Your go-to resource for quick Linux service installations.
Install Docker and run a basic Nginx web server or a tiny Python app.
sudo apt update
sudo apt install docker.io -y
sudo systemctl start docker
sudo systemctl enable docker
sudo usermod -aG docker $USER
# Log out and log back in for group changes to take effect
docker run --name my-nginx -p 80:80 -d nginx
# Access Nginx at http://your_server_ip
docker run -d -p 5000:5000 --name my-python-app python:3.9-slim-buster sh -c "echo 'from flask import Flask\napp = Flask(__name__)\[email protected](\"/\")\ndef hello():\n return \"Hello from Docker!\"\nif __name__ == \"__main__\":\n app.run(host=\"0.0.0.0\", port=5000)' > app.py && pip install Flask && python app.py"
# Access the Python app at http://your_server_ip:5000
Install phpMyAdmin for easy management of your MySQL databases.
sudo apt update
sudo apt install apache2 mysql-server php libapache2-mod-php php-mysql -y
sudo apt install phpmyadmin -y
# During phpMyAdmin installation, choose 'apache2' when prompted for web server and configure database if asked.
sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
sudo a2enconf phpmyadmin
sudo systemctl reload apache2
# Access phpMyAdmin at http://your_server_ip/phpmyadmin
Install Node.js and npm using NVM (Node Version Manager) for flexible version management.
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
# Close and reopen your terminal, or run the following to load NVM:
export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
nvm install node # Installs the latest stable Node.js version
nvm use node
node -v
npm -v
Ensure Python 3, pip, and venv are installed for development.
sudo apt update
sudo apt install python3-pip -y
sudo apt install python3-venv -y
python3 --version
pip3 --version
Install PHP and common extensions for web development.
sudo apt update
sudo apt install php libapache2-mod-php php-cli php-mysql php-curl php-json php-gd php-mbstring php-xml php-zip -y
php -v
A step-by-step guide to install WordPress on your Linux server.
sudo apt update
sudo apt install apache2 mysql-server php libapache2-mod-php php-mysql -y
sudo mysql -u root -p
# Enter MySQL root password when prompted, then paste the following commands:
CREATE DATABASE wordpress_db;
CREATE USER 'wordpress_user'@'localhost' IDENTIFIED BY 'your_strong_password';
GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wordpress_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;
# IMPORTANT: Replace 'your_strong_password' with a strong password!
cd /tmp
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
sudo mv wordpress /var/www/html/wordpress
sudo chown -R www-data:www-data /var/www/html/wordpress
sudo chmod -R 755 /var/www/html/wordpress
sudo nano /etc/apache2/sites-available/wordpress.conf
# Paste the following into the file, then save and exit (Ctrl+O, Enter, Ctrl+X):
# <VirtualHost *:80>
# ServerAdmin webmaster@localhost
# DocumentRoot /var/www/html/wordpress
# ErrorLog ${APACHE_LOG_DIR}/error.log
# CustomLog ${APACHE_LOG_DIR}/access.log combined
# <Directory /var/www/html/wordpress/>
# AllowOverride All
# </Directory>
# </VirtualHost>
sudo a2ensite wordpress.conf
sudo a2enmod rewrite
sudo systemctl reload apache2
# Now, open your web browser and navigate to http://your_server_ip/wordpress to complete the installation.
Choose between OpenVPN or WireGuard to set up your VPN server.
wget https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh
sudo chmod +x openvpn-install.sh
sudo ./openvpn-install.sh
# Follow the on-screen prompts to configure your OpenVPN server and create client profiles.
sudo apt update
sudo apt install wireguard -y
umask 077; wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey
# Get your server's private key:
SERVER_PRIVATE_KEY=$(sudo cat /etc/wireguard/privatekey)
# Get your server's public key (for client config):
SERVER_PUBLIC_KEY=$(sudo cat /etc/wireguard/publickey)
# Create WireGuard configuration file:
sudo nano /etc/wireguard/wg0.conf
# Paste the following into the file, replacing <server_private_key> with the key you got above:
# <Interface>
# PrivateKey = <server_private_key>
# Address = 10.0.0.1/24
# ListenPort = 51820
# PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
# </Interface>
# Save and exit (Ctrl+O, Enter, Ctrl+X).
sudo nano /etc/sysctl.conf
# Uncomment or add: net.ipv4.ip_forward=1
# Save and exit (Ctrl+O, Enter, Ctrl+X).
sudo sysctl -p
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo wg show wg0
# For client configuration, you'll need the server's public key (from above) and a new client private/public key pair.
# Example client config (replace placeholders):
# [Interface]
# PrivateKey = <client_private_key>
# Address = 10.0.0.2/32
# DNS = 8.8.8.8
#
# [Peer]
# PublicKey = <server_public_key>
# Endpoint = your_server_ip:51820
# AllowedIPs = 0.0.0.0/0
# PersistentKeepalive = 25
Advanced configurations and alternative web servers.
sudo nano /etc/apache2/sites-available/your_domain.conf
# Paste the following, replace your_domain.com and /var/www/your_domain:
# <VirtualHost *:80>
# ServerAdmin webmaster@your_domain.com
# ServerName your_domain.com
# ServerAlias www.your_domain.com
# DocumentRoot /var/www/your_domain
# ErrorLog ${APACHE_LOG_DIR}/error.log
# CustomLog ${APACHE_LOG_DIR}/access.log combined
# </VirtualHost>
# Save and exit.
sudo a2ensite your_domain.conf
sudo a2dissite 000-default.conf # Optional: Disable default site
sudo systemctl reload apache2
sudo nano /etc/nginx/sites-available/your_domain.conf
# Paste the following, replace your_domain.com and /var/www/your_domain:
# server {
# listen 80;
# listen [::]:80;
# server_name your_domain.com www.your_domain.com;
# root /var/www/your_domain;
# index index.html index.htm index.nginx-debian.html;
# location / {
# try_files $uri $uri/ =404;
# }
# }
# Save and exit.
sudo ln -s /etc/nginx/sites-available/your_domain.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
sudo apt update
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d your_domain.com -d www.your_domain.com
# Follow the prompts.
sudo apt update
sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache -d your_domain.com -d www.your_domain.com
# Follow the prompts.
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy -y
sudo systemctl enable caddy --now
Install various database systems and caching solutions.
sudo apt update
sudo apt install postgresql postgresql-contrib -y
sudo systemctl enable postgresql --now
sudo -i -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'your_new_password';"
# IMPORTANT: Replace 'your_new_password'
sudo -i -u postgres psql
# Inside psql:
CREATE DATABASE my_database;
CREATE USER my_user WITH PASSWORD 'my_user_password';
GRANT ALL PRIVILEGES ON DATABASE my_database TO my_user;
\q
# IMPORTANT: Replace names and password
sudo apt update
sudo apt install gnupg curl -y
curl -fsSL https://www.mongodb.org/static/pgp/server-6.0.asc | sudo gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg ] https://repo.mongodb.org/apt/ubuntu $(lsb_release -cs)/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
sudo apt update
sudo apt install -y mongodb-org
sudo systemctl enable mongod --now
sudo apt update
sudo apt install redis-server -y
sudo systemctl enable redis-server --now
sudo apt update
sudo apt install sqlite3 -y
sudo apt update
sudo apt install memcached libmemcached-tools -y
sudo systemctl enable memcached --now
Install various programming languages and their environments.
sudo apt update
sudo apt install curl gpg -y
curl -sSL https://rvm.io/mpapis.asc | gpg --import -
curl -sSL https://rvm.io/pkuczynski.asc | gpg --import -
curl -sSL https://get.rvm.io | bash -s stable --ruby
# Close and reopen terminal or source RVM:
source ~/.rvm/scripts/rvm
rvm install ruby --latest
rvm use ruby --latest --default
ruby -v
gem -v
sudo apt update
sudo apt install golang-go -y
go version
sudo apt update
sudo apt install curl -y
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Follow the prompts (usually option 1 for default installation).
# Close and reopen terminal or source cargo:
source "$HOME/.cargo/env"
rustc --version
cargo --version
sudo apt update
sudo apt install openjdk-17-jdk -y
java -version
javac -version
sudo apt update
sudo apt install perl -y
perl -v
Install tools for code management and project building.
sudo apt update
sudo apt install git -y
git --version
git config --global user.name "Your Name"
git config --global user.email "[email protected]"
sudo apt update
sudo apt install subversion -y
svn --version
sudo apt update
sudo apt install maven -y
mvn -version
sudo apt update
sudo apt install gradle -y
gradle -v
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt update
sudo apt install yarn -y
yarn --version
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === 'e21205b207c3ffce0319d82357da182df15f0de360e4cd88beec5f95ab95f6fe8bc0fb40af1b6d11981f46abf2a0b83b') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
php -r "unlink('composer-setup.php');"
composer --version
Tools for system monitoring and log management.
sudo apt update
sudo apt install wget -y
wget https://github.com/prometheus/prometheus/releases/download/v2.45.0/prometheus-2.45.0.linux-amd64.tar.gz
tar xvfz prometheus-2.45.0.linux-amd64.tar.gz
sudo mv prometheus-2.45.0.linux-amd64 /opt/prometheus
# Create user, directories, and systemd service file (manual steps after this)
sudo apt update
sudo apt install -y apt-transport-https software-properties-common wget
sudo mkdir -p /etc/apt/keyrings/
wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee /etc/apt/sources.list.d/grafana.list
sudo apt update
sudo apt install grafana -y
sudo systemctl enable grafana-server --now
# Elasticsearch
sudo apt update
sudo apt install apt-transport-https ca-certificates curl -y
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt update
sudo apt install elasticsearch -y
sudo systemctl enable elasticsearch --now
# Kibana
sudo apt install kibana -y
sudo systemctl enable kibana --now
# Logstash
sudo apt install logstash -y
sudo systemctl enable logstash --now
sudo apt update
sudo apt install zabbix-agent -y
# Edit /etc/zabbix/zabbix_agentd.conf for Server= and Hostname=
sudo systemctl enable zabbix-agent --now
sudo apt update
sudo apt install curl -y
bash <(curl -Ss https://my-netdata.io/kickstart.sh)
# Follow the prompts.
sudo nano /etc/rsyslog.conf
# Uncomment or add:
# $ModLoad imudp
# $UDPServerRun 514
# $ModLoad imtcp
# $InputTCPServerRun 514
sudo systemctl restart rsyslog
Tools for automating tasks and managing containers.
sudo apt update
sudo apt install software-properties-common -y
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible -y
ansible --version
sudo apt update
sudo apt install apt-transport-https curl -y
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt update
sudo apt install kubectl -y
kubectl version --client
sudo apt update
sudo apt install curl -y
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb
sudo dpkg -i minikube_latest_amd64.deb
minikube version
# Start minikube: minikube start
sudo apt update
sudo apt install docker-compose -y
docker-compose --version
Set up file sharing and transfer capabilities.
sudo apt update
sudo apt install samba -y
sudo systemctl enable smbd nmbd --now
# Add a Samba user: sudo smbpasswd -a your_username
# Edit /etc/samba/smb.conf to add share definitions.
sudo apt update
sudo apt install nfs-kernel-server -y
sudo mkdir -p /mnt/nfs_share
sudo chown nobody:nogroup /mnt/nfs_share
sudo chmod 777 /mnt/nfs_share
# Edit /etc/exports to define shares:
# /mnt/nfs_share your_client_ip(rw,sync,no_subtree_check)
sudo exportfs -a
sudo systemctl restart nfs-kernel-server
# Sync local directory to remote
rsync -avz /path/to/local/dir user@remote_host:/path/to/remote/dir
# Sync remote directory to local
rsync -avz user@remote_host:/path/to/remote/dir /path/to/local/dir
Enhance your system's security with these tools.
sudo apt update
sudo apt install ufw -y
sudo ufw enable
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw status verbose
sudo apt update
sudo apt install fail2ban -y
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# Edit /etc/fail2ban/jail.local to configure jails.
sudo systemctl enable fail2ban --now
sudo apt update
sudo apt install clamav clamav-daemon -y
sudo systemctl stop clamav-freshclam
sudo freshclam
sudo systemctl start clamav-freshclam
# Scan a directory: sudo clamscan -r /path/to/scan
sudo nano /etc/ssh/sshd_config
# Change Port 22 to a non-standard port (e.g., Port 2222)
# PermitRootLogin no
# PasswordAuthentication no (if using SSH keys)
# UsePAM no
# AllowUsers your_username
# Save and exit.
sudo systemctl restart ssh
Set up basic email and messaging services.
sudo apt update
sudo apt install postfix -y
# During installation, choose 'Internet Site' and enter your domain name.
sudo systemctl enable postfix --now
sudo apt update
sudo apt install dovecot-imapd dovecot-pop3d -y
sudo systemctl enable dovecot --now
sudo apt update
sudo apt install rabbitmq-server -y
sudo systemctl enable rabbitmq-server --now
sudo rabbitmq-plugins enable rabbitmq_management
sudo systemctl restart rabbitmq-server
# Access management UI at http://your_server_ip:15672 (default guest/guest)
Essential tools for system administration and daily tasks.
sudo apt update
sudo apt install htop -y
sudo apt update
sudo apt install ncdu -y
sudo apt update
sudo apt install tree -y
sudo apt update
sudo apt install tmux -y
sudo apt update
sudo apt install screen -y
crontab -e
# Add a new line for your job (e.g., run a script daily at 2 AM):
# 0 2 * * * /path/to/your/script.sh
# Save and exit.
sudo nano /etc/logrotate.d/your_app
# Example for /var/log/your_app/*.log:
# /var/log/your_app/*.log {
# daily
# missingok
# rotate 7
# compress
# delaycompress
# notifempty
# create 0640 www-data www-data
# sharedscripts
# postrotate
# systemctl reload your_app_service > /dev/null
# endscript
# }
# Save and exit.
sudo apt update
sudo apt install wget curl -y
sudo apt update
sudo apt install vim -y
# For Neovim:
sudo apt install neovim -y
sudo apt update
sudo apt install zsh -y
chsh -s $(which zsh)
# Log out and back in.
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
sudo apt update
sudo apt install ffmpeg -y
ffmpeg -version
sudo apt update
sudo apt install imagemagick -y
convert --version
sudo apt update
sudo apt install gzip unzip -y
Implement advanced protection to prevent DDoS attacks on your server.
# Allow established connections
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Drop invalid packets
sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
# Limit new SSH connections to prevent brute force
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
# Limit HTTP/HTTPS connections (SYN-ACK flood protection)
sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
# Drop XMAS and NULL packets
sudo iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
sudo iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# Save iptables rules (for Ubuntu/Debian, install iptables-persistent first)
# sudo apt install iptables-persistent -y
# sudo netfilter-persistent save
sudo nano /etc/sysctl.conf
# Add or uncomment the following lines:
# net.ipv4.tcp_syncookies = 1
# net.ipv4.tcp_max_syn_backlog = 4096
# net.ipv4.tcp_synack_retries = 2
# net.ipv4.tcp_max_tw_buckets = 2000000
# net.ipv4.tcp_tw_reuse = 1
# net.ipv4.tcp_fin_timeout = 30
# net.ipv4.ip_local_port_range = 1024 65535
# Save and exit.
sudo sysctl -p
Nginx can be configured to limit the rate of requests from a single IP address, helping to mitigate Layer 7 (HTTP) DDoS attacks. For advanced captcha integration, consider using a CDN like Cloudflare.
# First, ensure Nginx is installed (see "Nginx Server Block Setup" in Web Servers section).
# Edit Nginx configuration (e.g., /etc/nginx/nginx.conf or a site-specific config)
sudo nano /etc/nginx/nginx.conf
# Add this inside the 'http {' block to define a rate limit zone:
# limit_req_zone $binary_remote_addr zone=mylimit:10m rate=5r/s;
#
# Then, inside your 'server {' block or 'location / {' block for the site you want to protect:
# limit_req zone=mylimit burst=10 nodelay;
#
# Explanation:
# - zone=mylimit:10m: Defines a 10MB shared memory zone named 'mylimit'.
# - rate=5r/s: Allows an average of 5 requests per second.
# - burst=10: Allows bursts of up to 10 requests over the defined rate.
# - nodelay: If burst is exceeded, requests are immediately dropped (instead of delayed).
# Save and exit.
sudo nginx -t
sudo systemctl reload nginx
DDoS Deflate is a lightweight bash script designed to help block DDoS attacks. It monitors connections and blocks IPs with too many connections.
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod +x install.sh
sudo ./install.sh
# The script will guide you through the installation.
# Configuration file: /etc/ddos/ddos.conf
# Important variables to adjust:
# - NO_OF_CONNECTIONS: Max connections per IP (default 150)
# - BAN_PERIOD: How long to ban an IP (default 600 seconds)
# - EMAIL_TO: Email for notifications
# View active connections and their states
sudo netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
sudo ss -tunap | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
# Real-time traffic analysis (install tcpdump first: sudo apt install tcpdump -y)
sudo tcpdump -n -i eth0 host not your_server_ip and port 80 or port 443
# Replace 'eth0' with your network interface and 'your_server_ip' with your server's IP.
Welcome to your ultimate resource for Linux server setup and administration! This page provides a curated collection of ready-to-use commands for installing and configuring a wide range of software and services on your Linux-based systems. Whether you're setting up a web server, a database, a development environment, or enhancing your server's security, you'll find copy-paste friendly commands to streamline your workflow. Our goal is to save you time and effort, making server management accessible and efficient.
Most commands provided here are for Debian-based distributions like Ubuntu. While many commands are universal, some package managers (`apt`) and service management (`systemctl`) might differ on RHEL/CentOS (which use `yum`/`dnf`) or Arch Linux (which uses `pacman`). Always verify commands for your specific distribution.
Yes, most installation and system configuration commands require superuser privileges. You will see `sudo` prefixed to such commands, indicating they need to be run as a root user or a user with `sudo` permissions.
Simply click the "Copy Commands" button below each code block. The text will be automatically copied to your clipboard, ready for pasting into your terminal.
The commands provided are standard installation procedures for popular software. However, it's always recommended to understand what each command does before executing it on your server, especially in a production environment. Backups are always a good idea!
This is a static website, but we appreciate feedback! While direct contributions aren't possible through the site, you can always reach out to GratisVPS.net with your suggestions.