Cloud - 2. Настройка VDS. Docker, nftables

Linux от Дмитрия

23 Apr 202518:05

Summary

TLDRIn this tutorial, the presenter demonstrates setting up Docker, configuring NF Tables, and pre-installing Engins on a server. After logging in and updating the system, Docker is installed, and firewall rules are modified to prevent Docker's default rules from conflicting with NF Tables. The video also covers configuring SSH, modifying ports, and managing firewall rules effectively. The presenter ensures the server is properly set up and secure, with plans to install applications in Docker and set up domain certificates in the next video.

Takeaways

😀 Docker installation is explained with a focus on ensuring compatibility with both Debian and Ubuntu systems.
😀 The script recommends configuring aliases and making specific edits to the bash profile to streamline commands.
😀 It's important to update the machine and ensure all packages are up-to-date before proceeding with configurations.
😀 After updating, the server is rebooted to apply changes and ensure a clean environment for further tasks.
😀 A folder is created to store notes and commands for future reference, ensuring easy access for others.
😀 GitLab access issues are acknowledged, and alternative ways like Yandex Disk are provided for sharing files.
😀 The NF Tables firewall configuration is covered, with specific ports being opened (22, 80, and 443) for the system to function properly.
😀 The video addresses the challenges Docker can cause with IP tables, suggesting a workaround by creating a unique table to prevent conflicts.
😀 SSH port is changed to 1022 for security, but some challenges are encountered when trying to log in, especially with Ubuntu's configuration.
😀 In the end, the machine's firewall rules are validated to ensure Docker rules do not get overridden and everything is functioning as expected.

Q & A

What is the main purpose of the video?
-The video primarily covers the installation of Docker, configuration of NF Tables (firewall), and pre-installation of Engins on a server.
Why does the presenter suggest using root user for configuration?
-The presenter recommends using the root user for configuration in Ubuntu because it offers better control and is more efficient compared to using a subuser for certain system-level tasks.
What updates are made to the system in the video?
-The system is updated by upgrading 72 packages, followed by a reboot of the server to apply the updates.
What does the presenter mean by 'modding' in the video?
-In the video, 'modding' refers to making custom modifications or edits to configuration files, aliases, or other system settings, which are shared through a GitLab script.
How does the presenter handle the issue of Docker overriding firewall rules?
-The presenter tackles this issue by configuring NF Tables rules separately and ensuring that Docker’s rules don't interfere with the custom firewall settings by creating a unique table for the firewall configuration.
What are the key ports that the presenter opens for the system?
-The key ports opened are 22 (SSH), 80 (HTTP), and 443 (HTTPS), allowing basic server management and web traffic.
What is the purpose of creating a custom table in NF Tables?
-A custom table in NF Tables is created to ensure that the firewall rules are applied separately from Docker’s rules, preventing interference between the two systems.
Why is SSH port 22 changed to 1022 in the script?
-The SSH port is changed to 1022 for security reasons, potentially avoiding conflicts with default SSH settings and making the server more secure.
What troubleshooting step does the presenter take when SSH isn't working as expected?
-The presenter attempts to troubleshoot by checking the firewall rules and port configurations and tries rebooting the machine several times to ensure the SSH settings are applied correctly.
What future plans does the presenter mention for the next video?
-In the next video, the presenter plans to install applications in Docker, configure Engins, obtain SSL certificates for domains, and demonstrate setting up password protection for a website.