Menu
Article Linux

Linux Server Build Walkthrough

Matt Pogue

Matt Pogue

• 5 min read
Linux Server Build Walkthrough

Hello fellow admins! It's been a while, but I'm back in the saddle to discuss a foundational tool that should be in every admin's toolbox - the standard server build. My hope is that you can use this article as the basis for a standard build of your own, whether in the lab or in Production. First, a caveat - this article will cover a standard Linux build using Debian, intended for use as a server. That being said, the process could be easily modified for different Linux distributions or even Windows. If you're like me and you don't build servers enough to spend time on a standard server image, the important part is to develop a process that's easily repeatable. Let's get to it!

Step 1 - Configuring the Hardware

For the purpose of this walkthrough, we'll be installing Debian 12.8 on a guest virtual machine running atop Proxmox 8.2, however, the process can be applied to bare metal just as easily.

Side note: Dell is my preferred server hardware vendor, for both price and reliability, but if your budget won't support new hardware, check out the deals available at Dell Refurbished.

Debian Linux in 2024 can handle most any hardware change you throw its way, unless it's something really exotic. However, you'll obviously want to carefully plan your disk and filesystem layout ahead of time, as a change to either usually means a rebuild; rather than letting the installer configure it automatically, I always choose manual filesystem layout. While there are about a million different ways to lay out your filesystems, there's no one right way to do it (though there are a number of wrong ways to do it). Here's what I've settled on after years of tinkering:

  • /boot - 512 MB, ext4 filesystem
  • swap - 1024 MB
  • / - remaining space, configured as an LVM volume group on top of a single LVM physical volume. This allows for flexibility down the road.

I would also recommend finalizing the hardware to the extent possible before beginning the install, as Linux has a habit of changing hardware IDs (e.g. eth0 might become eth1 with the addition of a new network card) when new hardware is added. Also, I don't cover it here because I don't use it frequently, but Linux does support EFI, TPM, and secure boot and that's definitely a decision to make before you start installing. You can technically change it later, but it won't be easy.

Now that your hardware is prepped, let's start the install process.

Step 2 - Installation Media

When choosing your installation media from the various downloads available, you're always, always, always better off to start small and add on vs. starting with an "everything but the kitchen sink" install image and removing packages later (or even worse, leaving them all intact). In Debian's case, my preferred install media is the one labeled "64-bit PC netinst iso" on the Debian website. Grab the media and prep it using Rufus or the install media creator of your choice.

Step 3 - The Install

I'm not going to screenshot the entire install process, but I will leave you with a few tips:

  • As mentioned previously, choose "Manual" partitioning, and then partition your disk(s) using the scheme you decided on in Step 1.
  • When choosing a Debian mirror, I usually pick one about halfway down the list, but I'm not sure it matters anymore.
  • Most Important: when prompted which packages to install, uncheck everything except "SSH Server"; NO desktops, NO standard packages, NO print server/web server (even if you'll need one later). This gives you the smallest possible installation as a starting point from which to add everything you need.
  • If you DO want to create a standard image, it should be created before moving to the next step.

Step 4 - Post-Install Setup

Note: if you're planning to create an image to accompany your standard build, this is the point in the process to do it. At this point, you should have root's password set and a hostname assigned, but still be on a dynamic IP. It's easy enough to set a "generic" hostname here, take a snapshot/backup, then change the hostname back and continue. If you do create a standard image at this point, and/or if you've built your system from a standard image, all you need to do to bring the system up to date is perform an apt-update && apt dist-upgrade. You can then continue with the steps below.

I keep my build instructions in a text file that I refer to from this point forward (a copy of which is located in The Solo Admin's Github repository under the "posts/linux-server-build-walkthrough" folder) and I'm not going to go through the whole thing step-by-step, but I will include a few of the key points here:

  • My first steps are:
    • Configure a static IPv4 address
    • Modify GRUB to provide a higher screen resolution (reboot)
    • Configure SSH, including authorized_keys for root along with a customized /etc/ssh/sshd_config (I'll leave building a customized config as an exercise for the reader).
    • Run apt-update to get latest Debian repo, then install basic packages: 
apt install vim wget curl net-tools iproute2 man tcpdump dnsutils grc rsync telnet ncat zip unzip mlocate sudo letsencrypt lynx pandoc htop lsof strace git nmap linuxlogo hwinfo screen tmux fio gnupg
    • Copy all remaining standard config files, most importantly: .vimrc and .bashrc (see my previous article for info and a link to my standard .bashrc)
    • Configure vim as my default editor:
update-alternatives --config editor # choose "vim.basic" from the list
    • Disable IPv6 (this is a topic for future review, as I'm looking at IPv6 for 2025)
    • Install and configure btop (I prefer to install from source using these instructions, but it can also be installed using apt).
    • Install other miscellaneous packages like lets-encrypt, nullmailer, etc.
  • After the previous steps, I reboot once more and check dmesg to make sure I'm not getting any boot errors.

Step 5 - Wrap-Up and Next Steps

With any luck, you've now got a Debian Linux server that's ready to be further customized as needed. My first step is to ensure that SSH login as root via public key authentication is working as expected. If this is a lab/personal machine, at this point I will also create a non-privileged local user account, configure sudo and verify it's working, and verify that the account can be logged into via SSH with public key authentication; if so, I will disable root login via SSH entirely. However, if this is a Production machine, my next step is configuring Active Directory authentication, which we'll walk through in my next post.

As always, if you're stuck and need help, or if there's anything I typo'ed or left out of the process, please don't hesitate to email me - matt@thesoloadmin.com.

Share