openec2 Article Description
Debian 11 and Nginx – Part 4
Basic Configurations
These are the first configurations we work to.
**** All of my syntax/commands use a WordPress plugin called Enlighter. I place my comments within […..] square brackets, or sometimes I use arrows with notes. If I make a typo, just correct it when installing. All commands will assert you are logged in as root. ****
Login with ssh, then switch user to root. (I have used root login my whole IT career without issue. Just be aware when you use commands that change content.) You exit the shell with CTRL-d, or “exit”.
If you do not know how to use a terminal shell and shell commands, I am not sure you should be doing this work until that is familiar for you.
Debian shell commands and scripts will vary a bit compared to Linux 2023.
[admin@mydomain.com: ~]$ sudo su [root@ymdomain.com: /home/admin]# set -o vi [root@mydomain.com: /home/admin]# export EXINIT='set noautoindent' [root@mydomain.com: /home/admin]#export VISUAL=vim
This assumes you use the vi editor, but you may be using nano. We leave this up to you. If you need some basics for the vi editor, please see that article.
We now configure disk swap space and a few other things.
I see no practical use of swap space over 768GB as the system usually slows down and freezes well before that limit.
echo "vm.swappiness=10" >> /etc/sysctl.conf
echo "vm.vfs_cache_pressure=200" >> /etc/sysctl.conf
sysctl -w vm.swappiness=10
sysctl -w vm.vfs_cache_pressure=200
dd if=/dev/zero of=/swapfile bs=1024 count=786432
mkswap /swapfile
chmod 0600 /swapfile
swapon /swapfile
echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
[Use your own Country/City. See /usr/share/zoneinfo]
a="Australia/Brisbane";export a;echo $a
ln -sf /usr/share/zoneinfo/$a /etc/localtime
date
apt update
apt upgrade
[This will create a new file so we can use cut and paste with the mouse in the vi editor:]
vi /etc/vim/vimrc.local
let skip_defaults_vim = 1
if has('mouse')
set mouse=r
endif
[save and exit]
cd ~
vi .bashrc
export EXINIT='set noautoindent'
export VISUAL=vim
export PS1="[\u@mydomain.com: \w]\\$ "
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
[save and exit]
cd /home/admin
vi .bashrc
export EXINIT='set noautoindent'
export VISUAL=vim
export PS1="[\u@mydomain.com: \w]\\$ "
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
[save and exit, then log out and back into a fresh terminal session and switch to root with sudo su]
Debian’s /etc/selinux is already disabled.
If using Linux 2023, we would go to the config file and disable it.
Backup/Backdoor Emergency User
It is important to have another user to login from the EC2 Connect console if for some reason the admin user (or ec2-user in Linux 2023) is corrupted.We will add a backup/backdoor user. If you get the sss_cache error shown below, please use the fix. Note, all these kinds of changes are based on building a new site only, before it goes live. We will use "snoopy" (the dog) as the user name... adduser snoopy [Give snoopy a password:] Add snoopy to /etc/sudoers - note, when using the vi editor, go to the end of the file (SHIFT G), and append the entry. Then use :w! to save the entry as it is a read only file. vi /etc/sudoers snoopy ALL=(ALL) NOPASSWD:ALL [Exit the file after saving with SHIFT ZZ] Add the user to groups admin and root: (for Linux 2023, it is wheel and root) sudo usermod -aG admin snoopy; sudo usermod -aG root snoopy We will make a copy of a good verion of /home/admin/.ssh to /home: cd /home/admin cp -pr .ssh ../SSH_BACKUP This completes the creation of a backup user that you can use in an emergency on the EC2 Contact console. If you get this error: ------------------------------- [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains -------------------------------- To fix this, do the following: cd /var/lib/sss/db rm * sss_cache -E Then add the backup/backdoor user.
