-
Notifications
You must be signed in to change notification settings - Fork 0
server installation
Started from Ubuntu 16.04.02 LTS.
All commands and edits are performed with root permissions.
This procedure can be used on any (physical) server. The documentation below uses example values (server name, domain, IP-address, URLs, UIDs, ...) applicable for the production server. Change as needed.
There is a root user, but normally you don't need it, after adding some users (provide , and for each user):
adduser <login> --gecos "<First name> <Last name>"
adduser <login> sudoLet each user test his login and then let them copy their public key from their local machine as follows:
ssh-copy-id -i ~/.ssh/id_rsa.pub username@tcblsso.ilabt.iminds.beNext disable root login and only allow public key authentication.
Here are the corresponding config settings listed in /etc/ssh/sshd_config:
# Authentication:
PermitRootLogin No
PubkeyAuthentication yes
...
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
Restart the ssh daemon to make changes effective.
systemctl restart ssh.serviceClose all your ssh sessions and login again to see the effect.
For deploying and running TCBL applications we create an extra group tcbl and an extra user tw (TCBL Worker):
# define a group for the project
addgroup tcbl
# define the tw user
adduser tw --gecos "TCBL Worker" --disabled-password
# put users in the project group
adduser ghaesen tcbl
adduser mavbraba tcbl
# put user tw in the project group and make it his primary group
usermod -g tcbl -G tw twTo make access easy, copy your public key to the tw user's authorized keys, from your local machine:
ssh-copy-id tw@tcblsso.ilabt.iminds.beor optionally make and edit that file by hand on the server:
# become tw
sudo su - tw
# optionally make the folder and the file; mind the file attributes
mkdir .ssh
chmod 700 .ssh
cd .ssh
touch authorized_keys
chmod 600 authorized_keys
# edit - paste you public key in it
vim authorized_keys See here.
Edit /etc/hostname to become:
tcblsso
Edit /etc/hosts to become:
127.0.0.1 localhost
193.191.148.174 tcblsso.ilabt.iminds.be tcblsso
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
The package unattended-upgrades was installed, but we don't want it to be enabled.
See also referring to this documentation https://help.ubuntu.com/16.04/serverguide/automatic-updates.html.
To disable, modify the value of the setting that enables unattended upgrades in all relevant files:
cd /etc/apt/apt.conf.d
grep -l "APT::Periodic::Unattended-Upgrade" *
# edit all files that are listed from above grep to contain:
# APT::Periodic::Unattended-Upgrade "0";
# currently it's only the file 20auto-upgrades
From now on, upgrade manually as described in Server maintenance.
apt-get install treeSee here. Includes how to serve web content.
See here.
See here.
See separate Gluu installation and configuration documentation.
Currently, Gluu 3.0.2 is installed.