

Primary LanguageShell

How to build runtime environment for overseas

System Requirement

  1. Hardware: any hardware can run ubuntu 18.04
  2. OS: ubuntu 18.04 (Server edition is recommended)
  3. Software:
    1. nginx
    2. php
    3. certbot
    4. mariadb
    5. ghostscript
    6. fail2ban
    7. portsentry
    8. supervisor
    9. rsync
    10. docker
    11. ufw

Hardware Configuration

  1. Storage:
    1. physical: HDD * 8, SSD * 2
      Physical Disk List

    2. virtual (RAID): VD_HDD(HDD * 8), VD_SSD(SSD * 2)
      Virtual Disk List VD_HDD config VD_SSD config

OS Installation Hint

  1. Set language to English to avoid font issues

  2. Set Location to Asia/Taiwan

  3. Set Locale to en_US.UTF-8

  4. Set keyboard to English (US) language setting gif

  5. Check timezone is Asis/Taipei

  6. system install on disk VD_HDD

  7. Install OpenSSH Server in predefined software install predefined software

Software Configuration

Nginx + Certbot

  1. The traditional way

  2. The modern way

  3. Add config below to /etc/crontab for autorenew certificates

    30 2 * * 1 root /usr/bin/certbot renew
    35 2 * * 1 root /etc/init.d/nginx reload



Install for Laravel Queue Worker


  1. MariaDB Audit plugin
    add config below to /etc/mysql/mariadb.conf.d/50-server.cnf
    # for server / query audit
    # * MariaDB Audit Plugin
    # https://mariadb.com/kb/en/library/mariadb-audit-plugin-log-settings/
    # for server / query audit
    # to log all queries, or to log only connect and table changes?
    # https://mariadb.com/kb/en/library/mariadb-audit-plugin-log-settings/#logging-query-events
    # log file size 1G=1000000000
    # now set to 100M
    # set to 0 means never rotate (0-999)
    # now set 999, size will be 100M*999=100G
    # set max logging query length to 10M per query
  2. fd limit(open files limit)
    1. add config below to /etc/mysql/mariadb.conf.d/50-server.cnf

      # Open File Limit
      open_files_limit = 65535
    2. add config below to /etc/security/limits.conf

      mysql            soft    nofile          65535
      mysql            hard    nofile          65535
  3. automysqlbackup
    1. apt install automysqlbackup
    2. Review settings in /etc/default/automysqlbackup.
      • DBNAMES
      • MDBNAMES


  • apt install fail2ban
  • it's ok to use default settings


  1. apt install portsentry
  2. Review settings in /etc/portsentry/portsentry.conf
  3. Make sure settings below are enabled
    • BLOCK_UDP="1" / BLOCK_TCP="1"
    • SCAN_TRIGGER="1" to reduce false alarm
  4. Use better KILL_ROUTE. Find this line and enable to use iptables setting instead of default rule
    KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP && /sbin/iptables -I INPUT -s $TARGET$ -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '"


Disk Mount

  1. make sure VD_SSD is formatted in ext4 disk format
  2. create directory at /mnt/VD_SSD
  3. sudo fdisk -l check what device path is for VD_SSD
  4. blkid (VD_SSD's device path with partition number) to get UUID of VD_SSD's partition
  5. add UUID=(UUID get from previous step) /mnt/VD_SSD ext4 errors=remount-ro 0 1 to /etc/fstab

rsync (SSD -> HDD)

add below to /etc/crontab

*/5 * * * * root rsync --archive --delete --delete-delay --delay-updates /mnt/VD_SSD /data/

ufw (Uncomplicated Firewall)

  1. Ubuntu has built-in ufw. You can use sudo ufw status to check status and rule of ufw.
  2. To make sure your connection after enabling ufw, sudo ufw allow ssh is necessary.
  3. sudo ufw allow 80, sudo ufw allow 443 and any rule you need.
  4. If setting is ready, you can type in sudo ufw enable.

Example Config Files

all examples are in config-examples folder