:0f:de:5b brd ff:ff:ff:ff:ff:ff
    inet 10.3.200.1/16 brd 10.3.255.255 scope global br0
      valid_lft forever preferred_lft forever
    inet6 fe80::ec06:d4ff:fe0f:de5b/64 scope link
      valid_lft forever preferred_lft forever
</pre>
Edit the file
nano /etc/hosts
Comment out the entry for 127.0.1.1 and replace it with a Global server value.
10.3.200.1 solaris.scottworld.net solaris
== Turn on shell script autocomplete ==
This allows autocomplete on shell command lines
nano /etc/bash/bash.bashrc
Uncomment the the section


<pre>
<pre>
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
 
        inet 10.3.200.1  netmask 255.255.0.0  broadcast 10.3.255.255
# enable bash completion in interactive shells
        inet6 fe80::e05f:5eff:fe91:2710  prefixlen 64  scopeid 0x20<link>
if ! shopt -oq posix; then
        ether e2:5f:5e:91:27:10  txqueuelen 1000  (Ethernet)
  if [ -f /usr/share/bash-completion/bash_completion ]; then
        RX packets 102046183  bytes 83297677991 (83.2 GB)
    . /usr/share/bash-completion/bash_completion
        RX errors 0  dropped 2  overruns 0  frame 0
  elif [ -f /etc/bash_completion ]; then
        TX packets 42949657  bytes 671852183457 (671.8 GB)
    . /etc/bash_completion
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
  fi
fi
 
 
</pre>
</pre>


== NVIDIA Driver Install ==
You need to log out and back in for this to activate
Installing the drivers on servers and/or for computing purposes
You can either rely on automatic detection, which will install the driver that is considered the best match for your hardware:


sudo ubuntu-drivers install --gpgpu
== Setup SmartMon Disk Monitoring Tools ==


Or you can tell the ubuntu-drivers tool which driver you would like installed. If this is the case, you will have to use the driver version (such as 525) and the -server suffix that you saw when you used the ubuntu-drivers list --gpgpu command.
Install the smartmon package.
 
apt install smartmontools mailutils
 
List the disks with
 
lsblk
 
Edit the file
 
nano /etc/smartd.conf
 
Edit this and set up your monitoring
'''You first must comment out the line that tries to check all drives''', then add this below to check your individual disks.
 
<pre>
# Local NVMe disks
/dev/nvme0n1 -a -W 1,40,50 -m mark@scottworld.net -M diminishing -s (S/../../7/01)
 
# Local SATA disks
/dev/sda -a -I 194 -W 1,40,50 -m mark@scottworld.net -M diminishing -s (S/../../7/02)
/dev/sdb -a -I 194 -W 1,40,50 -m mark@scottworld.net -M diminishing -s (S/../../7/03)
/dev/sdc -a -I 194 -W 1,40,50 -m mark@scottworld.net -M diminishing -s (S/../../7/04)
</pre>


Let’s assume we want to install the 525-server driver (listed as nvidia-driver-525-server):


sudo ubuntu-drivers install --gpgpu nvidia:525-server
== Setup Ubuntu Pro for live patching ==


You will also want to install the following additional components:
Go to https://ubuntu.com/pro/dashboard and login


  sudo apt install nvidia-utils-525-server
  sudo pro attach <yourkey>


== Further Configurations ==
== Further Configurations ==
Line 282: Line 351:
[[Logwatch Installation 24.04LTS]]<br>
[[Logwatch Installation 24.04LTS]]<br>
[[Fail2ban installation 24.04LTS]]<br>
[[Fail2ban installation 24.04LTS]]<br>
[[Webmin Installation 24.04LTS]]<br>


'''KVM Configuration'''
'''KVM Configuration'''
Line 297: Line 367:
[[Configure MySQL 24.04LTS]]<br>
[[Configure MySQL 24.04LTS]]<br>
[[Apache Configuration 24.04LTS]]<br>
[[Apache Configuration 24.04LTS]]<br>
[[PHP Configuration 24.04LTS]]<br>
[[PhpMyadmin Installation 24.04LTS]]<br>
[[PhpMyadmin Installation 24.04LTS]]<br>


Line 307: Line 376:
'''Media Gaming'''
'''Media Gaming'''


[[Generic Gaming Server Setup]] 24.04LTS<br>
[[Generic Gaming Server Setup 24.04LTS]]<br>
[[Plex Media Server installation 24.04LTS]] *<br>
[[Plex Media Server installation 24.04LTS]] *<br>
[[Teamspeak Server Installation 24.04LTS]] *<br>
[[Teamspeak Server Installation 24.04LTS]] *<br>
Line 326: Line 395:
'''Backups'''
'''Backups'''


[[Backup using RSYNC 24.04]]*<br>
[[Amanda Backup Server Installation 24.04LTS]] *<br>
[[Amanda Backup Server Installation 24.04LTS]] *<br>
[[Amanda File Recovery 24.04LTS]]
[[Amanda File Recovery 24.04LTS]]

Latest revision as of 02:51, 25 March 2024

Noble Numbat

Main Installation

The main installation is slightly different in 22.04LTS, insert the Ubuntu Server (LTS 22.04LTS Live) installation CD/USB/DVD and follow the onscreen instructions. If you don’t understand the questions asked by the installer put the keyboard down and switch everything thing off and go back to being a user. You will be asked to select. 

Language
Keyboard
Type of Ubuntu Install - Choose "Install Ubuntu"

Network Configuration: Use the cursor keys to configure the network interface with a static IP address. (set the IPv6 option to Do Not Use) Internet Proxy: Set to whatever you user (none if you don't user one) Make sure you select "Use Third Party Drivers" if you for example have an NVIDIA card. Select Install SSH server with relevant options (if you want to use certs etc)

Disk Partitioning

When prompted choose 

Use An Entire Disk

This will configure the system disk, with automatic boot / root / swap partitions. You can specify extra disks later and mount them if needed. You can also enter manual mode and select other disks and choose your mount points. You may want to set up LV volumes if you want to resize partitions later.

If you want to be safe, disconnect all disks apart from the one on which you want the do the install, (then add them later) 



root@solaris:/home/sysadmin# lsblk
NAME                    MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda                       8:0    0   3.6T  0 disk /srv/media
sdb                       8:16   0  12.7T  0 disk
├─vg--backup-lv--cctv   252:0    0     1T  0 lvm  /srv/cctv
└─vg--backup-lv--backup 252:1    0  11.7T  0 lvm  /srv/backup
sdc                       8:32   0   3.6T  0 disk
└─vg--data-lv--data     252:2    0     3T  0 lvm  /srv/data
sr0                      11:0    1  1024M  0 rom
nvme0n1                 259:0    0 465.8G  0 disk
├─nvme0n1p1             259:1    0     1G  0 part /boot/efi
└─nvme0n1p2             259:2    0 464.7G  0 part /

You can edit the disk partitions before submitting to add further disks at specific mount points. Mount points used were.. (which in this case were manually configured as I did not want to lose existing data)

Prolong the life of SSDs with 

nano /etc/sysctl.d/local.conf

And add this line 

vm.swappiness=20

Make live with 

systemctl restart procps.service

User Config

When prompted create the system login user / password The server will install the basics, set up your user / timezone etc. Eventually you will be prompted to Reboot. 

Reboot Now

Set up software repositories and update system

We need to add additional repositories so we can download all the nice pieces of software and grab all the security updates, we do this by editing the config file listing the repositories. 

sudo nano /etc/apt/sources.list

Note: sudo elevates you to ROOT status, by typing sudo –s before you begin maintains your elevated status so you don’t have to keep typing sudo; nano is a simple text editor. Note that ‘#’ and ‘;’ indicates the line has been commented out.

Comment / Uncomment and repositories you wish to use.

Now we have to get Ubuntu to update its internal repository database 

sudo apt update

Now we can do a full distribution upgrade which gets us all the latest patches and fixes. 

sudo apt dist-upgrade

Say yes to accept the installation. The dist upgrade may take some time to install,

You probably then want to update any of the minor packages. 

sudo apt upgrade

Answer yes to any of the upgrade questions. After it is probably wise to reboot and make sure everything is still good. Especially as you have probably got your self an updated linux kernel. 

sudo reboot

SSH Server

Check that SSH server is working, Run a PuTTY session to the server and check connectivity. 

nano /etc/ssh/sshd_config

And change 

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Enable this is you only want to allow people to login using a PSK.
ChallengeResponseAuthentication no

systemctl reload ssh


To reload ssh (after changing this file) - Do this securely via OpenVPN. Keep a session open while you test the new login.

Fix the console text scroll speed (if there is an issue when using NVIDIA drivers)

THIS IS NOW FIXED This step is not necessary if you select - use Third Party Drivers during the install. 

nano /etc/default/grub

Update the relevant line ... (this will force the console into VGA(ish) mode) 

GRUB_CMDLINE_LINUX_DEFAULT="maybe-ubiquity vga=0x307"

Now update the grub loader 

update-grub

Allow IP routing internally

nano /etc/sysctl.d/local.conf

Add the following line. 

net.ipv4.ip_forward=1

Then to load this issue... 

systemctl restart procps.service


Network Interface Configuration

Configure a network bridge to present a single interface to the world, this is handy for VMs / VPNs etc. as we only need to reference the bridge. (br0:) 18.04 uses netplan to configure its network configuration.

The following steps will set up a bridge with a static IP address.

Change to the netplan directory.

NOTE: You may need to set the DNS server to be the local router - until you have set up BIND, then you can go back and edit this again. 

cd /etc/netplan
nano 00-solaris.yaml  (default netplan config)


Content of the 00-solaris.yaml 

# This is the network config written by 'subiquity'
network:
  version: 2
  renderer: networkd
  ethernets:
    eno1: {}

  bridges:
    br0:
      critical: true
      dhcp4: false
      addresses: [ 10.3.200.1/16 ]
      routes:
       - to: default
         via: 10.3.1.1
      nameservers:
        search: [ scottworld.net ]
        addresses: [ 10.3.200.1 ]
      interfaces: [ eno1 ]
      parameters:
        stp: false


Here is an example if you have dual NICs and want to team / bond them. 


network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0: {}
    enp2s0: {}

  bonds:
    bond007:
      interfaces:
      - enp1s0
      - enp2s0
      parameters:
        mode: balance-alb

  bridges:
    br0:
      critical: true
      dhcp4: false
      addresses: [ 192.168.3.200/24 ]
      routes:
       - to: default
         via: 10.3.1.1
      nameservers:
        search: [ scottworld.net ]
        addresses: [ 192.168.3.200 ]
      interfaces: [ bond007 ]
      parameters:
        stp: false

Disable the cloud network configuration. 

touch /etc/cloud/cloud-init.disabled

Update the permissions on the netplan config to remove the global r/w permissions 

chomd 600 /etc/netplan/00-solaris.yaml

Apply the changes 

netplan --debug apply

Reboot and check the network configuration with 

ip addr

You should have an interface of br0: with the ip you specified. 

root@solaris:/home/sysadmin# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether ec:b1:d7:3e:4e:36 brd ff:ff:ff:ff:ff:ff
    altname enp0s25
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ee:06:d4:0f:de:5b brd ff:ff:ff:ff:ff:ff
    inet 10.3.200.1/16 brd 10.3.255.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::ec06:d4ff:fe0f:de5b/64 scope link
       valid_lft forever preferred_lft forever


Edit the file 

nano /etc/hosts

Comment out the entry for 127.0.1.1 and replace it with a Global server value. 

10.3.200.1 solaris.scottworld.net solaris

Turn on shell script autocomplete

This allows autocomplete on shell command lines 

nano /etc/bash/bash.bashrc

Uncomment the the section 


# enable bash completion in interactive shells
if ! shopt -oq posix; then
  if [ -f /usr/share/bash-completion/bash_completion ]; then
    . /usr/share/bash-completion/bash_completion
  elif [ -f /etc/bash_completion ]; then
    . /etc/bash_completion
  fi
fi

You need to log out and back in for this to activate

Setup SmartMon Disk Monitoring Tools

Install the smartmon package. 

apt install smartmontools mailutils

List the disks with 

lsblk

Edit the file 

nano /etc/smartd.conf

Edit this and set up your monitoring You first must comment out the line that tries to check all drives, then add this below to check your individual disks. 

# Local NVMe disks
/dev/nvme0n1 -a -W 1,40,50 -m mark@scottworld.net -M diminishing -s (S/../../7/01)

# Local SATA disks
/dev/sda -a -I 194 -W 1,40,50 -m mark@scottworld.net -M diminishing -s (S/../../7/02)
/dev/sdb -a -I 194 -W 1,40,50 -m mark@scottworld.net -M diminishing -s (S/../../7/03)
/dev/sdc -a -I 194 -W 1,40,50 -m mark@scottworld.net -M diminishing -s (S/../../7/04)


Setup Ubuntu Pro for live patching

Go to https://ubuntu.com/pro/dashboard and login 

sudo pro attach <yourkey>

Further Configurations

Continue with

  • = Optional.

Network / DNS Config

Bind9 (DNS) Installation 24.04LTS
Time server chrony Installation 24.04LTS
DHCP Server Installation 24.04LTS
Dynamic DNS setup 24.04LTS *

Security / Monitoring.

Logwatch Installation 24.04LTS
Fail2ban installation 24.04LTS
Webmin Installation 24.04LTS

KVM Configuration

Configure KVM 24.04LTS

Setup SSL Certs for apache etc in OVH

Certificate Provisioning 24.04LTS


LAMP Stack / Web Servers / Databases

LAMP Stack Installation 24.04LTS
Configure MySQL 24.04LTS
Apache Configuration 24.04LTS
PhpMyadmin Installation 24.04LTS

Torrents / File shares / Time

Transmission Daemon Installation 24.04LTS *
Samba Installation 24.04LTS *

Media Gaming

Generic Gaming Server Setup 24.04LTS
Plex Media Server installation 24.04LTS *
Teamspeak Server Installation 24.04LTS *
Steam Client Install *

Open VPN

Open VPN Install 24.04LTS *

Next Cloud / Scottcloud

Next Cloud Installation 24.04LTS *

Wikipedia

MediaWiki Installation 24.04LTS *

Backups

Backup using RSYNC 24.04*
Amanda Backup Server Installation 24.04LTS *
Amanda File Recovery 24.04LTS

Retrieved from ‘https://wiki.scottworld.net/index.php?title=The_Ultimate_Ubuntu_Server_Install_24.04LTS&oldid=350