Containerised Hosting Part [1/3]: Server Preparation
Introduction
This series of posts aim at setting up a server as a container host which can be managed via admin panels through a browser.
This Architecture will provide instructions and sample configurations to setup the following.
- Docker for Ubuntu
- Webmin Management Panel
- Docker Compose
- Traffic Edge Router with Let’s Encrypt
- Portainer (Container Management Panel)
- Wordpress Blog and it’s dependencies
- Ghost Blog and It’s Dependencies
This series will be releasing with 1 post every week and more sample configurations may be added in the future.
Let’s get started!
Step 0 - Find a Server
On your favourite Public/Private Cloud provider,Personal Server or even a Virtual Machine, start by installing Ubuntu Server 20.04. Once done with installing the OS, there are certain things to be done to improve the security and usability of the server.
Step 1 - Login as Root
To login to your server, you will need your server IP address and root user credentials. If you have an SSH key for authentication, you will need to have the private key for the root user.
ssh root@<your_server_ip>
Accept the warning about host authenticity if it appears. If you are using password authentication, provide your root password to log in.
Note: If this is your first time logging into the server with a password, you may also be prompted to change the root password.
Step 2 - Create a User
Once you are logged in as root, you need to create a new user account
adduser <username>
Substitute <username>
with your desired username.
You will be asked a few questions, starting with the account password.
Enter a strong password and, optionally, fill in any of the additional information if you would like. This is not required and you can just hit ENTER
in any field you wish to skip.
Step 3 - Grant Administrative Rights to the New User
We now have an account with normal privileges, However we sometimes need to perform administrative tasks.
We can avoid logging out and logging into the root account by simply granting our current user root privileges.
This will allow our normal user to run commands with admin rights by using the word sudo
before each command.
As root run the following command to add your new account to the sudo
group. (Substitute <username>
with your normal account username):
usermod -aG sudo <username>
Now, when logged in as your regular user, you can type sudo
before commands to perform actions with superuser privileges.
Step 4 - Setup a Firewall (Uncomplicated Firewall a.k.a. UFW)
Ubuntu Servers come with UFW installed and this can be used to ensure connections are allowed to only certain preconfigured services.
Applications can register their profiles with UFW on install. These profiles allow UFW to manage these applications directly by name. OpenSSH which is the service that provides SSH capabilities to the server has a profile registered with UFW, we will be using that as an example.
You can see the list by running:
ufw app list
You should see an output similar to
Available applications:
OpenSSH
We now need to allow SSH connections through the firewall so that we can login to the server the next time. We do this by typing:
ufw allow OpenSSH
We can now enable the firewall by running:
ufw enable
Type y
and press ENTER
to proceed.
You can see the status of the firewall by running the following command:
ufw status
You should see the following output:
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
The Firewall is now blocking all connections except SSH so if you have any more services, make sure you configure those too. You can refer the UFW Essentials guide by DigitalOcean for more UFW operations.
Step 5 - Enable External Access for new User
The process for configuring SSH access for your new user depends on whether your server’s root account uses a password or SSH keys for authentication.
If the Account uses Password Authentication
If you logged in to your root account using a password, then password authentication is enabled for SSH. You can SSH to your new user account by opening up a new terminal session and using SSH with your new username:
ssh <username>@<your_server_ip>
After entering your regular user’s password, you’ll be logged into your account. If you need to run a command with administrative rights, you need to append sudo
to the start of your command like so:
sudo <command_to_be_run>
You will be prompted for your password for the first time in each session when you run a command with sudo
I do recommend setting up SSH Keys for authentication instead of password authentication. You can Follow DigitalOcean’s excellent guide on how to do that, here.
If the Account uses SSH Key Authentication
If you logged in to your root account using SSH keys, then password authentication is disabled for SSH. You will need to add a copy of your local public key to the new user’s ~/.ssh/authorized_keys
file to log in successfully.
Since your public key is already in the root account’s ~/.ssh/authorized_keys
file on the server, we can copy that file and directory structure to our new user account in our existing session.
rsync --archive --chown=<username>:<username> ~/.ssh /home/<username>
Note: The rsync command treats sources and destinations that end with a trailing slash differently than those without a trailing slash. When using rsync below, be sure that the source directory (~/.ssh
) does not include a trailing slash (check to make sure you are not using~/.ssh/
).
Step 6 - Install Docker Engine for Ubuntu
Uninstall Existing Versions:
sudo apt-get remove docker docker-engine docker.io containerd runc
It’s OK if apt-get reports that none of these packages are installed.
Setup the Repository:
Update the apt
package index and install packages to allow apt to use a repository over HTTPS
sudo apt-get update
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
Add Docker’s official GPG key:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Configure the repository for the stable version of docker:
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
Install Docker Engine:
Update the apt
package index, and install the latest version of Docker Engine and containerd:
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
Add your user to the docker group:
WARNING!
Thedocker
group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.
sudo usermod -aG docker $USER
Log out and log back in so that your group membership is re-evaluated.
Verify that you can run docker without sudo
docker run hello-world
Configure Docker to start on boot
sudo systemctl enable docker
Come back next week for Part 2 of this series where we will continue setting up our management services and edge routers.
Member discussion