/test

Permalink
Switch branches/tags
Nothing to show
Find file
test/ubuntu.md
Fetching contributors…
Cannot retrieve contributors at this time
Raw Blame History
344 lines (270 sloc) 6.88 KB

Ubuntu

Install Ubuntu 16.04.2 Server 64-bit.

Boot

Modify /etc/default/grub.

GRUB_TIMEOUT=1
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

Update configuration with update-grub.

System

Configure hostname.

echo "linux" > /etc/hostname

Write /etc/hosts.

127.0.0.1       localhost
10.0.0.2        ubuntu.local  ubuntu

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Modify /etc/network/interfaces.

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
  address 10.0.0.2
  netmask 255.255.255.0
  gateway 10.0.0.1
  dns-nameservers 10.0.0.1 8.8.8.8
  dns-search local

Write /etc/ssh/sshd_config.

# Network
Port 22
AddressFamily inet
ListenAddress 0.0.0.0

# Version
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
UsePrivilegeSeparation sandbox
UseDNS no

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication
LoginGraceTime 120
PermitRootLogin prohibit-password
PermitEmptyPasswords no
StrictModes yes
IgnoreRhosts yes
PubkeyAuthentication yes
PasswordAuthentication yes
RhostsRSAAuthentication no
HostbasedAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
RSAAuthentication no
UsePAM yes

# Options
X11Forwarding no
PrintMotd no
Banner none
TCPKeepAlive yes
UseLogin no

# Environment
AcceptEnv LANG LC_*

# Subsystem
Subsystem sftp /usr/lib/openssh/sftp-server

Create a new 2048 bit RSA key and restart sshd(8).

ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_rsa_key

Modify /etc/pam.d/sshd.

#session    optional     pam_motd.so motd=/run/motd.dynamic
#session    optional     pam_motd.so noupdate

Modify /etc/fstab (keep existing UUIDs or use blkid output).

# <file system>                           <mount point>   <type>  <options>                 <dump>  <pass>
UUID=00000000-0000-0000-0000-000000000000 /               ext4    errors=remount-ro         0       1
UUID=00000000-0000-0000-0000-000000000000 none            swap    sw                        0       0
proc                                      /proc           proc    defaults,hidepid=1        0       0

Modify /etc/systemd/system.conf.

DefaultTimeoutStartSec=10s
DefaultTimeoutStopSec=10s

Reboot the system.

reboot

Updates

Update system.

apt update
apt upgrade
apt dist-upgrade
apt autoremove
apt clean

Packages

Install packages.

apt install apt-file p7zip-full p7zip-rar zip unzip tmux tree htop sharutils

Execute EDITOR=vim visudo.

# Locale settings.
Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"

# Profile settings.
Defaults env_keep += "MM_CHARSET EDITOR PAGER CLICOLOR LSCOLORS TMUX SESSION"

# User privilege specification.
root  ALL=(ALL) ALL
%sudo ALL=(ALL) NOPASSWD: ALL

# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d

Install neovim.

sudo add-apt-repository ppa:neovim-ppa/stable
sudo apt update
sudo apt upgrade
sudo apt install neovim

Development

Install packages.

apt install git subversion build-essential ninja-build nasm nodejs npm openjdk-8-jdk-headless
ln -s /usr/bin/nodejs /usr/bin/node

Install CMake.

wget https://cmake.org/files/v3.8/cmake-3.8.2-Linux-x86_64.tar.gz
mkdir /opt/cmake
tar xvzf cmake-3.8.2-Linux-x86_64.tar.gz -C /opt/cmake --strip-components 1

Install LLVM.

src=tags/RELEASE_401/final
svn co http://llvm.org/svn/llvm-project/llvm/$src llvm && \
svn co http://llvm.org/svn/llvm-project/cfe/$src llvm/tools/clang && \
svn co http://llvm.org/svn/llvm-project/clang-tools-extra/$src llvm/tools/clang/tools/extra && \
svn co http://llvm.org/svn/llvm-project/libcxx/$src llvm/projects/libcxx && \
svn co http://llvm.org/svn/llvm-project/libcxxabi/$src llvm/projects/libcxxabi && \
svn co http://llvm.org/svn/llvm-project/compiler-rt/$src llvm/projects/compiler-rt && \
echo "llvm: ${src}"

mkdir llvm/build && cd llvm/build
cmake -GNinja \
  -DCMAKE_BUILD_TYPE=Release \
  -DCMAKE_INSTALL_PREFIX="/opt/llvm" \
  -DLLVM_TARGETS_TO_BUILD="X86" \
  -DLLVM_EXPERIMENTAL_TARGETS_TO_BUILD="WebAssembly" \
  -DLLVM_INCLUDE_EXAMPLES=OFF \
  -DLLVM_INCLUDE_TESTS=OFF \
  -DLLVM_ENABLE_WARNINGS=OFF \
  -DLLVM_ENABLE_PEDANTIC=OFF \
  -DCLANG_DEFAULT_CXX_STDLIB="libc++" \
  -DCLANG_INCLUDE_TESTS=OFF \
  -DLIBCXX_ENABLE_FILESYSTEM=ON \
  -DLIBCXX_ENABLE_SHARED=OFF \
  -DLIBCXX_ENABLE_STATIC=ON \
  -DLIBCXX_ENABLE_STATIC_ABI_LIBRARY=ON \
  -DLIBCXX_INSTALL_EXPERIMENTAL_LIBRARY=ON \
  -DLIBCXXABI_ENABLE_SHARED=OFF \
  -DLIBCXXABI_ENABLE_STATIC=ON \
  ..
time cmake --build .
sudo cmake --build . --target install

DHCP Server

Install ISC DHCP server.

apt install isc-dhcp-server

Write /etc/dhcp/dhcpd.conf.

# ISC DHCP Configuration
ddns-update-style none;
option domain-name "local";

default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;

subnet 10.0.0.0 netmask 255.255.255.0 {
  range 10.0.0.101 10.0.0.200;
}

Write /etc/default/isc-dhcp-server.

# ISC DHCP Settings
INTERFACES="eth0"

Enable the service with systemctl enable isc-dhcp-server.

Web Server

Install Nginx.

apt install nginx

Write /etc/nginx/nginx.conf.

# Nginx Configuration
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
  worker_connections 768;
  #multi_accept on;
}

http {
  # Basic Settings
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  #server_tokens off;

  #server_names_hash_bucket_size 64;
  #server_name_in_redirect off;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  # SSL Settings
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;  # Dropping SSLv3, ref: POODLE
  ssl_prefer_server_ciphers on;

  # Logging Settings
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  # Gzip Settings
  gzip on;
  gzip_disable "msie6";

  #gzip_vary on;
  #gzip_proxied any;
  #gzip_comp_level 6;
  #gzip_buffers 16 8k;
  #gzip_http_version 1.1;
  #gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

  # HTTP Host
  server {
    listen 80;
    server_name 0.0.0.0;

    root /opt/html;
    index index.html;
    expires -1;

    location ~ ^/(favicon.ico|robots.txt) {
      access_log off;
    }

    location /ws {
      proxy_pass http://127.0.0.1:8080;
      proxy_intercept_errors on;
      proxy_http_version 1.1;
      proxy_read_timeout 240;
      proxy_set_header Connection "upgrade";
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
  }
}

Enable service with systemctl enable nginx.