GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mrmierzejewski → Ansible Bootstrap Ubuntu

mrmierzejewski / Ansible Bootstrap Ubuntu

Ansible scripts for bootstrapping and securing an Ubuntu server (locale, fail2ban, firewall, lock down sudo, prevent root and password login, ...)

Labels

nginx

Projects that are alternatives of or similar to Ansible Bootstrap Ubuntu

Nginx Vod Module
NGINX-based MP4 Repackager
Stars: ✭ 1,378 (+1098.26%)
Mutual labels:  nginx
Nginx Php Fpm
Nginx and php-fpm for dockerhub builds
Stars: ✭ 1,419 (+1133.91%)
Mutual labels:  nginx
Nginx Lua Redis Rate Measuring
A lua library to provide distributed rate measurement using nginx + redis, you can use it to do a throttling system within many nodes.
Stars: ✭ 109 (-5.22%)
Mutual labels:  nginx
Docker Laravel
🐳 Docker Images for Laravel development
Stars: ✭ 101 (-12.17%)
Mutual labels:  nginx
Dockerfiles
Collection of my Dockerfiles for many open-source projects
Stars: ✭ 104 (-9.57%)
Mutual labels:  nginx
Libvirt K8s Provisioner
Automate your k8s installation
Stars: ✭ 106 (-7.83%)
Mutual labels:  nginx
Wordpressify
🎈 A build system designed to automate your WordPress development workflow.
Stars: ✭ 1,374 (+1094.78%)
Mutual labels:  nginx
Knowledge
文档着重构建一个完整的「前端技术架构图谱」,方便 F2E(Front End Engineering又称FEE、F2E) 学习与进阶。
Stars: ✭ 1,620 (+1308.7%)
Mutual labels:  nginx
Rtapi
Real time API latency analyzer - Create a PDF report and HDR histogram of your APIs
Stars: ✭ 106 (-7.83%)
Mutual labels:  nginx
Certidude
Easy to use Certificate Authority web service for OpenVPN, StrongSwan and HTTPS
Stars: ✭ 108 (-6.09%)
Mutual labels:  nginx
Docker Gunicorn Nginx
An experimental docker setup for Python / Gunicorn / Nginx stack
Stars: ✭ 103 (-10.43%)
Mutual labels:  nginx
Advanced Nginx
nginx的基础操作与总结、HTTP缓存、OpenSSL
Stars: ✭ 104 (-9.57%)
Mutual labels:  nginx
Docker Nginx Brotli
Stable nginx with google brotli compression module
Stars: ✭ 107 (-6.96%)
Mutual labels:  nginx
Production Ready Expressjs Server
Express.js server that implements production-ready error handling and logging following latest best practices.
Stars: ✭ 101 (-12.17%)
Mutual labels:  nginx
Docker Nginx Postgres Django Example
Example using Docker, Django, multiple Postgres databases, NginX, Gunicorn, pipenv, GitLab CI and tox.
Stars: ✭ 110 (-4.35%)
Mutual labels:  nginx
One Sys
聚合koa2+pm2+vue-cli+element+axios的前后端一体开发脚手架
Stars: ✭ 102 (-11.3%)
Mutual labels:  nginx
Protocol Fcgi
FastCGI (FCGI) Protocol implementation for PHP
Stars: ✭ 106 (-7.83%)
Mutual labels:  nginx
Pyblog
Pyblog 是一个简单易用的在线 Markdown 博客系统,它使用 Python 的 flask 架构,理论上支持所有 flask-sqlalchemy 所能支持的数据库。 编辑器使用的是 editor.md。当前版本(v2.0)支持且仅支持 python3! Python 的 Markdown to HTML 编译器使用的是 Mistune! Just so!
Stars: ✭ 113 (-1.74%)
Mutual labels:  nginx
Docker Nginx Basic Auth
🔐 Simple Docker image for basic authentication
Stars: ✭ 111 (-3.48%)
Mutual labels:  nginx
Ingress Nginx
NGINX Ingress Controller for Kubernetes
Stars: ✭ 11,732 (+10101.74%)
Mutual labels:  nginx
View All Similar Projects ➔

Boostrapping and securing an Ubuntu server

This repository contains Ansible scripts for bootstrapping and securing an Ubuntu server. Scripts have been tested on Ubuntu 14.04 hosted on RunAbove and DigitalOcean.

The included tasks are following:

  • Update and upgrade Ubuntu packages via apt-get
  • Configure locale
  • Install ntp to synchronize time
  • Install vim and mc (my personal preference)
  • Install fail2ban to block ssh brute-force attempts
  • Delete root password
  • Lock down sudo
  • Lock down ssh to prevent root and password login
  • Setup the ufw firewall
  • Configure unattended security upgrades
  • Install collectd deamon and collect-web front-end client (optionally)
  • Create users (optionally)

Ansible

First of all, install the latest version of Ansible, in Ubuntu:

$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible

Clone scripts

Next, clone this repository:

$ git clone https://github.com/zenzire/ansible-bootstrap-ubuntu.git

Configuration files

Copy sample configuration files:

$ cp hosts.sample hosts
$ cp group_vars/server.yml.sample group_vars/server.yml

Edit configuration files (hosts and group_vars/server.yml) with your own configuration.

Prerequisites for RunAbove hosting

Set password for admin user and add this user to sudoers group.

$ ansible-playbook user.yml

Enter username: admin
Enter password: 
confirm Enter password: 
Enter id_rsa.pub path [~/.ssh/id_rsa.pub]: 
Add user to sudoers group (y/n) [n]: y

Prerequisites for DigitalOcean hosting

Create admin user and add this user to sudoers group.

$ ansible-playbook user.yml --user root

Enter username: admin
Enter password: 
confirm Enter password: 
Enter id_rsa.pub path [~/.ssh/id_rsa.pub]: 
Add user to sudoers group (y/n) [n]: y

Script execution

Finally, execute bootstrap Ansible task for admin user:

$ ansible-playbook bootstrap.yml --ask-sudo
sudo password:

Reboot

After successfully bootstrapping and securing your server, reboot server for kernel updates.

$ ansible-playbook reboot.yml --ask-sudo
sudo password: 
Are you sure you want to reboot server (yes/no)? [no]: yes

Collectd

Also you can install collectd, deamon which collects system performance statistics periodically and collectd-web, web-based front-end for data collected by collectd.

$ ansible-playbook collectd.yml --ask-sudo

Users

You can add new user or update the existing one using the following script:

$ ansible-playbook user.yml --ask-sudo

License

Released under the MIT License, Copyright (c) 2015 - Marcin Mierzejewski

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].