ConoHa has a new plan, and another server will be launched again from Ubuntu 18.04. Positioning of updates for this article. I really wanted to wait for 20.04, but no.
Contracted RAM1GB / SSD100GB plan @ Tokyo region. 880 yen a month. It's cheaper than 3 or 4 years ago, SSD is double ... --There are no port restrictions for the time being. Set after logging in with ssh. --The image type is OS. Select ubuntu 18.04. You can't start it even if you specify an application (for example, Docker) instead of the OS. It's evolving! --Do not register SSH Pubkey. Since a user cannot be created when creating a virtual machine, create a user before registering.
Domain management is maintained as Sakura Internet. --From Sakura's domain management screen, change the address of the domain name. --On the ConoHa server management screen, enter the domain name as the reverse host name. Just in case.
Create a user by shell login as root from SSH or control panel, add to sudoers, set ssh key, copy and register the public key of a new user with vi, all at once.
# adduser <new user>
# usermod -aG sudo <new user>
# su <new user>
$ mkdir ~/.ssh
$ touch ~/.ssh/authorized_keys
$ vi ~/.ssh/authorized_keys
Change Port by playing with sshd_config, prohibit Root / Password login, and only public key login.
$ sudo vi /etc/ssh/sshd_config
- Port 22
+ Port xxx #Change port
- PermitRootLogin yes
+ PermitRootLogin no
- PubkeyAuthentication no
+ PubkeyAuthentication yes #Public key login
- PasswordAuthentication yes
+ PasswordAuthentication no
- UsePAM yes
+ usePAM no
$ sudo /etc/init.d/ssh restart
Have fun with ʻufw`. You don't have to bother to open Port 80/443 because docker's nginx-proxy will open it for you.
$ sudo ufw allow <ssh port> # ssh
$ sudo ufw default deny #Deny all by default
$ sudo ufw enable
Verification.
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
<ssh port> ALLOW IN Anywhere
<ssh port> (v6) ALLOW IN Anywhere (v6)
ConoHa VPS has 17 IPv6 addresses assigned to each server. However, only IPv4 addresses are assigned to images created with the Ubuntu 18.04 image. Since I want to access with IPv6, I also assign an IPv6 address.
/etc/netplan/10-gmovps.yaml
network:
ethernets:
eth0:
- addresses: []
+ addresses:
+ - <ipv6_address>/64
dhcp4: true
dhcp6: false
accept-ra: false
optional: true
+ gateway6: <gateway_address>
version: 2
Change it as above, or create a yaml with 11 or more prefixes and insert it as above to overwrite the settings (e.g., /etc/netplan/20-mynetwork.yaml). Then execute the following to reflect.
$ sudo netplan apply
Since / etc / hosts and / etc / hostname are inconsistent,
/etc/hosts
127.0.0.1 conoha
/etc/hostname
conoha
I'll keep it like this.
There seems to be no need to set up an NTP server anymore. Since systemd-timesyncd is running on Ubuntu, it seems that it will synchronize the time without permission.
It's synchronized like this.
$ timedatectl status
Local time: Tue 2020-03-17 17:37:26 JST
Universal time: Tue 2020-03-17 08:37:26 UTC
RTC time: Tue 2020-03-17 08:37:27
Time zone: Japan (JST, +0900)
System clock synchronized: yes
systemd-timesyncd.service active: yes
RTC in local TZ: no
Docker All servers will be run by Docker.
$ sudo apt-get update;
$ sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - #Introduced Docker GPG key
$ sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable" #Add repository
$ sudo apt-get install docker-ce docker-ce-cli containerd.io
$ sudo docker run hello-world #Operation check
sudo usermod -aG docker <new user>
$ sudo curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
#1 at the time of writing this.25.4 is the latest. Check github for the status. https://github.com/docker/compose/releases
$ sudo chmod +x /usr/local/bin/docker-compose #Grant execution authority
$ docker-compose --version #check
docker-compose version 1.25.4, build 8d51620a
reference: Get Docker CE for Ubuntu Install Docker Compose
Just in case.
$ sudo apt-get install logwatch
$ sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
Edited to gmail.
/etc/logwatch/conf/logwatch.conf
- MailTo = root
+ MailTo = [email protected]
Use the following article to use Sakura's mail server as a relay server and send it from postfix to gmail.
https://qiita.com/jqtype/items/cfb03be0efb8eacd8978
Recommended Posts