Step 1. Change default kernel
Fresh Linux installation on Kimsufi servers uses OVH custom kernel. When it is great for most basic usage it is not possible to use it together with Docker and LXC.
Additional steps on Debian Stable (optional)
On Debian Stable we have available only old kernels. I prefer to use some more current version, but this require to add testing repositories to APT. You can achieve this using repository pining. All about this you can read in my other blog post
Check for the newest version of kernel, just type and look for generic type:
apt-cache search linux-image
In my case it will be
linux-image-4.11.0-14-generic Now you can install new kernel just enter:
apt-get install linux-image-4.11.0-14-generic
Now you need to change boot order to use generic kernel instead of OVH one.
mv /etc/grub.d/06_OVHkernel /etc/grub.d/25_OVHkernel
Just refresh grub list and after this you can reboot server into new kernel
shutdown -r now
After this steps server should boot using new kernel. You can check this by typing
uname -r in console.
Step 2. Install Docker
Step 3. Installing docker-compose
By default installing just Docker won’t install docker-compose. This is very powerful tool that allow to setup whole set of Docker machines in single run.
Step 4. After steps
After installing docker I suggest to prepare machine so it will be harder to be accessed by unwanted persons.
First step here is to create new user that will have limited access to resources on server just to docker instance. Don’t forget to add this user to docker group and upload pubkey for SSH. This will be useful later. If you don’t want to loose access to root user don’t forget to create user with wheel or sudo group.
After this initial steps we will take care about changesin SSH config. We need to change at least three things: disable password login with possibility access to admin user through SSH and change default port for SSH. All changes can be easily changed in
/etc/ssh/sshd_config file. Look for lines that begins with this options:
# What ports, IPs and protocols we listen for Port 2222 # Authentication: PermitRootLogin no PubkeyAuthentication yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no
Last thing that will also help in securing your server is enabling Firewall. In Debian/Ubuntu we have easy to use
ufw that should fit fine our purpose.
apt-get install ufw # To install UFW ufw default deny incoming # By default we want to allow only selected incoming traffic ufw default allow outgoing ufw allow 2222 # Important! Don't forget to add your new SSH port to allowed for incoming trafic. If not set you will lose access to your server using SSH ufw allow http # Enable any other service that you want to host on your server ufw enable # Don't forget to enable everything
After this steps you will have freshly setup server for your basic needs! Have fun!