Skip to content

1️⃣ System Preparation

Step 1 — Update and Upgrade System Packages

sudo apt update
sudo apt upgrade -y
sudo apt autoremove -y

Note: Some services may restart automatically after upgrade. Restart any critical ones if needed.

Step 2 — Install Essential Tools

sudo apt install -y curl wget git ufw

Step 3 — Set Timezone and Synchronize Time

sudo timedatectl set-timezone America/New_York

Note: Ubuntu uses systemd-timesyncd for NTP by default. Set your local timezone (run timedatectl list-timezones to find yours) so Gunbot timestamps display correctly.

2️⃣ User and Permissions Setup

Step 1 — Create Gunbot User

sudo adduser --disabled-password --gecos "" gunbot

Note: This creates a passwordless user account intended for running Gunbot services securely without direct login.

Step 2 — Add Gunbot User to sudoers

sudo usermod -aG sudo gunbot

Note: Adding Gunbot to the sudo group allows managing services, logs, and SSL updates. For least privilege, use this sudoers rule to restrict commands without password:

echo "gunbot ALL=(ALL) NOPASSWD: /bin/systemctl, /usr/bin/journalctl, /usr/bin/certbot" | sudo tee /etc/sudoers.d/gunbot

Step 3 — Setup SSH Access for Gunbot User

sudo mkdir /home/gunbot/.ssh
sudo nano /home/gunbot/.ssh/authorized_keys
sudo chown -R gunbot:gunbot /home/gunbot/.ssh
sudo chmod 700 /home/gunbot/.ssh
sudo chmod 600 /home/gunbot/.ssh/authorized_keys

Note: Verify SSH access for the Gunbot user before closing your current session.

3️⃣ Firewall Configuration

Step 1 — Enable and Configure UFW

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable
sudo ufw status verbose

Note: Ensure SSH is allowed before enabling UFW (sudo ufw status should show OpenSSH as ALLOW).

Step 2 — Allow SSH and HTTP/HTTPS

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'

Step 3 — Enable UFW

sudo ufw enable

Note: Ensure SSH is allowed before enabling UFW (sudo ufw status should show OpenSSH as ALLOW).

Step 4 — Check UFW Status

sudo ufw status verbose