Not using Ubuntu 18.04? Choose a different OS:
Ubuntu Server Setup on Google Cloud Platform. When you first configure your VM Instance in Google Compute Engine, there are few steps to be done as a basic setup.
This guide demonstrates how to manually configure the new Ubuntu 18.04 server in Compute Engine.
Prerequisites
- Your Compute Engine Instance running.
- For setting up Compute Engine, see the Setting up Compute Engine Instance.
Server Setup
Once your server is up and running, SSH into your VM Instance and perform the following steps.
Once you create a VM Instance in Google Cloud a new user is created automatically by Google, so you need not
Update the server
Start by updating the packages and upgrading them to the latest on your new server.
sudo apt update sudo apt upgrade
Setup Password
It’s recommended to setup a password for the user you currently logged in. This is because if you have locked out of your SSH or cannot access SSH, you need to use the serial port console to access your instance and recover your SSH.
To access your instance your Serial Port Console you need to enter the username and password to log in. So let’s set up a password for your user with the following command.
sudo passwd
You will be prompted to enter password and confirm your password. Once done you can set up basic firewall.
Basic Firewall setup
Ubuntu can use Uncomplicated Fire Wall (UFW) to allow connections to certain services. You can see all available applications with the following command.
sudo ufw app list
Output
Available applications:
OpenSSH
We need to make firewall to allow SSH connections so that we can access the instance by SSH.
sudo ufw allow OpenSSH
Now SSH port 22 is allowed for connections in your instance. Now we can enable firewall.
sudo ufw enable
Type y
followed by Enter
to enable UFW.
You can view the allowed connections with the following command.
sudo ufw status
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Now Firewall is enabled and blocks all connections except SSH. So, if you install and configure additional services you need to allow connections to accept traffic.
Set up Fail2Ban
Fail2Ban is a tool which works alongside with Firewall and blocks the offending host for a period of time. It adds the IP Address which shows malicious host to your firewall rules.
sudo apt install fail2ban
sudo service fail2ban start
Done! Once this setup is done you install any applications on your Google Cloud VM Instance.