Debian 12 Server Setup
1. System Update
apt update && apt upgrade -y
2. Install Required Tools
apt install curl gnupg2 software-properties-common apt-transport-https ca-certificates lsb-release debian-archive-keyring -y
3. Install Nginx
apt install nginx -y
4. Install MongoDB
curl -fsSL https://pgp.mongodb.com/server-6.0.asc | gpg -o /usr/share/keyrings/mongodb-server-6.0.gpg --dearmor echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg ] http://repo.mongodb.org/apt/debian $(lsb_release -cs)/mongodb-org/6.0 main" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list apt update apt install mongodb-org -y systemctl start mongod systemctl enable mongod
5. Install Certbot
apt install certbot python3-certbot-nginx -y
6. Create Nginx Configuration
nano /etc/nginx/sites-available/yourdomain.com
Paste this configuration:
server { listen 80; server_name yourdomain.com www.yourdomain.com;
}
7. Enable Nginx Configuration
ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/ nginx -t systemctl reload nginx
8. Setup SSL Certificate
certbot --nginx -d yourdomain.com -d www.yourdomain.com
9. Configure MongoDB Security
mongosh
In MongoDB shell:
use admin db.createUser({ user: "adminUser", pwd: "securePassword", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] }) exit
Edit MongoDB config
nano /etc/mongod.conf
Add these lines:
security: authorization: enabled
Restart MongoDB
systemctl restart mongod
10. Install and Configure UFW Firewall
apt install ufw -y ufw default deny incoming ufw default allow outgoing ufw allow ssh ufw allow 'Nginx Full' ufw enable
Cloudflare Setup Steps
Create Cloudflare account
Add domain to Cloudflare
Update nameservers at domain registrar with Cloudflare nameservers
Add A record pointing to server IP
Set SSL/TLS encryption mode to "Full"
Verification Commands
Check Nginx status
systemctl status nginx
Check MongoDB status
systemctl status mongod
Check SSL certificate
certbot certificates
Test MongoDB authentication
mongosh --auth
Maintenance Commands
System updates
apt update && apt upgrade
View Nginx logs
tail -f /var/log/nginx/error.log
View MongoDB logs
tail -f /var/log/mongodb/mongod.log
Security Checklist
Best Practices
Regular System Updates
Run updates weekly
Monitor security announcements
Keep all software versions current
Backup Strategy
Daily MongoDB backups
Regular configuration backups
Test restore procedures
Monitoring
Check server resources
Monitor SSL certificate expiry
Watch error logs
Set up alerts
Security
Use SSH keys
Strong passwords
Regular security scans
Keep ports minimal
Update firewall rules
Additional Debian 12 Specific Security
Install fail2ban
apt install fail2ban -y
Configure automatic updates
apt install unattended-upgrades apt-listchanges -y dpkg-reconfigure -plow unattended-upgrades
Secure shared memory
echo "tmpfs /run/shm tmpfs defaults,noexec,nosuid 0 0" >> /etc/fstab
Enable automatic security updates
nano /etc/apt/apt.conf.d/50unattended-upgrades
Troubleshooting
Common Issues:
Nginx 502 Bad Gateway
Check if application is running
Verify port numbers
Check logs
MongoDB Connection Issues
Verify authentication details
Check MongoDB service status
Review firewall rules
SSL Certificate Problems
Verify Cloudflare settings
Check certificate renewal status
Confirm DNS records
Useful Resources
Nginx Documentation: https://nginx.org/en/docs/
MongoDB Documentation: https://docs.mongodb.com/
Certbot Instructions: https://certbot.eff.org/
Cloudflare Documentation: https://developers.cloudflare.com/
Debian Security Guide: https://www.debian.org/doc/manuals/securing-debian-manual/
Remember to replace all placeholder values (yourdomain.com, passwords, ports) with your actual values before using the commands.
Last updated