# Debian 12 Server Setup

## 1. System Update

apt update && apt upgrade -y

## 2. Install Required Tools

apt install curl gnupg2 software-properties-common apt-transport-https ca-certificates lsb-release debian-archive-keyring -y

## 3. Install Nginx

apt install nginx -y

## 4. Install MongoDB

curl -fsSL <https://pgp.mongodb.com/server-6.0.asc> | gpg -o /usr/share/keyrings/mongodb-server-6.0.gpg --dearmor echo "deb \[ signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg ] <http://repo.mongodb.org/apt/debian> $(lsb\_release -cs)/mongodb-org/6.0 main" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list apt update apt install mongodb-org -y systemctl start mongod systemctl enable mongod

## 5. Install Certbot

apt install certbot python3-certbot-nginx -y

## 6. Create Nginx Configuration

nano /etc/nginx/sites-available/yourdomain.com

## Paste this configuration:

server { listen 80; server\_name yourdomain.com [www.yourdomain.com](http://www.yourdomain.com);

```
location / {
    proxy_pass http://localhost:YOUR_APP_PORT;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}
```

}

## 7. Enable Nginx Configuration

ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/ nginx -t systemctl reload nginx

## 8. Setup SSL Certificate

certbot --nginx -d yourdomain.com -d [www.yourdomain.com](http://www.yourdomain.com)

## 9. Configure MongoDB Security

mongosh

## In MongoDB shell:

use admin db.createUser({ user: "adminUser", pwd: "securePassword", roles: \[ { role: "userAdminAnyDatabase", db: "admin" } ] }) exit

## Edit MongoDB config

nano /etc/mongod.conf

## Add these lines:

security: authorization: enabled

## Restart MongoDB

systemctl restart mongod

## 10. Install and Configure UFW Firewall

apt install ufw -y ufw default deny incoming ufw default allow outgoing ufw allow ssh ufw allow 'Nginx Full' ufw enable

### Cloudflare Setup Steps

1. Create Cloudflare account
2. Add domain to Cloudflare
3. Update nameservers at domain registrar with Cloudflare nameservers
4. Add A record pointing to server IP
5. Set SSL/TLS encryption mode to "Full"

### Verification Commands

## Check Nginx status

systemctl status nginx

## Check MongoDB status

systemctl status mongod

## Check SSL certificate

certbot certificates

## Test MongoDB authentication

mongosh --auth

### Maintenance Commands

## System updates

apt update && apt upgrade

## View Nginx logs

tail -f /var/log/nginx/error.log

## View MongoDB logs

tail -f /var/log/mongodb/mongod.log

### Security Checklist

* [ ] Replace 'yourdomain.com' with actual domain
* [ ] Set strong MongoDB passwords
* [ ] Enable automatic system updates
* [ ] Set up MongoDB backups
* [ ] Monitor server logs
* [ ] Install and configure fail2ban
* [ ] Set up log rotation
* [ ] Implement rate limiting
* [ ] Regular security audits

### Best Practices

1. Regular System Updates
   * Run updates weekly
   * Monitor security announcements
   * Keep all software versions current
2. Backup Strategy
   * Daily MongoDB backups
   * Regular configuration backups
   * Test restore procedures
3. Monitoring
   * Check server resources
   * Monitor SSL certificate expiry
   * Watch error logs
   * Set up alerts
4. Security
   * Use SSH keys
   * Strong passwords
   * Regular security scans
   * Keep ports minimal
   * Update firewall rules

### Additional Debian 12 Specific Security

## Install fail2ban

apt install fail2ban -y

## Configure automatic updates

apt install unattended-upgrades apt-listchanges -y dpkg-reconfigure -plow unattended-upgrades

## Secure shared memory

echo "tmpfs /run/shm tmpfs defaults,noexec,nosuid 0 0" >> /etc/fstab

## Enable automatic security updates

nano /etc/apt/apt.conf.d/50unattended-upgrades

### Troubleshooting

Common Issues:

1. Nginx 502 Bad Gateway
   * Check if application is running
   * Verify port numbers
   * Check logs
2. MongoDB Connection Issues
   * Verify authentication details
   * Check MongoDB service status
   * Review firewall rules
3. SSL Certificate Problems
   * Verify Cloudflare settings
   * Check certificate renewal status
   * Confirm DNS records

### Useful Resources

* Nginx Documentation: <https://nginx.org/en/docs/>
* MongoDB Documentation: <https://docs.mongodb.com/>
* Certbot Instructions: <https://certbot.eff.org/>
* Cloudflare Documentation: <https://developers.cloudflare.com/>
* Debian Security Guide: <https://www.debian.org/doc/manuals/securing-debian-manual/>

Remember to replace all placeholder values (yourdomain.com, passwords, ports) with your actual values before using the commands.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hex-docs.gitbook.io/setup/post-install/debian-12-server-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.