User:PMay/Hetzner step by step
(Todo: put description here)
Start and log into the Hetzner Rescue System
- log in to robot: https://robot.your-server.de/
- activate 64bit linux rescue system
- copy and paste the password given to you by the robot
- restart your server
- log in with ssh
# ssh -l root <your_ip_or_hostname>
Disk after Debian LAMP installation
Your disk looks like this after the default debian LAMP installation:
/dev/sda1 1gb swap /dev/sda2 500mb boot /dev/sda3 19gb root
Install the bootstrap system
- now we use the root partition (/dev/sda1) to install the bootstrap system
# mkfs.ext4 /dev/sda1 # mkdir /arch # mount /dev/sda1 /arch
- find a mirror with the 64bit bootstrap system: https://www.archlinux.org/download/ and download it
# cd /arch # curl -O http://ftp.halifax.rwth-aachen.de/archlinux/iso/2019.01.01/archlinux-bootstrap-2019.01.01-x86_64.tar.gz
- check the md5 sum
# md5sum archlinux-bootstrap-2019.01.01-x86_64.tar.gz
- if the md5sum is ok unpack the tar archive
# tar xvfz archlinux-bootstrap-2019.01.01-x86_64.tar.gz
- edit the mirror list - you can use this to check the best mirrors for you: https://www.archlinux.org/mirrorlist/
# nano root.x86_64/etc/pacman.d/mirrorlist
- changeroot into the rescue system
# /arch/root.x86_64/bin/arch-chroot /arch/root.x86_64/
basic installation
- make file system for boot and root
# mkfs.ext4 /dev/sda2 # mkfs.ext4 /dev/sda3
- mount the partitions
# mount /dev/sda3 /mnt # mkdir /mnt/boot # mount /dev/sda2 /mnt/boot
- init the pacman key
# pacman-key --init
- open second ssh console on the rescue system and type
# find / -name foo
- this is to generate some entropy
- continue with
# pacman-key --populate archlinux
- and this this (for some strange reason)
# mkdir /run/shm
- now install the system
# pacstrap /mnt base # pacstrap /mnt base-devel # pacstrap /mnt syslinux # pacstrap /mnt net-tools # pacstrap /mnt openssh
- create fstab
# genfstab -p /mnt >> /mnt/etc/fstab
- chroot again into the new system
# arch-chroot /mnt
- white yout hostname to /etc/hostname
# nano /etc/hostname
- set timezone - for example:
# ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
- create and edit /etc/locale.conf
# nano /etc/locale.conf
- enter
LANG="en_US.UTF-8" LC_TIME="de_DE.UTF-8"
- edit /etc/locale.gen
# nano /etc/locale.gen
- and remove the comments infront of en_US.UTF-8 and de_DE.UTF-8
- run locale-gen
# locale-gen
- run mkinitcpio (and ignore the two warnungs in the fallback section)
# mkinitcpio -p linux
- install syslinux
# syslinux-install_update -i -a -m
Set Passwords and add User
- set password for root
# passwd
- add your normal user
# useradd -m -g users -G wheel -s /bin/bash <your_username>
- set password for the user
# passwd <your_username>
Set DNS
- add DNS names in /etc/resolv.conf
# name /etc/resolv.conf
Configure Network
- create directory
# mkdir /etc/conf.d
- create and edit
# nano /etc/conf.d/network@ens3
- my example config:
address=88.198.159.103 netmask=24 broadcast=88.198.159.111 gateway=88.198.159.97
- create and edit
# /etc/systemd/system/network@.service
- config example:
[Unit] Description=Network connectivity (%i) Wants=network.target Before=network.target BindsTo=sys-subsystem-net-devices-%i.device After=sys-subsystem-net-devices-%i.device [Service] Type=oneshot RemainAfterExit=yes EnvironmentFile=/etc/conf.d/network@%i ExecStart=/usr/bin/ip link set dev %i up ExecStart=/usr/bin/ip addr add ${address}/${netmask} broadcast ${broadcast} dev %i ExecStart=/usr/bin/sh -c 'test -n ${gateway} && /usr/bin/ip route add default via ${gateway}' ExecStop=/usr/bin/ip addr flush dev %i ExecStop=/usr/bin/ip link set dev %i down [Install] WantedBy=multi-user.target
- enable the service
# systemctl enable network@ens3.service
Configure SSH
- enable sshd
# systemctl enable sshd.service
reboot
- log out anf chroots and reboot
# exit # umount /mnt/boot # umount /mnt # exit # reboot
- ... and now pray
Activate Swap
- use fdisk to change partition ID of /dev/sda1 to 82
# fdisk /dev/sda
- create swap and mount it
# mkswap /dev/sda1 # swapon /dev/sda1
- edit fstab
# nano /etc/fstab
- and add this at bottom
/dev/sda1 none swap defaults 0 0
Next Steps
- check if /etc/resolv.conf sill has the right values - it might be getting lost
- secure ssh - see:
- configure firewall