Setup Ubuntu Server Softwares
Install software
apt update
apt install nginx python3-pip build-essential python3-dev git gcc fail2ban socat -y
unattended-upgrade -d -v
Change hostname
hostname myserver
vim /etc/hostname
# change to myserver
Change root password
passwd
Add user and add ssh pub key
useradd -m john
cd /home/john
su john
mkdir .ssh
cd .ssh
vim authorized_keys
// put ssh pub key inside
chmod 640 authorized_keys
Change sshd config
vim /etc/ssh/sshd_config
# set:
Port 32200
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
# restart
service ssh restart
Setup Firewall
ufw allow 80
ufw allow 443
ufw allow 32200
ufw enable
Install acme
curl https://get.acme.sh | sh
cd ~/.acme.sh
./acme.sh --upgrade --auto-upgrade
# generate cert
export LINODE_V4_API_KEY="<your linode token>"
./acme.sh --issue --dns dns_linode_v4 --dnssleep 1200 -d "*.example.com" --log
acme.sh will auto set the crontab to renew it.