Anton Sarukhanov

Full-Stack Developer

Setting up a Debian 8 development machine

My process for setting up a new development server.

This post was going to be a note in Evernote, but their interface is completely unusable for storing code, so it's going here. These are steps I took to set up a Debian 8 server for personal websites, perhaps small web apps, and other projects in PHP and Python.

This is far from a universal setup guide! It's more of a public scratchpad for me to document my current process. It might suit your needs, or it might not. Scroll below the code block to see why I chose certain packages. Replace YOU and SERVERNAME accordingly.

# <Create VM, connect as root.>
# Make user
adduser YOU && adduser YOU sudo        # Create user with sudo privs.

# SSH Key
sudo -iu YOU                           # Become non-root.
mkdir ~/.ssh                           # Make ssh directory
vi ~/.ssh/authorized_keys              # Paste SSH key (use a unique one, 4096 bits)
# Verify that your SSH key works before you forget...

# Secure login
sudo -i                                # Become root again
passwd -d root                         # Destroy root's password. No need for it.
vi /etc/ssh/sshd_config                # PermitRootLogin no, PasswordAuthentication no

# Set network, hostname, DNS as appropriate
vi /etc/network/interfaces             # Configure static network settings as appropriate.
echo 'SERVERNAME' > /etc/hostname      # Set the hostname
vi /etc/resolv.conf                    # Set domain and search to your domain name, and set your favorite nameservers.
reboot                                 # Verify network settings, hostname, SSH access.

# <Connect as non-root user>
ssh-keygen -b4096        # Make an SSH key (for git, outgoing SSH, etc.)

# Setup your apps. Tmux:
vi ~/.tmux.conf                                        # Paste your tmux configuration
scp -r YOU@old-server.example.com:~/.tmux ~/.tmux      # Grab any plugins (from old server in this case)
vi ~/.bashrc                                           # Put stuff at the end to make tmux autostart.

# Vim
vi ~/.vimrc              # Paste your vim config
# Vim plugins would go here. I'm a noob and don't use any.

# Time for more root stuff!
sudo -i

# Set firewall rules
vi /etc/iptables.rules   # Sample ruleset here: https://wiki.debian.org/iptables

# Install must-haves
apt-get update
apt-get upgrade
apt-get install fail2ban tmux iptables-persistent git build-essential

# Dev/Hosting Stuff (edit as needed)
apt-get install nginx ssl-cert                                                        # Web
apt-get install php-pear php5-{fpm,mysql,ldap}                                        # PHP
apt-get install python-{dev,virtualenv} virtualenvwrapper python3{,-dev,-psycopg2}    # Python
apt-get install mariadb-{server,client}                                               # MySQL Equivalent
apt-get install postgresql libpq-dev                                                  # PostgreSQL

# Done
logout                    # go back to regular user
source ~/.bashrc          # load up tmux (logging out works too, but this is faster)

Package Choices🔗

nginx🔗

Apache has long stood as the default Linux webserver, and for good reason. It's a fantastic piece of software. In recent years, nginx seems to be rapidly rising in popularity while Apache (and IIS) fall. Besides being substantially slower, Apache contains a lot of historic cruft. Nginx is faster and more lightweight. I also find its configuration syntax easier to work with.

mariadb🔗

MySQL is a staple in web applications small and large. Its easy to install, widely available, and has decent tooling on most platforms. My biggest problem with it is that it is owned and driven by Oracle, which means that corporate interests come before community interests. That's enough to turn me off from relying on a piece of software as a building block of my code and infrastructure, especially when a drop-in alternative like mariadb is available.

Others🔗

ssl-cert is a convenient way to have a self-signed SSL certificate generated for you on Debian. php-pear is a PHP package manager. iptables-persistent loads up your desired iptables settings at reboot, otherwise they would go away. postgresql is preferable over mysql for some/many uses, libpq-dev are development headers for building postgres clients. tmux is a terminal multiplexer. It lets you break a single console session into panes, have multiple "windows" that you can switch between with a keystroke, and much more. If you feel that working through SSH is limiting or unwieldy, you need this. git is a decentralized version control system (DCVS). If you aren't using version control, use it. If you're using a different system for version control (svn, cvs), I strongly recommend that you check out git anyway.

Other Considerations🔗

Backups🔗

I host with Linode, and they provide a backup service. I plan to set up a second, offsite, backup system (maybe Tarsnap, or rsync.net) eventually, just in case.

SSH IP Restrictions🔗

I want to have the ability to remotely admin this from, say, my phone. Since I don't have a reliable VPN set up right now, I leave this open. fail2ban and disabling passwords help me feel better about this. Its definitely a good idea to set up a VPN to use as a jump host instead.