Server Configuration Documentation

Initial Server Setup

Update Package Index and Upgrade Packages

# Debian/Ubuntu
apt update && apt upgrade -y

# CentOS/RHEL
yum update -y

Create a Non-Root User with Sudo Access

adduser clouduxe
usermod -aG sudo clouduxe

Tip Always disable direct root access and use a non-root sudo user for daily operations.

SSH Configuration

Configure SSH Access

1. Log in as root.

2. Open the SSH configuration file:

   Copy

   nano /etc/ssh/sshd_config

3. Apply the following changes:

   Copy

   PermitRootLogin no
   PasswordAuthentication no
   PubkeyAuthentication yes

4. Restart the SSH service:

   Copy

   systemctl restart ssh

Generate and Deploy SSH Keys

On your local machine:

ssh-keygen -t rsa -b 4096
ssh-copy-id user@your-server-ip

Warning Do not disable password authentication until you have successfully set up SSH keys and verified access.

Firewall Configuration

UFW (Ubuntu/Debian)

ufw allow 22
ufw allow 80
ufw allow 443
ufw enable

Firewalld (CentOS/RHEL)

systemctl start firewalld
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Tip Only open the ports required for your applications. Close everything else by default.

Networking Configuration

View Network Interfaces

ip addr show

Set a Static IP (Netplan - Ubuntu 20.04+)

Edit configuration:

nano /etc/netplan/01-netcfg.yaml

Example:

network:
  version: 2
  ethernets:
    eth0:
      dhcp4: no
      addresses:
        - 192.168.1.100/24
      gateway4: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 1.1.1.1]

Apply changes:

netplan apply

Software Installation

Web Server (Nginx Example)

apt install nginx -y
systemctl enable nginx
systemctl start nginx

Database Server (MySQL Example)

apt install mysql-server -y
mysql_secure_installation

Application Runtime (Node.js Example)

curl -sL https://deb.nodesource.com/setup_18.x | bash -
apt install -y nodejs

System Optimization

Enable Swap (if needed)

fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap sw 0 0' >> /etc/fstab

Configure Automatic Updates

apt install unattended-upgrades -y
dpkg-reconfigure unattended-upgrades

Tune Kernel Parameters

Edit sysctl:

nano /etc/sysctl.conf

Recommended settings:

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_fin_timeout = 15

Apply changes:

sysctl -p

Logging and Monitoring

Enable System Logs

journalctl -xe

Install Monitoring Tools

apt install htop iftop iotop -y

Tip Clouduxe integrates Prometheus + Grafana for advanced monitoring and alerting.

Backup Configuration

Manual Backup

tar -czvf backup-$(date +%F).tar.gz /var/www/html

Automated Backup (Cron Example)

Edit crontab:

crontab -e

Add job:

0 2 * * * tar -czvf /backups/backup-$(date +\%F).tar.gz /var/www/html

Warning Always test your restore process. A backup is useless unless it can be restored successfully.

Final Checklist

• Updated system packages

• Created non-root sudo user

• Secured SSH access

• Configured firewall rules

• Set up networking

• Installed required software

• Optimized system performance

• Configured monitoring and logging

• Scheduled backups

Conclusion

Proper server configuration is critical for performance, security, and reliability. At Clouduxe, we provide pre-configured and hardened servers out-of-the-box, ensuring your applications are deployed on a secure and optimized infrastructure from day one.