Setup Docker on a OVH Vps server

Basic setup of a vps server from OVH to be used as a development machine with Docker

 Posted on March 23, 2018  |  0 minutes (0 words)

I have a brand new VPS server from OVH with Debian Stretch. Let’s configure it with some basic security and Docker. The server will be used as a test machine for my experiments. This machine is not for production.

Update

Check if new packages are available

ssh [email protected] -p 22
apt update && apt upgrade -y
# reboot if necessary

Securing root

Change the root password

ssh [email protected] -p 22
passwd root

Create a new user

adduser gabriele

Disable root ssh access

nano /etc/ssh/sshd_config
# find the line: PermitRootLogin yes and change it to
PermitRootLogin no
# restart ssh
/etc/init.d/ssh restart
exit

Check that root cannot login

ssh [email protected] -p 22
# after using the password you should see this message
Permission denied, please try again.

Login with another user

ssh [email protected] -p 22
su - root

Secure ssh

Change ssh port

nano /etc/ssh/sshd_config
# change the line Port 22 to something else
Port 2222
# close the ssh connection and connect using the new port
ssh [email protected] -p 2222

Generate keys for ssh connection

(Arch linux reference)

On the local client machine

ssh-keygen -t ed25519 -C "$(whoami)@$(hostname)-$(date -I)"
# change the key name adding the server name
Enter file in which to save the key (/home/zap/.ssh/id_ed25519): /home/zap/.ssh/id_ed25519_servername
# put a nice passphrase
# copy the public key to the VPS
ssh-copy-id -i ~/.ssh/id_ed25519_servername -p 2222 [email protected]

On the server check that the key was copied

cat ~/.ssh/authorized_keys

Try a connection using the key

ssh [email protected] -p 2222 -i ~/.ssh/id_ed25519_servername

Disable password login

su -c nano /etc/ssh/sshd_config
# Change
PasswordAuthentication no

Add the key to ssh-agent

Optional

On a secure machine it is possible to add the key to the agent

ssh-add ~/.ssh/id_ed25519_servername
  Enter passphrase for /home/zap/.ssh/id_ed25519_servername:
  Identity added: /home/zap/.ssh/id_ed25519_servername (comment)

Now to connect no password or passphrase is required

ssh [email protected] -p 2222

Setup docker

Offical instruction

Login as root

Add backport repository

vim /etc/apt/sources.list
# uncomment or add the following lines
# deb http://deb.debian.org/debian stretch-backports main contrib non-free
# deb-src http://deb.debian.org/debian stretch-backports main contrib non-free
wq
apt update

Add support for https repository

apt-get install \
  apt-transport-https \
  ca-certificates \
  curl \
  gnupg2 \
  software-properties-common

Add docker GPG key

curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -

Verify that the key fingerprint is 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88

apt-key fingerprint 0EBFCD88

pub   rsa4096 2017-02-22 [SCEA]
      9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
uid           [ unknown] Docker Release (CE deb) <[email protected]>
sub   rsa4096 2017-02-22 [S]

Add the stable docker repository

add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"

Update and install docker-ce

apt update
apt install docker-ce

Test that docker is working

docker run hello-world

Enable at startup

# check if it is not enabled
systemctl is-enabled docker.service
# eventually enable it
systemctl enable docker.service