it-artikel:linux:how-to-install-ubuntu-server-2004-lts-with-bridged-interfaces
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
it-artikel:linux:how-to-install-ubuntu-server-2004-lts-with-bridged-interfaces [2022-09-01 11:24] – [sshguard - Installation and configuration:] axel.werner.1973@gmail.com | it-artikel:linux:how-to-install-ubuntu-server-2004-lts-with-bridged-interfaces [2022-11-02 15:47] (current) – axel.werner.1973@gmail.com | ||
---|---|---|---|
Line 43: | Line 43: | ||
- Use manual (fixed ip) network configuration for servers right from the beginning | - Use manual (fixed ip) network configuration for servers right from the beginning | ||
- install updates as soon as possible < | - install updates as soon as possible < | ||
+ | - **FOR VMs ONLY:** If this installation is a virtual machine on some hypervisor don't forget to install the "guest drivers" | ||
+ | |||
+ | # Pick one, only one! | ||
+ | |||
+ | apt install -y qemu-guest-agent # for proxmox qemu kvm VMs | ||
+ | |||
+ | # or | ||
+ | apt install -y virtualbox-guest-utils # for VMs on Virtualbox | ||
+ | |||
+ | # or | ||
+ | apt install -y open-vm-tools # i wouldn' | ||
+ | |||
+ | </ | ||
- Install generic useful tools early:< | - Install generic useful tools early:< | ||
- Edit bootloader " | - Edit bootloader " | ||
Line 874: | Line 887: | ||
- On ubuntu Server out of the box Apache has been enabled to look and serve pages and files from within the **/ | - On ubuntu Server out of the box Apache has been enabled to look and serve pages and files from within the **/ | ||
- :!: **IMPORTANT: | - :!: **IMPORTANT: | ||
- | - Now for PHP cont/ | + | - Now for PHP content |
cat << " | cat << " | ||
<?php phpinfo(); ?> | <?php phpinfo(); ?> | ||
Line 1323: | Line 1336: | ||
- | ===== FIXME: ===== | + | ===== Setting up ' |
- | FIXME | + | UBUNTU comes with some ' |
+ | - Install ' | ||
+ | apt install -y unattended-upgrades | ||
+ | </ | ||
+ | - Replace the default configuration file that comes with ' | ||
+ | cat << ' | ||
+ | // Automatically upgrade packages from these (origin: | ||
+ | // | ||
+ | // Note that in Ubuntu security updates may pull in new dependencies | ||
+ | // from non-security sources (e.g. chromium). By allowing the release | ||
+ | // pocket these get automatically pulled in. | ||
+ | Unattended-Upgrade:: | ||
+ | " | ||
+ | " | ||
+ | // Extended Security Maintenance; | ||
+ | // every release and this system may not have it installed, but if | ||
+ | // available, the policy for updates is such that unattended-upgrades | ||
+ | // should also install from here by default. | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | // | ||
+ | // | ||
+ | }; | ||
+ | |||
+ | // Python regular expressions, | ||
+ | Unattended-Upgrade:: | ||
+ | // The following matches all packages starting with linux- | ||
+ | // " | ||
+ | |||
+ | // Use $ to explicitely define the end of a package name. Without | ||
+ | // the $, " | ||
+ | // " | ||
+ | // " | ||
+ | // " | ||
+ | |||
+ | // Special characters need escaping | ||
+ | // " | ||
+ | |||
+ | // The following matches packages like xen-system-amd64, | ||
+ | // xenstore-utils and libxenstore3.0 | ||
+ | // " | ||
+ | |||
+ | // For more information about Python regular expressions, | ||
+ | // https:// | ||
+ | }; | ||
+ | |||
+ | // This option controls whether the development release of Ubuntu will be | ||
+ | // upgraded automatically. Valid values are " | ||
+ | Unattended-Upgrade:: | ||
+ | |||
+ | // This option allows you to control if on a unclean dpkg exit | ||
+ | // unattended-upgrades will automatically run | ||
+ | // dpkg --force-confold --configure -a | ||
+ | // The default is true, to ensure updates keep getting installed | ||
+ | Unattended-Upgrade:: | ||
+ | |||
+ | // Split the upgrade into the smallest possible chunks so that | ||
+ | // they can be interrupted with SIGTERM. This makes the upgrade | ||
+ | // a bit slower but it has the benefit that shutdown while a upgrade | ||
+ | // is running is possible (with a small delay) | ||
+ | Unattended-Upgrade:: | ||
+ | |||
+ | // Install all updates when the machine is shutting down | ||
+ | // instead of doing it in the background while the machine is running. | ||
+ | // This will (obviously) make shutdown slower. | ||
+ | // Unattended-upgrades increases logind' | ||
+ | // This allows more time for unattended-upgrades to shut down gracefully | ||
+ | // or even install a few packages in InstallOnShutdown mode, but is still a | ||
+ | // big step back from the 30 minutes allowed for InstallOnShutdown previously. | ||
+ | // Users enabling InstallOnShutdown mode are advised to increase | ||
+ | // InhibitDelayMaxSec even further, possibly to 30 minutes. | ||
+ | // | ||
+ | |||
+ | // Send email to this address for problems or packages upgrades | ||
+ | // If empty or unset then no email is sent, make sure that you | ||
+ | // have a working mail setup on your system. A package that provides | ||
+ | // ' | ||
+ | Unattended-Upgrade:: | ||
+ | |||
+ | // Set this value to one of: | ||
+ | // " | ||
+ | // If this is not set, then any legacy MailOnlyOnError (boolean) value | ||
+ | // is used to chose between " | ||
+ | Unattended-Upgrade:: | ||
+ | |||
+ | // Remove unused automatically installed kernel-related packages | ||
+ | // (kernel images, kernel headers and kernel version locked tools). | ||
+ | // | ||
+ | |||
+ | // Do automatic removal of newly unused dependencies after the upgrade | ||
+ | Unattended-Upgrade:: | ||
+ | |||
+ | // Do automatic removal of unused packages after the upgrade | ||
+ | // (equivalent to apt-get autoremove) | ||
+ | Unattended-Upgrade:: | ||
+ | |||
+ | // Automatically reboot *WITHOUT CONFIRMATION* if | ||
+ | // the file / | ||
+ | Unattended-Upgrade:: | ||
+ | |||
+ | // Automatically reboot even if there are users currently logged in | ||
+ | // when Unattended-Upgrade:: | ||
+ | Unattended-Upgrade:: | ||
+ | |||
+ | // If automatic reboot is enabled and needed, reboot at the specific | ||
+ | // time instead of immediately | ||
+ | // Default: " | ||
+ | // | ||
+ | |||
+ | // Use apt bandwidth limit feature, this example limits the download | ||
+ | // speed to 70kb/sec | ||
+ | // | ||
+ | |||
+ | // Enable logging to syslog. Default is False | ||
+ | Unattended-Upgrade:: | ||
+ | |||
+ | // Specify syslog facility. Default is daemon | ||
+ | // Unattended-Upgrade:: | ||
+ | |||
+ | // Download and install upgrades only on AC power | ||
+ | // (i.e. skip or gracefully stop updates on battery) | ||
+ | // Unattended-Upgrade:: | ||
+ | |||
+ | // Download and install upgrades only on non-metered connection | ||
+ | // (i.e. skip or gracefully stop updates on a metered connection) | ||
+ | // Unattended-Upgrade:: | ||
+ | |||
+ | // Verbose logging | ||
+ | // Unattended-Upgrade:: | ||
+ | |||
+ | // Print debugging information both in unattended-upgrades and | ||
+ | // in unattended-upgrade-shutdown | ||
+ | // Unattended-Upgrade:: | ||
+ | |||
+ | // Allow package downgrade if Pin-Priority exceeds 1000 | ||
+ | // Unattended-Upgrade:: | ||
+ | |||
+ | // When APT fails to mark a package to be upgraded or installed try adjusting | ||
+ | // candidates of related packages to help APT's resolver in finding a solution | ||
+ | // where the package can be upgraded or installed. | ||
+ | // This is a workaround until APT's resolver is fixed to always find a | ||
+ | // solution if it exists. (See Debian bug #711128.) | ||
+ | // The fallback is enabled by default, except on Debian' | ||
+ | // uninstallable packages are frequent there. | ||
+ | // Disabling the fallback speeds up unattended-upgrades when there are | ||
+ | // uninstallable packages at the expense of rarely keeping back packages which | ||
+ | // could be upgraded or installed. | ||
+ | // Unattended-Upgrade:: | ||
+ | |||
+ | EOF | ||
+ | </ | ||
+ | - Check and enable Service if nessesary: < | ||
+ | |||
+ | systemctl status unattended-upgrades | ||
+ | |||
+ | systemctl enable --now unattended-upgrades | ||
+ | |||
+ | </ | ||
+ | - This should automatically update/ | ||
+ | - To test run it manually in verbose mode:< | ||
+ | unattended-upgrades --verbose | ||
+ | </ | ||
===== Mailserver MTA installation and configuration for status mails: ===== | ===== Mailserver MTA installation and configuration for status mails: ===== | ||
+ | Without any installed MTA local status mails or error messages stay within the local server and cannot be externaly retreived. | ||
+ | |||
+ | Because i like my Linux Servers to be able to send and receive Emails via SMTP i usually install the Postfix MTA and some additional IMAP/ | ||
+ | |||
+ | This is how i usually do it: | ||
+ | |||
+ | |||
+ | - Since Google Mail / GMAIL let us down on **SMTP AUTH** and in 2022 **oauth2** is not yet supported with postfix out of the box, we need to use a more classic free email provider service, that still supports plain simple **SMTP AUTH** to send at least " | ||
+ | - Install Postfix MTA and Mailutils: < | ||
+ | apt install -y postfix mailutils libsasl2-modules sasl2-bin swaks vim | ||
+ | </ | ||
+ | - Reconfigure Postfix using the **postconf** command like this: < | ||
+ | |||
+ | postconf " | ||
+ | postconf " | ||
+ | postconf " | ||
+ | postconf " | ||
+ | postconf " | ||
+ | postconf " | ||
+ | postconf " | ||
+ | |||
+ | postconf ' | ||
+ | postconf ' | ||
+ | postconf ' | ||
+ | |||
+ | postconf ' | ||
+ | postconf ' | ||
+ | postconf ' | ||
+ | postconf ' | ||
+ | |||
+ | systemctl restart postfix | ||
+ | systemctl status postfix | ||
+ | |||
+ | |||
+ | </ | ||
+ | - Store your SMTP AUTH login credentials for the mail relay: < | ||
+ | |||
+ | # NOTE THE LEADING SPACE in the next line! | ||
+ | # Prevents it from being saved in bash history | ||
+ | echo ' | ||
+ | chmod 600 / | ||
+ | |||
+ | postmap hash:/ | ||
+ | |||
+ | </ | ||
+ | - Set the destination email address for the **root** account: < | ||
+ | |||
+ | echo "root: axel.werner.1973@gmail.com" | ||
+ | |||
+ | newaliases | ||
+ | |||
+ | </ | ||
+ | * You can check the outbound mailqueue with mailq to see if the mail is still pending. Or you can watch the logs “live” like this: < | ||
+ | |||
+ | tail -n0 -f / | ||
+ | |||
+ | </ | ||
+ | - Test sending Email to local recipient:< | ||
+ | echo "local testmail to ROOT" | mail -s "test email from $HOSTNAME to root user" root | ||
+ | |||
+ | </ | ||
+ | - Test sending Email to external recipient:< | ||
+ | echo " | ||
+ | |||
+ | </ | ||
+ | - FIXME:< | ||
FIXME | FIXME | ||
+ | </ | ||
+ | - FIXME:< | ||
+ | FIXME | ||
+ | </ | ||
+ | - FIXME:< | ||
+ | FIXME | ||
+ | </ | ||
+ | - FIXME:< | ||
+ | FIXME | ||
+ | </ | ||
+ | - FIXME:< | ||
+ | FIXME | ||
+ | </ | ||
+ | |||
===== FIXME: ===== | ===== FIXME: ===== |
it-artikel/linux/how-to-install-ubuntu-server-2004-lts-with-bridged-interfaces.1662031445.txt.gz · Last modified: 2022-09-01 11:24 by axel.werner.1973@gmail.com