December 9, 2024

Ubuntu LTS Linux Server Setup

The goal is to have an SSL-enabled web domain running, with the ability to host a website, and a reverse-proxy enabled to forward an SSL-terminated connection to an API running locally or elsewhere.

This will set up an Ubuntu server with the basics:

• Docker from their repo, with package updates enabled
• NGINX with reverse-proxy for services
• SSL provided by Let’s Encrypt

Prerequisites

• Set up an Ubuntu Linux Server LTS instance on a local machine or cloud server, with ssh access
• A domain registered and pointing to the public ip

Initial update

Install necessary packages, update system, reboot

sudo apt install -y wget curl
sudo apt update
sudo apt upgrade
sudo shutdown -r now

Docker

Reference: Docker setup guide

Add Docker’s official GPG key:

sudo apt-get update
sudo apt-get install -y ca-certificates
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

Add the repository to Apt sources:

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Install packages

sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Set up user

sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker

NGINX

References: Install NGINX, let’s Encrypt setup, reverse proxy guide, redirect guide

Install package

sudo apt install -y nginx

Set up firewall

sudo ufw allow 'Nginx Full'
sudo ufw allow 'OpenSSH'
sudo ufw enable

Set up nginx dir structure

sudo mkdir -p /var/www/[domain]/html
sudo chown -R $USER:$USER /var/www/[domain]/

Edit index, add a “hello world”:

sudo nano /var/www/[domain]/html/index.html

<html>
  <head>
    <title>Hello world!</title>
  </head>
  <body>
    <h1>Welcome!</h1>
  </body>
</html>

Create site config:

sudo nano /etc/nginx/sites-available/[domain]

server {
    listen 80;
    listen [::]:80;

    root /var/www/[domain]/html;
    index index.html index.htm index.nginx-debian.html;

    server_name [domain];

    location / {
        try_files $uri $uri/ =404;
    }
}

Enable the site:

ln -s /etc/nginx/sites-available/[domain] /etc/nginx/sites-enabled/

Set up SSL

sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d [domain]

Set up reverse proxy, edit the site config

sudo nano /etc/nginx/sites-available/[domain]

Add the following snippet

server {
    ...

    location /api {
        proxy_pass [destination:port];
        include proxy_params;
    }

    ...
}

Test the config and restart if all is well

sudo nginx -t
sudo systemctl restart nginx