- Start with a headless Debian install:
- use defaults
- note root password
- note non-admin username & password
- don't select a desktop
- Backup the image from Step 1 to save time on future installs.
- Login as root and retrieve the script from repo:
root@debian:~# wget -N https://github.com/genebarker/debian/raw/master/bsdeb && chmod 755 bsdeb
- Retrieve your desired
server.conf
file to the same (or run the script to retrieve a bare-bones example config). - Update
server.conf
with desired settings. - Run
bsdeb
script.
- Spin-up appliances fast;
- Configure them the way I like them;
- Eliminate repeated setup mistakes; and
- Document their setups.
- Sets desired dotfiles
- Sets SSH port
- Sets public key for non-admin user (from Step 1) for SSH access
- Installs VIM and sets as default
- Installs handy remote access tools (tmux, rsync)
- Installs windows integration tools (zip, unzip, dos2unix)
- Installs core dev tools (git, ack, bat)
This configuration is the reason why this repo exists.
It extends the minimal configuration above to create environment for an appliance that provides secure self-signed TLS access to web, database, and java application services. It uses Samba for local access to backups.
- Uses
lapsj.env
for private settings - Sets network interface
- Sets hostname
- Sets groups, users, and folders for app as an add-on package using the Linux Filesystem Hierarchy Standard (FHS)
- Sets up Samba for local access to backup and restore folders
- Sets up Jetty for java web app services
- Sets up Easy-RSA to create local CA to use for self-signed SSL
- Sets up Apache HTTP Server for HTTP, HTTPS, and HTTPS with verify
client security
hostname/
HTTP & HTTPShostname/api
HTTPS with verify client (proxy to Jetty)hostname/private
HTTPS with verify client
- Sets up PostgreSQL db server for HTTPS with verify client security