Cloud Init Script to Set-up Server
Published on
Add this script to Cloud-init field while provisioning your VPS. Most cloud providers support this.
This script will do following stuff:
- disable the root user
- disable password authentication for SSH
- update and upgrade ubuntu packages
- create a new user named “ubuntu” add given public SSH key as
authorized_keyfor the user - Install and setup:
- Ufw: a firewall with open ports 22, 80 and 443
- fail2ban: to protect against brute-force login attempt
- unattended-upgrades: to upgrade ubuntu packages
- docker
#cloud-config
disable_root: true
ssh_pwauth: false
package_update: true
package_upgrade: true
timezone: Etc/UTC
system_info:
default_user:
ssh_authorized_keys: []
lock_passwd: true
packages:
- ufw
- fail2ban
- unattended-upgrades
runcmd:
- echo $(date) > /start
- passwd -l root
- sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
- systemctl restart sshd
- ufw default deny incoming
- ufw default allow outgoing
- ufw allow 22/tcp
- ufw allow 80/tcp
- ufw allow 443/tcp
- ufw --force enable
- systemctl enable fail2ban
- systemctl start fail2ban
- unattended-upgrade
- curl -fsSL https://get.docker.com | sh
- groupadd docker
- usermod -aG docker ubuntu
- echo $(date) > /end
users:
- name: ubuntu
lock_passwd: true
ssh_authorized_keys:
- YOUR_SSH_PUBLIC_KEY
sudo: ALL=(ALL) NOPASSWD:ALL
groups: sudo
shell: /bin/bash