New Server Setup

This is a quick checklist to setup a new production server. It’s as much a reference for myself as anything else.

  1. Create a non-root user
  2. Install SSH
  3. Move SSH login to a non-standard port
  4. Update the default apt sources
  5. Disable root logins over SSH
  6. Install Advanced Policy Firewall (easy instructions for Debian)
  7. Configure APF (ports 80,443, and the SSH port to start with). IG_TCP_CPORTS in /etc/apf/conf.apf
  8. Install MySql, Apache2, and PHP5 (in that order)
  9. Install cronolog for log rotation
  10. Add virtual host access restrictions to /etc/apache2/conf.d/access_restrictions
  11. Add an .htpasswd file
  12. Modify, but don’t remove the default virtualhost file
  13. Install rsync if you’re using it for backups
  14. Add custom “security” config file to /etc/apache2/conf.d/ to protect some areas
  15. Install subversion if you’re using it for version control


Comments are closed.