# Server Configuration Documentation ### Initial Server Setup #### Update Package Index and Upgrade Packages ```bash # Debian/Ubuntu apt update && apt upgrade -y # CentOS/RHEL yum update -y ``` #### Create a Non-Root User with Sudo Access ```bash adduser clouduxe usermod -aG sudo clouduxe ``` > **Tip**\ > Always disable direct root access and use a non-root sudo user for daily operations. ### SSH Configuration #### Configure SSH Access 1. Log in as root. 2. Open the SSH configuration file: ```bash nano /etc/ssh/sshd_config ``` 3. Apply the following changes: ``` PermitRootLogin no PasswordAuthentication no PubkeyAuthentication yes ``` 4. Restart the SSH service: ```bash systemctl restart ssh ``` #### Generate and Deploy SSH Keys On your local machine: ```bash ssh-keygen -t rsa -b 4096 ssh-copy-id user@your-server-ip ``` > **Warning**\ > Do not disable password authentication until you have successfully set up SSH keys and verified access. *** ### Firewall Configuration #### UFW (Ubuntu/Debian) ```bash ufw allow 22 ufw allow 80 ufw allow 443 ufw enable ``` #### Firewalld (CentOS/RHEL) ```bash systemctl start firewalld firewall-cmd --permanent --add-service=ssh firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload ``` > **Tip**\ > Only open the ports required for your applications. Close everything else by default. *** ### Networking Configuration #### View Network Interfaces ```bash ip addr show ``` #### Set a Static IP (Netplan - Ubuntu 20.04+) Edit configuration: ```bash nano /etc/netplan/01-netcfg.yaml ``` Example: ```yaml network: version: 2 ethernets: eth0: dhcp4: no addresses: - 192.168.1.100/24 gateway4: 192.168.1.1 nameservers: addresses: [8.8.8.8, 1.1.1.1] ``` Apply changes: ```bash netplan apply ``` *** ### Software Installation #### Web Server (Nginx Example) ```bash apt install nginx -y systemctl enable nginx systemctl start nginx ``` #### Database Server (MySQL Example) ```bash apt install mysql-server -y mysql_secure_installation ``` #### Application Runtime (Node.js Example) ```bash curl -sL https://deb.nodesource.com/setup_18.x | bash - apt install -y nodejs ``` *** ### System Optimization #### Enable Swap (if needed) ```bash fallocate -l 2G /swapfile chmod 600 /swapfile mkswap /swapfile swapon /swapfile echo '/swapfile none swap sw 0 0' >> /etc/fstab ``` #### Configure Automatic Updates ```bash apt install unattended-upgrades -y dpkg-reconfigure unattended-upgrades ``` #### Tune Kernel Parameters Edit sysctl: ```bash nano /etc/sysctl.conf ``` Recommended settings: ``` net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_fin_timeout = 15 ``` Apply changes: ```bash sysctl -p ``` *** ### Logging and Monitoring #### Enable System Logs ```bash journalctl -xe ``` #### Install Monitoring Tools ```bash apt install htop iftop iotop -y ``` > **Tip**\ > Clouduxe integrates **Prometheus + Grafana** for advanced monitoring and alerting. *** ### Backup Configuration #### Manual Backup ```bash tar -czvf backup-$(date +%F).tar.gz /var/www/html ``` #### Automated Backup (Cron Example) Edit crontab: ```bash crontab -e ``` Add job: ``` 0 2 * * * tar -czvf /backups/backup-$(date +\%F).tar.gz /var/www/html ``` > **Warning**\ > Always test your restore process. A backup is useless unless it can be restored successfully. *** ### Final Checklist * [x] Updated system packages * [x] Created non-root sudo user * [x] Secured SSH access * [x] Configured firewall rules * [x] Set up networking * [x] Installed required software * [x] Optimized system performance * [x] Configured monitoring and logging * [x] Scheduled backups *** ### Conclusion Proper server configuration is critical for performance, security, and reliability.\ At **Clouduxe**, we provide pre-configured and hardened servers out-of-the-box, ensuring your applications are deployed on a **secure and optimized infrastructure** from day one.