Ubuntu Server: Getting started with a Linux Server

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome to bite my pie in this video we're going to get up and running with ubuntu server if you're not familiar with it this is a linux operating system made for servers the word server may sound daunting at first but don't let it put you off from little raspberry pies to honking great racks of machines proliferating data centers across the world almost any device can be turned into a server and it can be as simple or complex as you want to make it but why run a server you may ask well perhaps you'd like to serve your own website or share some files maybe you'd just like a place to keep backups of your data or a device to act as a central hub for your media collection then again you might simply be curious as to how to set one up whatever the reason if building your own server sounds of interest to you stick around when setting up a server we first need to consider the hardware in this video i'll be putting ubuntu server on a mini pc with an intel cpu but the operating system is available for multiple platforms whatever device you intend to use i'd suggest there are four main considerations what you choose for each of these will depend on what type of server you're going to run for example a file server may be better suited to a low power processor to save on energy costs but will need plenty of storage to house your data a web server on the other hand may require a decent amount of ram especially if lots of people are accessing it whereas unless you're hosting videos the amount of storage will be considerably less when it comes to the physical size this will most likely depend on where you intend to store your server if we look more closely at ubuntu server the minimum requirements are actually quite modest but these should be seen as the absolute bare minimum and increase considerably for the optimal user experience for reference these are the specs of the little server i'm going to set up one final note on the subject of hardware i would strongly advise that the server is connected to your router with a network cable ubuntu server can be installed on physical hardware or as a vm using software such as xc png or proxmox the advantage of virtual machines is that you could run several ubuntu servers all on the same physical hardware if you're planning to do this be aware that each vm will consume a portion of the underlying computer's resources for example if you're going to run two virtual servers assigning four gigabytes of ram to each the host machine would need to have at least eight gigabytes of available ram notice how i said available ram due to the hypervisor itself also requiring memory the actual hardware would need to consist of more than this while virtual machines certainly have their uses in this video we'll be installing ubuntu server directly onto the bare metal that said if you'd like to start your journey into the magical world of virtualization check out my virtualbox video i've put a link in the description okay let's go grab the software we're going to search for ubuntu and it's this one we want ubuntu.com let's click on the download tab and then on get ubuntu server from there select option two manual server installation and then click on download ubuntu server and save that to your computer depending on the speed of your internet connection the download may take a little while so while that's downloading let's search for another piece of software those who have watched my channel before are probably familiar with this one and it's called etcher we can get it from bellina dot io i'm going to grab the portable version for windows and save that to my downloads directory once both of those have finished downloading you can close the web browser and now let's go and find them at this point i'm going to pop a usb stick into my computer and we're going to use etcher to copy the ubuntu server image we just downloaded onto it so first click flash from file then open the ubuntu server image hopefully your usb stick has been detected if not click change to select it and then we're going to click on flash and click yes to keep windows happy i'll pause the video and come back when it's complete great now that that's done we can close any open windows and remove the usb stick connect the usb stick to your soon to be server and power on the computer then tap whichever key allows you to enter the boot menu or uefi bios if your mouse isn't supported use the cursor keys to highlight the usb stick entry and press enter to select it from the menu make sure that install ubuntu server is selected the installation of ubuntu server is basically the same whether you're installing it in a virtual machine or on physical hardware so the following steps should be suitable for either scenario first we need to select our language so i'll use the cursor keys on my keyboard to highlight english uk and then press enter to select it next we need to choose the layout of our keyboard if this isn't correct use your cursor keys again to highlight the entry and press enter to select it you can then choose the one that you actually want from the list with that amended return to done and then press enter to continue with our server connected directly to the router it should have automatically picked up an ip address but since this is a server we don't want this to change and for that reason we need to set what's known as a static ip address this can basically be done in one of two ways either on the server itself which is what i'll be doing here or on the router if you'd like to set yours on the router or just aren't sure about setting ip addresses in general feel free to have a look at my static ip video i've put a link in the description to use this method you'll probably need your server's mac address and i'll show you how to obtain that in the networking section of this video if you're going to use your router to set your server's ip address you can simply select done on this screen to proceed to the next step but for those like me who would rather set the ip address manually let's press enter on the entry for the network adapter from here select edit ipv4 and then change automatic dhcp to manual the first thing we need to do is enter our network subnet this is in the format network address forward slash subnet mask so for my network that would be 192.168.0.0 forward slash 24. hopefully you already know the ip range of your network again if you're not sure what i'm talking about have a gander at my static ip video let's say your network goes from 192.168.1.0 to 192.168.1.255 the network address is the very first one on a home network you're most likely using what is known as a class c address and here for the subnet entry we need to enter the cider or classless inter-domain routing notation which for a class c network is slash 24 rather than its more common subnet mask notation which would be 255.255.255.0 next we need to enter the static ip address that we'd like to set i'm going to go with 192.168.0.200. be aware that we need to use an ip address that is outside of our router's dhcp range this is to avoid conflicts with other devices on our network that have been automatically given an address by the router the gateway is the ip address of your router in my case this is 192.168.0.1 if you're not sure what yours is on a windows computer you can type ipconfig into the command prompt and the address will be listed next to default gateway for name servers we need to enter the ip addresses of the dns servers that we would like our server to use you could just enter the ip address of your router again if you'd like to use your internet service provider's dns server alternatively and what i'm going to do here is enter a couple of public dns servers i'm going to use google's note if you enter more than one ip address you should put a comma and a space between them you have the option to include local search domains these are more useful in environments with lots of computers like a large business so i won't be entering anything in here okay let's save our entries and you can see quite quickly that the ip address has changed with the static ip address set let's select done to continue it's very unlikely on a home network that you'll be using a proxy server but if you are you can enter its address here i'm going to select done to continue again the mirror address is what will be used to keep your server up to date and the default should be just fine here we need to configure our server's storage this is for the system drive the one that will contain the ubuntu operating system and it's going to use the entire disk so anything on there will be wiped if your server has more than one drive you can choose which one you want to use i'm going to leave it on the smaller disk as i'll be using the larger ssd to store my data lvm or logical volume management can be useful but i won't be using it in this particular video so i'm going to deselect that and from there i'll continue with done this page gives us a summary of what it's about to do you can see that it's going to create two partitions on the system drive a small boot partition and a much larger one for root since i'm happy to proceed i'm going to select done and here we get a warning that continuing will begin the installation process and wipe the data from any of the disks we've chosen so select continue to begin on this screen we're going to set up an admin account for our server and also give the server its name so first pop in a name for the account then press the tab key to move down to the next line now give your server a name i'm going to go with the highly original server then enter a username for the account it's a good idea to keep this all in lowercase and finally create a password and then confirm it and with that complete we can select done it's often preferable to run a server without a monitor keyboard and mouse attached this is what's known as a headless server but in order to do this we need to be able to connect to it remotely and to do that we need to install the open ssh server package so press the space bar to put a cross in the install open ssh server box and then select done ubuntu server comes with a selection of snap packages that can be installed as part of the installation process personally i prefer to install the server operating system first and then add any additional software later on so i'm going to press the tab key and choose done the installation may take a little while so i'll pause the video and come back when it's complete marvellous when it says install complete at the top press the tab key twice to highlight reboot now and then press enter to do so when you get this prompt remove the usb stick and press enter again if you get a screen similar to this just press the enter key to reach the login prompt and congratulations you've successfully installed ubuntu server so let's log in by entering the username and password that we created during the installation and i'm going to clear the screen by typing the word clear and pressing enter and here we are logged into our brand new server though it doesn't look very exciting the command prompt actually tells us a few useful things firstly we can see that i'm logged into the user account by my this will be the name you chose for your user account then following the at symbol we have the name of our server which in my case is simply server after the colon there is a tilde this represents the directory we're currently accessing which is the user's home directory we can confirm that's the case by typing pwd and pressing enter and you can see that i am indeed in forward slash home forward slash byte my pi to log out of the server just type exit and press enter perhaps one of the most important areas when it comes to servers is security so let's first make sure that our server is bang up to date and we can do that by running the following two commands sudo apt update as this is an administrative command you'll need to pop in your password and then enter sudo apt upgrade and yes we do want to continue after running an update it's not a bad idea to restart the server and we can do that by entering sudo reboot running manual updates is all well and good but perhaps a better way is to automate the process ubuntu server should have the unattended upgrades package installed by default but we can double check by running sudo apt install unattended dash upgrade then pop in your password and as you can see the server already has the newest version of the package as part of the automation it can be useful to allow the server to automatically restart itself to complete the update procedure and to do this we need to install another package so type sudo apt install update dash notifier dash common and it looks as though that one's already installed as well so if i clear the screen all that's left to do is check the configuration to do that we're going to head to apps config directory by typing cd space forward slash etc forward slash apt forward slash apt.conf dot d you can see that we're now in the new directory as the command prompt has changed and we can list its contents by typing ls there are two files here that we're interested in the first is 50 unattended dash upgrades and to open it in the nano text editor we're going to type sudo nano 50 unattended dash upgrades if it asks for your password pop that in there are three parts we should check in here the first is this unattended upgrade allow origins section specifically you want to make sure that the three highlighted lines aren't commented out if any of them were they would have two forward slashes at the start like in this highlighted line if that was the case simply remove the forward slashes fortunately this already looks good which means that the security updates will be applied automatically the second thing to check is the automatic reboot line rather than trudging through the file trying to find it we can do a search so hold down the control key on your keyboard and press w and when the search bar appears type automatic dash reboot and press enter and hopefully it's taken you to this unattended upgrade automatic reboot false line use the arrow keys to move the cursor to beneath the letter u near the start of the line and then press the backspace key twice to uncomment the code next move along the line again and this time remove the word false and instead type in true we've now told the server to restart automatically following an unattended upgrade and then the third entry we want to look at is here unattended upgrade automatic reboot time again we need to uncomment it at the start and then we're going to set the time so remove the current entry and then enter your own this is the time of day that the server will carry out its automatic restart in this case i've just set it to one o'clock in the morning and with that done we need to save our changes so press control x on the keyboard then type y and press enter okay let's clear the screen and now let's check out the second config file this one's called 20 auto dash upgrade so let's open it with sudo nano 20 auto dash upgrade and as you can see there's a lot less going on in this one whereas the first config file we looked at contain the auto update settings this one actually enables them the first line makes sure that the software package lists are up to date so that the server gets the latest available packages whereas the second enables the unattended upgrade itself the important thing to check other than both of these lines being present is that each of them is set to one as this is what enables the entry with that done press control x to exit out of there if you made any changes remember to save them right with the unattended upgrades configured let's restart the server for the changes to take effect the final thing worth checking is that this automatic update service is running okay and we can do that by entering sudo systemctl status unattended dash upgrade and then enter your password and as you can see it's active and running to check the network connections on the server we can type ip and then an a this machine has two network adapters one wired which is what i'm using and another wireless adapters starting with the letters en are wired whereas those beginning wl are wireless if you're looking for the network adapter's mac address it should be listed next to link slash ether the network configuration is stored in the zero zero dash installer dash config.yaml file located in the etsy netplan directory to take a closer look at this we can open it in the nano text editor by typing sudo nano forward slash etc forward slash netplan forward slash double zero dash installer dash config dot yaml if like me you earlier configured the server's wired network adapter with a static ip address the addresses should be familiar if you needed to make changes to any of these you can do so in here just remember to save the file when you exit i'm just going to press ctrl x to exit out of there if you did make any changes you should enter the command shown on screen to apply them but if you were just browsing that's not necessary either if you recall during the installation we also installed ssh to allow us to remotely access our server if you chose not to do this but then later change your mind don't worry as you can soon add this functionality with the following command sudo apt install open ssh dash server enter your password and as you can see i've already got the newest version installed but you could continue to install the package okay with the server now ready to accept a remote connection i've moved over onto a windows pc to try to connect first things first we need to make sure that the open ssh client is installed so open settings and head to apps from there click on optional features you're looking to see if the open ssh client is already in the installed list you can see that mine already is but if that wasn't the case you can click on add a feature to add it i'm going to close out of there and now we can open the command prompt by typing cmd in the search box and selecting it to remotely connect into our server we need to type ssh followed by the username of the server account which in my case is by my pi the at symbol and then the ip address of the server which for me is 192.168.0.200. then enter that as it's the first time connecting we need to type yes to accept the server's fingerprint and then press enter and then enter the password for the account on your server all being well you should now be successfully connected and you can carry out server tasks from the comfort of your desktop pc or laptop if you're planning on running your server headless now would be a good time to disconnect its monitor and keyboard to log out from the remote session just type the word exit and then you can close the window once installed and updated like many server operating systems ubuntu server in and of itself doesn't actually do much out of the gate but what it does do is give us an excellent base on which to build so depending on what you plan to do next you may have gone far enough with this video but for those who want to roll up their sleeves and delve a bit deeper i'm going to run through a few of the more manual server tasks you may wish to consider now i know that not everyone likes the linux terminal maybe it's the endless gloom of a black background or the reams of text that can appear on screen perhaps a pretty gui simply offers a more comforting environment whatever the reason if you'd like to add a desktop to your server that's what we'll be doing in this part of the video be aware that ubuntu server in its standard form uses far less resources than having a desktop bolted on top so if you intend to do this first think about your hardware and whether it's up to the job that said to try and keep the load down as much as possible we'll be installing a lightweight desktop environment known as lxde so to get started enter the following command sudo apt install lxde dash core lx appearance lxde core will give us a minimal desktop but adding lx appearance will enable us to change the look and feel of the desktop should we wish to do so pop in your password you can see straight away how much extra software is required to run a gui even a lightweight one like lxde let's enter y to continue here we need to choose the default display manager as it tells us this will provide a graphical login window since we're trying to keep things as lightweight as possible use your cursor keys to highlight light dm and then press enter to select it once the installation is complete let's restart the server and just like that you should now have a graphical login window before logging in make sure you click the ubuntu logo and select lxde and then enter your password to log in the desktop might not look like much but you now have a taskbar with a start menu giving you easy access to multiple tools indeed in the preferences section you'll find customized look and feel this is the lx appearance package we installed if you'd like to customize your desktop next to the start menu we have a file manager and then over on the bottom right hand side as well as volume networking and time we also have a power button so you can easily restart your server at the moment in order to use this desktop we have to log into our server directly but what if you'd prefer to access it remotely over your local network well to do that we need to install some software open the start menu and head to system tools we need to open lx terminal it's handy to put a shortcut to this on the desktop so let's right click on it and select add to desktop and then double click the shortcut to open the terminal emulator the first command we need to type is sudo apt install xrdp then pop in your password and yes we do want to continue with the xrdp package installed we need to edit its configuration file so i'm going to clear the screen and type sudo nano forward slash etc forward slash xrdp forward slash start wm we need to head to the end of the file now you could use the cursor keys but a much faster way is to hold down the control key and press end if you use the arrow keys to move the cursor to the start of the test line we're going to comment it out by typing hash and then we're going to do the same thing on the exact line as well go back to the end of the file and press the enter key to create a new line and then type lx session space dash s space lxde all in capital letters space dash e space lxde once more in capital letters then save and exit the file by holding down the control key and pressing x typing y and pressing enter then the last thing we need to do is add the xrdp user to the ssl cert group and we can do this by typing sudo add user xrdp ssl dash assert and now let's just do a reboot to make sure that all those changes take effect okay so i'm back on my windows computer and i'm going to open a remote desktop connection then type in the ip address of my server and click connect and then yes then we need to enter our username and password for the ubuntu server and finally click on ok and that's it we're now remotely logged in to the ubuntu server desktop you can tell it's a remote session from the bar at the top of the screen and when you want to leave the server you can either come to the start menu and log out or alternatively if you'd like to leave something running on the desktop you can exit the session with a little cross and then return to it later in a moment i'll be dropping back into the dark recesses of the console window or command prompt but if you've installed the desktop and want to continue following along just enter any of the commands into the lx terminal a more lightweight approach to administering our server through an easy to use interface would be to install a web console and a great tool for the job is cockpit once installed we'll be able to access the ubuntu server from any computer on the local network using nothing more than a web browser so let's get started first make sure that the software package manager is up to date by running sudo apt update and enter your password to proceed and then type sudo apt install cockpit and yes we do want to continue when it's finished installing let's check that it's running by entering sudo system ctl status cockpit dot socket as you can see it's active and listening there's one more thing we need to do before using cockpit ubuntu server has changed its network manager and it no longer works with cockpit's default configuration but this is easily fixed so let's type sudo nano forward slash etc forward slash netplan forward slash double zero dash installer dash config dot yaml and then press enter to edit the file you're looking for the line that says version two and then directly beneath it we're going to insert a new line press the space bar to indent it to the same position as the line above and then type renderer colon space network manager or one word with a capital n and a capital m and when you've done that hold down the control key and press x then press y and enter to save the changes and exit to make our new configuration take effect we need to enter sudo netplum troy and then press enter again to accept the new configuration and with that done we can log out by typing exit note that it now gives us the address of the web console that we've just set up on a computer on the same network as the server we're going to open a web browser and then type in the web console address which is the ip address of the ubuntu server followed by a colon and the port number 9090 since cockpit uses a self-signed certificate we need to click on advanced and then on proceed and here we are at the login screen for our ubuntu server's new web interface enter the same username and password that you'd use to log directly into the server to be able to carry out admin tasks you want to leave this box checked where it says reuse my password for privileged tasks and then we can click login as this isn't a video about cockpit specifically i'm not going to go through each of the settings just be aware that you can keep your server up to date from the software updates section and you can even drop into the server's terminal should you wish to do so you can leave the web console by clicking your account name at the top right and selecting log out next back in the server console we're going to look at adding an additional user account and to do this we simply need to type sudo add user followed by the username we want for the new account i'm going to go with bits of pi if prompted enter the password for your current server account now we need to enter a password for the new user account and then pop it in again to confirm it here we can enter the full name or alternatively you could just press enter to accept the default i'm not going to enter a room number so i'll just press enter on that one and the same again for work phone and home phone and also other yes the information is correct and that's it the new account is created and if we enter the home directory by typing cd forward slash home and then list the contents you can see that our new account also has its own home directory at the moment bits of pi is just a standard user account so it wouldn't be able to perform any admin tasks this may well be what you want but if you need a second admin account we can easily achieve this by adding it to the sudo group to do this enter the command sudo user mod dash lowercase a dash capital g sudo and the name of your new user account which in my case is bits of pie then pop in the password for your original account if it asks for it and that's it bits of pie now has admin right so let's test it out i'm going to log out by typing exit and then log in to the new account let's clear the screen and try running an admin task so i'll enter sudo apt update and then pop in the bits of pi password and as you can see the command executed successfully right let's log out of the new account and log back in to the original one now rather than logging out and back in again let's say you just wanted to switch accounts temporarily or you can do this using the su or switch user command so if i type su dash and the name of the account that i want to switch into and then enter the password for that account and you can tell from the command prompt that i'm now in the bits of pi account and i can confirm this by entering the who am i command when you're ready to switch back to the original user just type exit another use for the su command is to temporarily become root this could be useful if you need to enter a lot of admin commands one after the other as it saves you from having to type sudo each time so to switch into the root account type sudo su dash and then enter your account's password and we can now run admin commands without proceeding them with sudo for example sudo apt update simply becomes apt update you should be very careful while running as rude as someone once wisely said with great power comes great responsibility so let's exit out of there before we do any damage and you can see that i'm now safely back in my bike my pi account if you'd like to list all the user accounts on the server you can do that by entering comp gen u for users as you can see the server contains a lot of system accounts but perhaps more importantly you should be able to see the accounts that you have created okay so what do we do if we want to remove a user well that's where the dell user or delete user command comes in so enter sudo dell user and the name of the account you want to remove then pop in your password and that's it the account is no more we can confirm this by entering the comp gen u command again and the account you just removed should no longer be in the list for security reasons by default ubuntu server doesn't allow you to log in using the root account while this is a good idea there may be times when you're setting up a server that you need the root account to be fully active so if you're facing such a scenario you can type sudo p a double swd root you need to create a password for the root account and then confirm it and now if we log out we can log in as root note whenever you're running as root the command prompt changes to the hash sign instead of the usual dollar right let's exit out of there if you later decide that you'd sooner restrict access to the root account after all just type sudo p a double swd dash l root then pop in your password and congratulations you've just disabled the root account login while it's best to get the name right from the start it is possible to rename your server let's say i got fed up with the generic server and wanted to change it to fort knox we can explicitly show the name of our server by typing hostname for even more information you could type in hostname ctl now to change the name let's type sudo hostname ctl set dash hostname and then what you want to change it to which i'm going with for knox and then we need to enter our password and if we type host name now you can see that the server has a new name notice at the moment the prompt hasn't updated to reflect the change this is easily remedied by typing in exec bash if you do decide to change your server's host name there's one more thing you should take a look at as the server boots it maps local host names to ip addresses these are stored in the etsy hosts file and we can view them by entering cat forward slash etc forward slash hosts we can clearly see that this still contains the old name of our server so to update that let's edit the file by typing sudo nano forward slash etc forward slash hosts use the cursor keys to navigate to the end of your old server name and the backspace key to delete it and then type in the new name for your server with that updated we need to save the file and we can do that in the nano text editor by holding down the control key and pressing x type in y and then pressing enter great so our server is now renamed to check that it knows its name i'm just going to run a ping test using the host name so i'll type ping for knox and as you can see it's replying there's a very useful tool we can add to ubuntu server that makes installing some popular packages an absolute breeze and it's called task cell so let's install it now we'll first make sure that the server's package manager is up to date by running sudo apt update and then we'll install the software by typing the command sudo apt install task cell and yes we do want to continue when it's finished installing we can run it with sudo task cell and you can see that there's quite a list of things we could install for the purposes of this video i'm going to install a lamp server so i'll use the cursor keys to move down the list and then press the space bar to select that entry then if i tap the tab key i can press enter to select ok and when the command prompt reappears at the bottom of the screen the installation is complete a lamp stack consists of a bundle of open source software used for running web applications lamp is actually an acronym which stands for linux apache mysql and php we've already taken care of the linux part by installing ubuntu server i'll come back to apache in a moment mysql is a database and it's a good idea to make sure this is secure by running sudo mysql underscore secure underscore installation it first asks us if we want the system to check that we use secure passwords when setting up a database that's a good idea so i'll enter yes for that one you then set the policy to enforce this i'll go with number two for strong passwords now we need to create a password for the root database user and then enter it again to confirm yes i do want to continue with the password provided for security it's a good idea to remove anonymous users we also want to prohibit remote login to any databases by the root user and let's also remove the test database for those settings to take effect we need to reload the privilege tables and that's the database component ready to go returning to apache which is the web server part of the lamp stack i've jumped over onto a windows pc to demonstrate this if we open a web browser and enter the ip address of our ubuntu server you can see that we've reached the default page for the apache web server i'm going to move that over open the command prompt and pop that on the other side of the screen and then ssh into the server the reason i've got these windows open side by side is to look at the final part of the lamp stack php is a scripting language that is widely used in web development to reveal some information about this we first need to visit the apache servers web directory and we can do this by typing cd forward slash var forward slash www forward slash html let's list the contents of that directory if you're curious the index.html file is this apache 2 ubuntu default page that we're viewing we're going to create a new file in this directory we'll use the nano text editor by typing sudo nano and then the name of the new file which will be php info dot php if it asks for it pop in your password being a new file there's nothing in it at the moment so let's enter less than question mark php press enter to start a new line and then we'll type two forward slashes which means that this line will be a comment explaining the purpose of this file as follows then on the next line type php info opening bracket closing bracket semicolon then finish with question mark greater than hold down the control key and tap x type y and press enter to save and exit to see what that's done head over to your web browser and following the ip address of your ubuntu server enter forward slash php info dot php this gives us lots and lots of information about our php installation and for this reason while not critical on a home network if this was an internet-facing web server you wouldn't want to expose this so to be on the safe side let's delete that anyway and we can do that by typing sudo rm php info dot php and now if i refresh the web page you can see that the information has gone to make proper use of your lamp stack you'll need some additional software what that is precisely is entirely up to you but at least you now have all of the groundwork in place if you've been watching this video from the start you may recall that my server has a second physical drive and that i mentioned i'd be using this for data storage this way the operating system can continue to use the primary drive and we can keep all of our files on a separate disk to make this process a little easier if you're not already i'd recommend remotely connecting to your server using ssh as this way we'll be able to easily copy and paste one of the longer entries if we clear the screen the first thing we want to do is list the drives connected to the server and we can do this by entering lsblk on my machine i'm looking for the gigabyte ssd which is this one here sda we can see that it currently contains two partitions sda1 and sda2 but i want to start over by deleting the current partition table signature and we can do that by typing sudo wipe fs dash a which stands for all and then the path to the drive which in my case is forward slash dev forward slash sda it's important that you get this last part right as you don't want to do this to the wrong drive then pop in your password to continue okay now we're going to create the new drive layout since this is going to be used for storing data it's quite likely that you're using a large drive so for that reason i'd suggest you use the g disk command to partition it as this will create a gpt partition table that is better suited to bigger drives and we can do that by typing sudo gdisk and then the path to your disk which in my case is forward slash dev forward slash sda again make sure you get the right disk so as to not cause big problems right we're going to type the letter n and press enter to create a new partition we'll give it the partition number one we want it to start at the beginning of the drive so press enter to accept the default and to keep things simple i'm just going to create a single partition that fills the entire drive so press enter again to do this and we can press enter again to accept the default value for the hex code or guid with that done we need to write our changes to the disk and we can do that by entering the letter w and then typing y to proceed let's have a look at our new partition by entering sudo g disk dash l and then the path to the disk and here you can see my single partition now that we have a partition we need to create a file system on it in windows you've probably heard of fat32 and ntfs but as this is linux i'd suggest we use ext4 so let's type the command sudo mkfs or make file system dot ext4 and then the partition we want to create it on which in my case is dev sda1 you can see that this is simply the drive followed by the partition number if you've been following along we only created a single partition so the number should be one let's press enter to execute the command if you get a message that the partition currently contains a different file system just enter y to overwrite it okay with the second drive set up we now need to mount it unlike windows linux doesn't use drive letters instead the operating system is located in the root directory when we add an additional drive to make it accessible we need to mount it within this root directory handily there is an mnt or mount folder for just this purpose so let's first navigate to that by typing cd or change directory forward slash mnt next let's create a mount point this is simply a folder that will mount our disk to and we can use the mkdir or make directory command to do this so type sudo mkdir and then the name you want to give it i'm just going to go with drive to if it prompts for your password just pop it in and if we run the ls command we should see our new folder i'm going to use the cd command to enter into it now at the moment if i was to create a file within there that's actually stored on my primary operating system drive that's because although we've created our mount point we haven't actually mounted the second drive to it yet if i remove that file and return to the mnt directory by the way typing cd space two dots takes you up a level from the folder you're in this is known as the parent directory we're going to make our mount point immutable this means that we'll no longer be able to put any files within it this is a good thing because if for some reason our storage drive doesn't mount we don't want all of the files ending up on the disk that contains the operating system so let's enter sudo ch attr or change attribute plus i and then the name of your mount point folder to make sure that's worked let's enter the folder again and try and create another test file and as you can see it won't let us and there's no test file in the directory so now that the mount point is ready to go i'll return to the mount directory when we mount the drive we could use its dev path and partition number in my case that would be forward slash dev forward slash sda1 the trouble with this method is that if at some point you took your server apart and moved the disks around there's no guarantee when you put it back together the drives would get the same labels so a much more reliable way is to use what's known as the uuid or universally unique identifier to find this for our drive we can use the sudo blk id command knowing that my partition is sda1 i can see its uuid here we're going to copy the uuid by moving the mouse pointer into position holding down the left button and then dragging until everything is selected from the first u to the final quote then let go of the button hold down the ctrl key on your keyboard and press c with that copied we're going to edit a file so type sudo nano forward slash etc forward slash fs tab we could manually mount our drive but then we'd have to do it every time we restarted the server by adding an entry to the fs tab file it will mount automatically whenever the server boot so use the cursor keys to go to the bottom then move your mouse pointer inside the terminal window and right click to paste to complete the line we need to type space forward slash mnt forward slash and the name of your mount point which mine is drive2 space ext4 space default space 0 space 2 so that's going to take our additional drive mount it to the mount point we created using the ext4 file system and the default mount settings the last two fields stand for dump an fsck or file system checker respectively we don't need to get into their values other than to say that on an additional nun system drive these should be set to zero and two right let's hold down the control key and press x then type y and press enter to save and exit it's a good idea to check that the new entry works as advertised as an error in the fs tab file can prevent your server from starting to make sure all is well type sudo mount dash a no errors is always a good sign running that last command has just mounted any drives listed in the fstab file if they weren't already from now on this will happen auto magically whenever you start the server typing df h and then the name of the mount point shows us that the second drive has indeed been mounted also if we now enter the mounted drive and i try and create a test file we can see that that was successful remember we can no longer create files inside the mount point itself but now that we're writing to the second disk all is well when it comes to adding drives there's one more area i'd like to draw your attention to and that's permissions if we add a dash l to the list command we can see a bit more information at the moment this directory and everything in it is owned by root and that's one of the reasons we have to keep using the sudo command moving forwards this probably isn't what you want so let's change that now i'm going to move up into the mnt directory and then issue a command to make my current user the owner of the drive2 directory which is as follows sudo ch own or change owner dash capital r followed by the username that we want to take ownership and then the name of the directory followed by forward slash pop in your password if asked and if we enter the folder again and once more list the content you can see that my account by my pi now owns the files within this directory note this is because we used the dash capital r option on the ch own command without it although we'd have still taken ownership of the directory this wouldn't have applied to any existing files within it also when it comes to file permissions we need to decide what kind of access users have you've no doubt noticed the letters and dashes at the start of each entry these visually identify a file's permissions and are arranged as owner group and others if we take the test file i created earlier as an example this currently has rw or read write permission assigned to the owner and r or read permission assigned to both the group and others while we could change the permissions on this file individually it's often more useful to do it on an entire directory so let's return again to the mnt directory and this time we're going to use the chmod command to modify the permissions so type sudo chmod we'll use dash capital r again to make it recursive and i'm going to go with seven five zero these numbers represent the owner group and others respectively this is what's known as octal notation and it's quicker to write than using the letters rwx as you can see from the table on screen each number represents some permissions basically you only need to remember one two and four as zero being no permission kind of makes sense and three five six and seven are generated by a combination of one two and four for example read which is four plus right which is two and execute which is one adds up to seven so in the current command the number seven will give read write and execute permission in other words full control to the owner the number five will give read and execute permission to the group and the number zero gives no permissions to others which is everyone else this is a reasonably secure configuration to users default so to finish we just need to put the name of the directory that we're applying it to which in my case is drive2 and i'll pop a forward slash on the end and if we return to the directory and list its content notice that the owner currently bite my pie has read write and execute permission on all of the entries the group currently root has read and execute permission and others have no permissions right so without using sudo i should now be able to make changes within this folder first i'll try and remove the test file and there it was gone and now i'll try and create a new file called plenty of pi and there we have it in the last section we added an extra drive for storage which is okay but to make this really useful and to justify putting it into the server in the first place this really wants to be made available over the network there are a few ways we could achieve this nfs sftp to name a couple but i'd suggest for best compatibility with the widest range of devices we use samba first let's check that the package manager is up to date and now let's install samba yes we do want to do that with the software installed we now need to configure it let's start by setting up a user account to do this use an existing account on the server and add it to samba by typing sudo smb p a double swd dash a and then the username of the existing account so i'll be using buy my pie now we need to create a samba password for this user to keep things straight forward i'd suggest using the same password that you normally use for this account so i'm going to end to bite my pie's password and then confirm it with an account set up let's enter the etsy samba directory and we're going to edit the smb config file but first let's make a backup of the original and then we can edit the file by typing sudo hold down the control key and press end to jump to the end of the file and i'm going to press enter to move down one line adding a comment is optional but it's good practice to describe what any code you add is going to do so if we enter a hash and then type in a short description i'll just call it my shared drive on the next line we're going to give the share a name this needs to be typed inside square brackets i'm going to go with the usually imaginative share beneath that we need to enter path space equals space and then the path to the directory that you're going to share on the server which in my case is forward slash mnt forward slash drive to moving down type in valid space users space equal space and then the username of your samba account which for me is bite my pie then on the final line enter read space only space equals space and if you want to be able to write to the drive type in no okay hold down the control key and press x type y and press enter with the configuration saved we need to restart the samba service for it to take effect so let's enter the command sudo system ctl restart smbd dot service finally let's check our samba configuration for errors you can see that the services file loaded okay so let's press enter to output the service definitions and there's the samba share we created at the bottom hopping over onto a windows machine it's time to try it out i'll open file explorer and type in the address bar backslash backslash the ip address of the ubuntu server backslash and then the name that you gave to your share if you recall i simply called mineshare when you've typed yours in hit the enter key and it should ask for the credentials to connect to your server so type in the username and the password of the account that you added to samba if you're going to use this a lot i'd suggest ticking the box remember my credentials and then click ok to connect and that's it we now have access to our shared drive you can see the plenty of pi file that i created earlier to save us having to type the address in every time we want to connect to our share if we click on the little folder icon and drag it into quick access and then let go we now have a handy shortcut that will take us straight to our network share and as a final test let's try deleting plenty of pi and creating a new folder to put things in ubuntu server ships with a built-in firewall but by default it's turned off we can see this by running the command sudo ufw status in a moment we'll turn the firewall on however you need to be careful if you're logged in remotely as you could accidentally lock yourself out this is because by default the firewall will only allow outgoing traffic and will block anything trying to get in so if you intend to use it you need to make sure that ssh access is allowed and to do this we'll add a firewall rule by entering sudo ufw allow ssh with that done let's turn on the firewall by typing sudo ufw enable and if i hop over to the command prompt of a windows machine and try to connect using ssh you can see that even though the firewall is now enabled we can still connect remotely returning to the server let's say you later decided you didn't want remote ssh access after all you can block it by entering sudo ufw deny ssh now if i try and connect remotely from the windows machine you can see that after a short while the connection times out with the firewall operational you need to stop and think about all of your connections to the server even on your local network for example if you set up a network share using samba you'll also want to allow access to that you can see at the moment that it's currently blocked so back on the server we need to enter sudo ufw allow samba and if i try again on the windows computer we're now allowed back in if you decide configuring firewall rules isn't for you and you'd rather turn the firewall back off you can do that by typing sudo ufw disable the whole point of a server is to serve services over a network so it can be very useful to get to know the netstat command as this displays information about network connections to get the most out of it we need to run it as admin by using sudo and to get even more out of it we can add some command line options a popular set of options is tu lpn as each of these will show us a different set of data as shown on screen before we can run this command we first need to install it so type in sudo apt install net dash tools to do so and now let's run the netstat command each line represents a different network connection on the left is the type of network protocol either tcp or udp we have the local address and more importantly the port number whether the connection is listening in other words services that are running waiting to be contacted and the program name or the process that's creating that particular service to try and make a little more sense of what's going on here let's take this line as an example we can see this is showing us the smbd or samba service it's using the tcp protocol and operating on port 445 it's also in a listening state and so is ready to be connected to by using the netstat command we can see at a glance what services the server is making available to the network although that was a pretty whistle-stop tour hopefully the output of the netstat command no longer looks like a list of meaningless text another important area when monitoring a server is resources there are a couple of popular commands we can make use of here historically there's top this shows us the processes running on the server it's useful to be able to see what's using up the server's resources particularly in situations where you may not have very powerful hardware processes using the most resources are listed at the top let's press q to quit out of there a more useful and newer alternative is h-top though even this has been around since 2004 you can think of h-top as being like top on steroids perhaps most usefully it's also interactive so as well as being able to monitor the system's resources by using the commands listed along the bottom of the screen we can analyze the information more closely let's say i wanted to search for processes connected with samba if i press the f3 key and enter smb it will highlight a running process that meets this criteria pressing f3 again will find the next process running smb and we can cycle through them using the f3 key looking more closely at a particular process you can see that it shows the pid or process identifier this is the number assigned to it we can also see the user that the process is running as in this case root the cpu and memory columns are especially important as these reveal the percentage of the server's processor and ram respectively that the process is currently consuming and the command column displays the location of the commands that invoke the process here is slash user slash spin smbd we can press the escape key to cancel out of search another useful option is f9 kill if a process has gone awry and is gobbling up far too much of your server's precious resources you can force it to close let's say h top itself went out of control being at the top of the list it is currently using the most resources but that's just because i'm not currently asking the server to do anything else still let's pretend the process has gone rogue and we need to kill it with the process highlighted we need to press the f9 key this brings up the send signal command by default it will use sig term this is the polite way of asking the process to close but if the process was particularly stubborn you could opt for something more drastic like sig kill so let's press enter to politely kill h-top and you can see that we now have the command prompt back at the bottom of the screen of course if we run h-top again the better way to exit the program is to use the f10 key a couple of tips before we wrap up this video if you're typing a command particularly one where you're navigating directories you can make your life easier by using something called tab completion as an example let's say i want to get to the root directory of the apache web server if i start typing cd slash var slash but then instead of typing the full directory name www i type w and then press the tab key notice how it automatically fills in the rest of the folder name and then if i do the same thing again this time instead of typing html i just type h and press the tab key once more it auto completes the entry obviously this can save you quite a bit of typing particularly where longer paths are involved the final thing i'd like to mention is the man or manual command if you get stuck and aren't sure what a command does in the terminal you can take a look at its manual hopefully by now you know the purpose of the sudo command but if you weren't sure you could type man sudo and this gives you lots of information about the particular command including any available options when you've finished looking it up you can press q to exit out of there and that's it i'm now going to shut down my server but you'll probably want to leave yours running and that brings us to the end of this video this one has been a little more technical than usual hopefully there hasn't been too much snoring going on in the back row running a server isn't for everyone but for those who like to take a closer look at the nuts and bolts of the system and gain a better understanding of what's going on behind the scenes manually setting up a server is a great learning experience and with five years of updates for the lts version ubuntu server is a great place to start there's a whole world of servers out there maybe now there'll be one more as you start administering your own as always if you enjoyed this video please like and subscribe and if you'd like to be notified when i post the next one just click the bell icon thanks for watching and until next time take care [Music] you
Info
Channel: Byte My Pi
Views: 12,291
Rating: 4.9605913 out of 5
Keywords: ubuntu server, linux server, updating ubuntu server, installing ubuntu server, server, samba, file sharing, ssh, lamp, linux file permissions, ufw, uuid
Id: 2Btkx9toufg
Channel Id: undefined
Length: 69min 33sec (4173 seconds)
Published: Sat Jun 05 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.