= Server setup == Server specifications The setup was tested on Debian 11.3. The setup should work on other Debian based Linux distributions. For distributions not based on Debian, some modifications might be necessary in the setup script `server_setup.py`. Two CPU cores should be more than enough. The needed disk space depends on the database size after long usage. == Setup . Root setup .. `ssh` as `root`: + [source,bash] ---- ssh root@SERVER_NAME ---- .. Run the following (as root): + [source,bash] ---- # Install needed packages apt update apt install sudo python3 git -y # Add a sudo user with the name 'admin' sudo useradd admin sudo usermod -aG sudo admin sudo mkhomedir_helper admin # Enter a new password for 'admin' sudo passwd admin # Break the SSH connection exit ---- . Admin setup .. `ssh` again with the new user `admin` and password: + [source,bash] ---- ssh admin@SERVER_NAME ---- .. Clone the repository with `git clone` into `/home/admin/advlabdb`. .. `cd` into the new cloned repository: + [source,bash] ---- cd ~/advlabdb ---- .. Nginx configuration ... Copy the template for the Nginx configuration: + [source,bash] ---- cp advlabdb/scripts/setup/advlabdb.conf.template advlabdb/scripts/setup/advlabdb.conf ---- ... Change `server_name` in `advlabdb/scripts/setup/advlabdb.conf` to your SERVER_NAME. .. Environment variables ... Copy the template for the environment variables: + [source,bash] ---- cp .env.template .env ---- ... Generate secrets for `.env`: + [source,bash] ---- python3 advlabdb/scripts/setup/generate_secrets.py ---- ... Fill the secrets generated using the last script into `.env`. ... Enter your SERVER_NAME in `.env`. .. Timezone ... List all available timezones: + [source,bash] ---- sudo timedatectl list-timezones ---- ... Choose your timezone and enter it as showed while listing as your timezone using this command (with Europe/Berlin as example): + [source,bash] ---- sudo timedatectl set-timezone Europe/Berlin ---- .. Edit the file `/etc/hostname` with `sudo` such that its content is only your SERVER_NAME. .. Edit the file `/etc/hosts` with `sudo` such that the first two lines are: + [source,bash] ---- 127.0.0.1 localhost 127.0.1.1 SERVER_NAME SERVER_NAME_WITHOUT_DOMAIN ---- .. Run the server setup script: + [source,bash] ---- python3 advlabdb/scripts/setup/server_setup.py ---- .. The setup script will cause the server to reboot at the end. After the reboot ssh again: + [source,bash] ---- ssh admin@SERVER_NAME ---- .. Change working directory to the repository: + [source,bash] ---- cd ~/advlabdb ---- .. Run database initialization script: + [source,bash] ---- poetry run python3 -m advlabdb.scripts.setup.init_database ---- .. Restart the gunicorn service: + [source,bash] ---- sudo systemctl restart gunicorn ---- .. *Done!* Now go to your SERVER_NAME using a browser to verify that everything is working. == SSH configuration IMPORTANT: This section is important for security! === SSH key For the authentication using SSH, generate a SSH key pair on your _own machine_ (not on the server) and upload the public key to the server using the command `ssh-copy-id`: [source,bash] ---- ssh-copy-id -i KEY.pub admin@SERVER_NAME ---- === SSH configuration file On the server, open the file `/etc/ssh/sshd_config` with in an editor like `nano` or `vim` with `sudo`, then do the following: . Disable login to root + Change + ---- PermitRootLogin yes ---- + to + ---- PermitRootLogin no ---- . Disable login with password + WARNING: Make sure that you did upload your public key to the server for the SSH authentication! Otherwise, you will not be able to login to the server after this change. + Change + ---- #PasswordAuthentication yes ---- + to + ---- PasswordAuthentication no ---- . Disable X11Forwarding + Change + ---- X11Forwarding yes ---- + to + ---- X11Forwarding no ----