New vultr system
Archlinux install
- install pacman-mirrorlist
- install ntp. systemtcl enable/start ntpd.service
- set timezone: ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
- locale: add LANG=en_US.UTF-8 into /etc/locale.gen. command "locale-gen "
- network configuration
- ip addr -> enp1s0
- /etc/systemd/network/20-wired.network
- systemctl enable/start systemd-networkd
- add user
- useradd --create-home –-groups wheel <yourusername>
- preset all systemctl unit
- systemctl preset-all (preset unit enable/disable according to /etc/systemd/system-preset)
- install yay for AUR package
SSH
- install fail2ban sshguard
- copy old fail2ban configuration file
- install openssh
- update /etc/ssh/sshd_config
- PasswordAuthentication no
- AuthenticationMethods publickey
- copy public key into /home/user/.ssh/authorized_keys
certbox
Nginx
- install nginx
- copy old configuration
- firewall setting with iptables
- install uwsgi uwsgi-plugin-python
- copy old configuration
- use emperor mode and put all *.ini in /etc/uwsgi/vassals
- sudo systemctl enable uwsgi@emperor.service --now
- for my application
- pymoney: python-flask-httpauth python-flask python-matplotlib
- pyblog: python-google-api-python-client python-iso8601
Dovecot
- install dovecot
- copy old configuration file
- firewall setting with iptables
- certification need to be ready with certbot
opensmtpd
- install s-nail, mutt
- install opensmtpd
- install opensmtpd-filter-dkimsign
- see link, link1, link2
- dkimproxy doesn't exist in Archlinux anymore, port 10027 doesn't work link
- copy old configuration
- firewall setting with iptables
- certification need to be ready with certbot
- port 25 is blocked by default on vultr to avoid spam and need ticket to open it. See link for "Network error on destination MXs" error
Archlinuxcn
- add archlinuxcn in pacman.conf, see link
- install archlinuxcn-keyring, otherwise you will see "signature from "xxx <xxx@build.archlinuxcn.org>" is unknown trust ", see link.
No comments:
Post a Comment