Server setup ~ HMF

This is the short description of my setup of Debian 11 droplet on DigitalOcean. Live social media thread on my adventures with it can be found here.

My choice of Debian was dictated by this video.

The goal: working ntfy (for sending notifications to my phone when my automation scripts mess up or whatever) and FreshRSS (for creating, filtering, and merging rss feeds, with resulting custom rss feeds I can then subscribe to in Inoreader), some Python automation scripts.

Getting a domain

Just get one on Porkbun - .cyou is cheap nowadays. After creating the droplet on DigitalOcean, check its IP adress. Then go to Porkbun's DNS settings for your new domain, delete default records, and then create a bunch of new A records for the main domain and any subdomains you want. You can use a wildcard there to have all possible subdomains point to your server's IP as well. You could also set a CNAME record that points www.mydomain.com to mydomain.com to have it redirect one to the other automatically. After you are done, you might have to wait a bit for the changes to "catch on".

You want a subdomain for every service you'll be installing that requires one (that would be ntfy and FreshRSS for me).

Initial server setup

Guides

Initial Server Setup with Debian 11 - creation of admin user with sudo privileges (so you can avoid doing sutff as root since it's potentially dangerous), simple firewall setup with ufw, making sure you can ssh your way in as the admin user.

Commands

Assumes starting out as root user, hence no sudo before commands, and connection through ssh (aka, you picked ssh during droplet creation and already put in a public key you had set up on your personal computer).

➜ Updates

apt update

apt upgrade

➜ Firewall

apt update

apt install ufw

ufw allow OpenSSH

ufw enable

Remember to allow OpenSSH before activating the firewall, otherwise you'll lock yourself out. More info on the firewall is here.

➜ Creating Admin user

adduser admin

usermod -aG sudo admin

➜ SSH access for Admin user

cp -r ~/.ssh /home/admin

chown -R admin:admin /home/admin/.ssh

From this moment onward it's assumed you ssh your way in as the Admin user and don't do anything as root anymore.

FTP setup

Guides

How To Set Up vsftpd for a User’s Directory on Debian 10 - so you'll be able to use ftp and connect through FileZilla to easily move files between the server and personal computer. It's a guide for Debian 10, but worked fine for 11 as well.

Commands

➜ Install

sudo apt update

sudo apt install vsftpd

➜ Backup original configuration file

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

➜ Open necessary ports

sudo ufw allow 20/tcp

sudo ufw allow 21/tcp

sudo ufw allow 990/tcp

sudo ufw allow 40000:50000/tcp

➜ Prepare ftp directory

sudo mkdir /home/admin/ftp

sudo chown nobody:nogroup /home/admin/ftp

sudo chmod a-w /home/admin/ftp

sudo mkdir /home/sammy/ftp/files

sudo chown admin:admin /home/admin/ftp/files

➜ Set up ssl certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

When prompted, input your server's IP as Common Name, you can put in a single dot for the rest of the fields (meaning they'll be empty). The certificate is good for a year.

➜ Edit config

Open the config file like so:

sudo nano /etc/vsftpd.conf

Make sure the file has following setting in it:

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
user_sub_token=$USER
local_root=/home/$USER/ftp
pasv_min_port=40000
pasv_max_port=50000
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
ssl_enable=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

➜ Allow Admin user to use ftp

echo "admin" | sudo tee -a /etc/vsftpd.userlist

➜ Restart ftp service

sudo systemctl restart vsftpd

You should be able to connect to your ftp server through FileZilla now under following settings:

Host: domain name or IP address.
Encryption: "Require explicit FTP over TLS".
Logon Type: "Ask for password".
User: "admin".

Screenfetch

Installation:

sudo apt install screenfetch

The command to see your system profile:

screenfetch

Server setup

Getting a domain

Initial server setup

Guides

Commands

➜ Updates

➜ Firewall

➜ Creating Admin user

➜ SSH access for Admin user

FTP setup

Guides

Commands

➜ Install

➜ Backup original configuration file

➜ Open necessary ports

➜ Prepare ftp directory

➜ Set up ssl certificate

➜ Edit config

➜ Allow Admin user to use ftp

➜ Restart ftp service

Screenfetch

Caddy

Guides

Commands

➜ Install

Ntfy with a reverse proxy

Guides

Commands

➜ Install

FreshRSS

Guides

Commands

➜ Install