= Server setup == Setup scripts `ssh` as `root`: [source,bash] ---- ssh root@SERVER_NAME ---- Run the following (as root): [source,bash] ---- # Install needed packages apt update apt install sudo python3 git -y # Add a sudo user with the name 'admin' sudo useradd admin sudo usermod -aG sudo admin sudo mkhomedir_helper admin # Enter a new password for 'admin' sudo passwd admin # Break the SSH connection exit ---- `ssh` again with the new user `admin` and password: [source,bash] ---- ssh admin@SERVER_NAME ---- Clone the repository with `git clone` into `/home/admin/advlabdb`. Then `cd` into the new cloned repository: [source,bash] ---- cd ~/advlabdb ---- [source,bash] ---- cp advlabdb/scripts/setup/advlabdb.conf.template advlabdb/scripts/setup/advlabdb.conf ---- Change `server_name` in `advlabdb/scripts/setup/advlabdb.conf` to your SERVER_NAME. [source,bash] ---- cp .env.template .env ---- Generate secrets for `.env`: [source,bash] ---- python3 advlabdb/scripts/setup/generate_secrets.py ---- Fill the secrets generated using the last script into `.env`. Enter your SERVER_NAME in `.env`. List all available timezones: [source,bash] ---- sudo timedatectl list-timezones ---- Choose your timezone and enter it as showed while listing as your timezone using this command (with Europe/Berlin as example): [source,bash] ---- sudo timedatectl set-timezone Europe/Berlin ---- Edit the file `/etc/hostname` with `sudo` such that its content is only your SERVER_NAME. Edit the file `/etc/hosts` with `sudo` such that the first two lines are: [source,bash] ---- 127.0.0.1 localhost 127.0.1.1 SERVER_NAME SERVER_NAME_WITHOUT_DOMAIN ---- Run server setup script: [source,bash] ---- python3 advlabdb/scripts/setup/server_setup.py ---- After reboot: [source,bash] ---- cd ~/advlabdb poetry run python3 -m advlabdb.scripts.setup.init_database sudo systemctl restart gunicorn ---- Now go to your SERVER_NAME from the browser. == Stop ssh to root // TODO: Add blocking password access IMPORTANT: This step is important for security! Change ---- PermitRootLogin yes ---- to ---- PermitRootLogin no ---- ---- #PasswordAuthentication yes ---- to ---- PasswordAuthentication no ---- ---- X11Forwarding yes ---- to ---- X11Forwarding no ---- in the config file `/etc/ssh/sshd_config`