this post was submitted on 14 Jul 2025
1 points (100.0% liked)

Self-Hosted Alternatives to Popular Services

222 readers
1 users here now

A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web...

founded 2 years ago
MODERATORS
bot@lemmit.online
1
Script for server setup and hardening (old.reddit.com)
submitted 1 month ago by bot@lemmit.online to c/selfhosted@lemmit.online
0 comments fedilink hide all child comments
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/ali-95 on 2025-07-13 15:25:02+00:00.

I am like most selfhosters I guess like to tinker and test new things which means I spin up new VPS or VMs all the time. It takes time to setup a new server so I wanted to create a script which would make the initial setup a bit quicker and do all the things which I usually do when setting up a new server.

Sharing with it here just so I can pay back a little and someone might find it useful. It's quite opinionated but still have some flexibility to skip things.

GitHub repo for README and Walkthough

https://github.com/buildplan/du_setup

You can download and test the script with

wget https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh

Features

Secure User Management: Creates a new sudo user and disables root SSH access.

SSH Hardening: Configures a custom SSH port, enforces key-based authentication, and applies security best practices.

Firewall Configuration: Sets up UFW with secure defaults and customizable rules.

Intrusion Prevention: Installs and configures Fail2Ban to block malicious IPs.

Automated Security Updates: Enables unattended-upgrades for automatic security patches.

System Stability: Configures NTP time synchronization with chrony and optional swap file setup for low-RAM systems.

Remote rsync Backups: Configures automated rsync backups over SSH to any compatible server (e.g., Hetzner Storage Box, I use Hetzner so I have for that it's more reliable and comprehensive than other solutions), with SSH key automation (sshpass or manual), cron scheduling, ntfy/Discord notifications, and a customizable exclude file.

Backup Testing: Includes an optional test backup to verify the rsync configuration before scheduling.

Tailscale VPN: Installs Tailscale and connects to the standard Tailscale network (pre-auth key required) or a custom server (URL and key required). Configures optional flags (--ssh, --advertise-exit-node, --accept-dns, --accept-routes).

Security Auditing: Optionally runs Lynis for system hardening audits and debsecan for package vulnerability checks, with results logged for review.

Safety First: Backs up critical configuration files before modification, stored in /root/setupharden_backup*.

Offers interactive installation of: Docker & Docker Compose Tailscale

Comprehensive Logging: Logs all actions to /var/log/dusetup*.log.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here