In this tutorial I will guide you through how to do the initial setup of your Ubuntu server. This guide is for Ubuntu 18.04 but this basic configuration is pretty straight forward and should also work on other versions of Ubuntu.
What you need
- A fresh installed system with Ubuntu 18.04 Server.
- Able to access your server through SSH or physical keyboard and screen.
- And of course Root access.
If you don’t have a server up and running and are interested in getting one I can recommend you to buy a cheap VPS at Miss Hosting. Miss Hosting is a great world wide company that offers a complete hosting service for personal use, and small or big businesses. Let Miss Hosting manage all your servers, web hosts, domains, email etc. I have been using Miss Hosting for many years and the support is amazing and of course the price is really good!
What we will do
- User management
- Update system
- Configure hostname and FQDN
- Securing the server from the dangerous outside world.
1. Create admin user
Let’s start the setup right away!
Depending on how you installed Ubuntu server there might not be any “personal” user created, just only the Root user. However this Root user should not be used on a daily basis, because with root you can do anything, which also means that you have a greater risk for screwing up the system 😉 .
Start by logging in to your server with the Root user.
If you have a domain pointing at the server you can of course use it instead of your ip address.
You should be prompted to enter your password and accepting warning about host authenticity.
It’s time to create our new user. Run the command below. You can replace username with your own prefered name.
Ubuntu will now ask you a few questions, mostly important what password you want to have. The other questions is not important if you don’t want to answer them. Make sure to choose a strong password. Not “password”, okay?!
When your new user is created it is just a regular user account with no special powers, so let’s make it a super hero. Enter the command:
usermod -aG sudo yourusername
By adding our new user to the group sudo, it will be able to run commands that only root and other admin users can do. However, unlike the root user that can execute command after command, a user with sudo privileges need to first write sudo then the command like
sudo adduser luxwarp and then enter their password. So it’s a great feature that also gives you a little bit security so you don’t accidently remove the whole hard drive when you just wanted to remove a stupid picture of a cat drinking vodka.
Before logging out the root user let’s try out your new personal user. Enter command:
If all goes well you should be prompted to enter your password. Do it and press enter. You should now see the terminal showing yourusername instead of root. Then try out your super powers with sudo. Run command:
If nothing happens except that you need to enter your password then you are good to go! If you got an output like this:
Sorry, user yourusername may not run sudo on hostname.
Then something is wrong and you need to switch back to root user and add your username to the sudo group again. To switch back to root just enter command:
When you got your personal user up and running you can logout from the root user and login with your personal user instead.
You might need to logout 2 times if you have used the su command to switch users.
Now login with your personal user.
2. Update the system
It’s time to update our server so we have the latest versions of applications and security fixes. As you probably know uses Ubuntu so called repositories and by default all repositories are not enabled. Let’s open up the source.list file and take a look. I recommend beginners to use the text editor Nano.
sudo nano /etc/apt/sources.list
You should now see the file opened up in nano and you can read all the comments about the different repositories. If you want to enable one of them just remove the # -sign in front of the url. Like this:
#deb http://archive.canonical.com/ubuntu bionic partner deb http://archive.canonical.com/ubuntu bionic partner
When you’r done you press CTRL+O to save and CTRL+X to quit the nano text editor and you should be back in the terminal.
Now we need to update our sources information to find out if we have any updates to download. Run command:
sudo apt update
A lot of information should scroll by and when it’s done you can run:
sudo apt upgrade
Your system will now download all available updates and install them. Most times you don’t need to restart your server after an upgrade but if it possible I recommend doing it. You can read more about the apt command and it’s possibilities with the command:
3. Configure hostname and FQDN
If you are going to use your server for public stuff like web, mail, ftp etc you should configure a hostname and FQDN. A hostname is the server “local” name, it can be “anything”. I like to name my servers with animal names or country names.
First let’s check your current hostname with the command:
The output you get is your current hostname. If you want to change it to let’s say “web” you need to change the hostname file. Run command:
sudo nano /etc/hostname
Replace the current hostname with your new hostname you want. Save with CTRL+O and exit nano CTRL+X. This change will not take effect until you reboot the server but you can make it change without reboot by running the command:
sudo hostname yourhostname
If you now run the command hostname you should see the output is your new hostname.
Now it’s time to set the FQDN for your server. FQDN stands for Fully Qualified Domain Name and that is the “absolute” domain name pointing to your server and in many services like mail server you need to have a correct FQDN configured for it to work correctly. Your FQDN requires you to of course own a domain and should be in style of: hostname.domain.com, for example my biggest server that is hosting this website has a FQDN that is: world.luxwarp.info. Let’s configure your FQDN with the command:
sudo nano /etc/hosts
Your file could look something like this.
127.0.0.1 localhost localhost.localdomain
To set you FQDN for the server you need to add a line under the localhost line that is your external ip address to the server, your FQDN domain and the hostname. This is how my hosts file looks like.
127.0.0.1 localhost 220.127.116.11 world.luxwarp.info world
When your done editing save and exit nano. You can now verify your FQDN with the command:
The output should be your FQDN. Don’t forget to point your domain to the server ;).
4. Basic security configuration
If you are going to connect the server to internet and maybe hosting some web sites etc you should consider do some basic security configurations.
Of course all your users needs to have some strong passwords especially if they have sudo privileges. But you also should enable the firewall of the server. Ubuntu ships with a great firewall that is really easy to use. Ufw to the rescue!
Let’s run uwf status to see your current status of the firewall.
sudo ufw status
You should now see something like this
If it’s Inactive, well then you don’t have it active and your server is open on all ports for access from the world. If it’s active, well then you are protected and all ports except those which is listed below are closed from the world.
To add a new rule to allow connection on a port there is two ways to do it. Many services that you install on your server will get predefined profiles in Ufw so they are easy to add. You can first of all list all current profiles available with the command:
sudo ufw app list
Output could look like this.
Available applications: OpenSSH
So before we can enable the Ufw firewall we should make sure that SSH is allowed to pass through. Use this command to add a predefined profile like SSH above.
sudo ufw allow 'OpenSSH'
If you want to add a custom port that does not have a predefined profile you do it with this command:
sudo ufw allow 9090
When your done setting up your firewall you can enable it with
sudo ufw enable
Make sure that the rules are correct before you enable the firewall. If something goes wrong you might not be able to access your server via remote connection like SSH.
You have completed your first “initial” setup of an Ubuntu server. It’s not hard to run a server, especially if don’t have phobia for the terminal haha.
In a near future more tutorials for Ubuntu server will come, like how to setup web server with Nginx, MySQL, PHP, Mail etc so stay tuned 😀 .