Additional Recommendations for New Servers - Ubuntu

Difficulty: 1
Time: 10 minutes

After you’ve set up your server, there a few other steps we recommend to ensure its security make sure your server’s secure and works like you’d expect.

These steps are optional, but they’re the kind of things that seasoned admins always take care of.

Set up a basic firewall

Creating a firewall protects your server from malicious traffic that can lead to security issues or degraded performance due to floods of traffic, such as DDoS attacks.

Ubuntu includes a firewall called ufw, which we'll use.

Create firewall rules

By default, firewalls block all traffic, so you have to define exceptions - that is: the traffic you want to let in.

  1. Create an exception so you can connect to your server through SSH:
    sudo ufw allow 22/tcp

    Note: If you've changed your default SSH port, replace 22 with your port number.

  2. Open any of the following ports based on which services you need:
    You want to enable... Run this command
    Web server (HTTP) traffic
    sudo ufw allow 80/tcp
    Web server & SSL (HTTPS) traffic
    sudo ufw allow 443/tcp
    Outgoing email (SMTP)
    sudo ufw allow 25/tcp
  3. Review your exceptions:
    sudo ufw show listening
    The ufw show listening command lists your configured firewall rules in human-readable format, even when your firewall is inactive.

Enable the firewall

Now that you've created your rules, you need to turn the firewall on.

  1. If the ufw show listening command lists all the rules you want, enable your firewall:
    sudo ufw enable
  2. At the prompt, enter y to continue. This entry applies your exceptions, blocks all other traffic, and configures your firewall to start automatically at startup.

If you configure additional services later, make sure to open their respective ports.

Synchronize Network Time Protocol (NTP)

When different computer or server programs with out-of-sync clocks communicate with each other, switching between these systems can cause the time to jump back and forth. This can cause undesirable effects such as incorrect timestamps on emails or logs.

Fortunately, you can solve this problem simply by using Network Time Protocol (NTP) synchronization.

Configure time zone

  1. Set your server's time zone by reconfiguring the tzdata package. tzdata (time zone database) is a public-domain time zone database maintained by a global network of NTP servers.
    sudo dpkg-reconfigure tzdata
    The package configuration window displays.
  2. Use the Up and Down arrow keys on the keyboard to find your geographic area (which are continents and oceans). Find the region/geographic area of your server, and then select OK.
    Warning: For North America, select America (the second option). Note that US (the option before None of the above) stands for "Use System V style time zones," not for "United States."
  3. In the next menu, select the city or region of your time zone, and then select OK.
  4. Your system updates to your selected timezone:
    Current default time zone: 'America/Vancouver'
    Local time is now: Mon Jul 10 13:00:10 PST 2015.
    Universal Time is now: Mon Jul 10 20:00:10 UTC 2015.

Configure NTP synchronization

Next, configure your NTP. NTP is an Internet protocol that synchronizes time of computer clocks across the Internet and helps to determine when events happened between systems. A client requests the current time from an NTP server and then uses the server's response to set its own clock. Afterward, your computer is accurately synced with networked time servers.

  • Install the NTP daemon:
    sudo apt-get install ntp

NTP synchronization is now active on your server. Your system adjusts the time throughout the day to match up with global NTP servers.

Next steps

If you like this configuration, you can take a server snapshot to use as a guide for setting up future installations.

Also, consider adding swap space. Adding swap space is an easy way to increase cloud server performance and is particularly helpful if you host databases on your system.

Oliko tästä artikkelista hyötyä?
Thanks for your feedback. To speak with a customer service representative, please use the support phone number or chat option above.
Kiva, että meistä oli apua. Voimmeko tehdä jotain muuta?
Olen pahoillani asiasta. Tell us what was confusing or why the solution didn’t solve your problem.