Ubuntu Server 20.04 LTS (Focal Fossa) provides a robust and performant long-term support Linux server platform. With thoughtful installation, configuration and systems management, Ubuntu Server can handle demanding production workloads ranging from web serving to cutting edge container orchestration. This comprehensive 2600+ word guide aims to set up an administrator‘s Ubuntu Server 20.04 system to not only get up and running, but also configure best practices for high traffic loads, security, redundancy and ease of maintenance.
Downloading the Ubuntu Server Installer Image
The first step when installing Ubuntu Server 20.04 is to download an ISO installer image from the official Ubuntu site. Be sure to choose the 64-bit server version, and not the desktop image. The download is approximately 1 GB in size.
With ISO image in hand, we next have to create bootable installation media. This allows us to boot and launch the Ubuntu Server installer on the target server hardware.
Creating Bootable USB Media in Windows and Linux
There are a few options to create Ubuntu Server bootable media – DVD, USB flash drive or even network PXE boot. DVDs have mostly fallen out of favor due to comparatively slow read speeds and the prominence of USB drives. For our purposes, we will use a USB flash drive to burn the ISO and install.
Using Rufus in Windows
On Windows, the easiest way to burn an ISO to USB is by using the Rufus imaging tool. With the Ubuntu Server ISO downloaded and USB drive plugged in, launch Rufus. Make sure to select your USB under "Device", choose the Ubuntu ISO file, and hit Start. Rufus will format and make the drive completely bootable with a boot menu.
The process will take 5-10 minutes usually to finish. Once done, insert this USB drive into your target server and proceed to boot up from it.
Using dd Command on Linux
To create Ubuntu Server media from an existing Linux distribution like Debian or CentOS, we can leverage the powerful dd command. First, run lsblk after inserting your USB to determine the correct device path – for example /dev/sdb.
Next, carefully execute dd to write the ISO byte for byte onto the drive. Be absolutely sure of your target drive (/sdb) before hitting enter!
$ sudo dd if=ubuntu-20.04-live-server-amd64.iso of=/dev/sdb bs=4M status=progressWith dd successfully run, our bootable Ubuntu Server USB is complete and ready. Power on the destination server, hitting F12 or another key during POST to bring up the boot menu. Select boot from the USB drive.
Starting the Ubuntu Server Installer
After booting up the bootable USB media, the GRUB menu appears with choices to launch the installer or try Ubuntu Server first. Select Install Ubuntu Server and hit enter to start.
The installer itself is quite user friendly, allowing configuration of disks, users, network and software selections through an interactive text interface with intuitive navigation and controls.
I recommend connecting the server to wired ethernet if possible for faster updates during install. Wireless configurations can be challenging from the text-based setup. That said if WiFi is your only option don‘t worry, we can configure it properly after first boot.
With internet connectivity in place, let‘s move on to disk setup.
Partitioning Schemes and Filesystem Choices
Now we arrive at the disk partitioning phase. Ubuntu supports both legacy MBR and more modern GPT partitioning. MBR limits us to 4 primary partitions without more complex "extended" logical partitions, so I advise using GPT which has no such limits. This allows maximum flexibility should your partitioning needs change down the road.
You could let Ubuntu automatically partition with LVM or standard partitions, but choosing custom layouts tailored to your specific workload allows improved security and performance. I‘ll outline some common recommendations below.
Web Servers, PHP/Python Apps
For web serving workloads, a simple layout like below works well:
- 512M EFI System Partition (mandatory for UEFI GPT)
- 20G root (/)
- 16G swap partition (2x RAM helps prevent out of memory crashes)
- Remaining free space for /var/www or /home
With a setup like above, you have separation of OS files from user data. The OS cannot fill up the root partition causing problems with updates etc. Sites remain reachable if just the web data fills up by redirecting to a maintenance page.
High Traffic Database Servers
For heavy MySQL or PostgreSQL servers, optimized partitioning helps significantly. Use LVM across the entire disk, further divided:
- 512M EFI partition
- 20GB root (/)
- Double RAM as swap
- 16GB for /var/lib/mysql
- 4GB for /tmp tmpfs
- 4GB for /var/log
- Remaining space as /data with separate LVM volumes per major DB or tablespace
With the above database layout, you avoid noisy neighbor issues by isolating high churn areas via separate mounts. The fast /tmp fs also aids speed.
Once you decide on partitions meeting your performance and redundancy needs, configure them in the Ubuntu installer manually before writing changes to disk.
Considerations for Encryption
If your data requires encryption at rest for compliance or security policy, Ubuntu supports native LUKS encryption for partitions. Keep in mind there are performance impacts depending on CPU, disk speed and workload when adding encryption.
Test in non production first before rollout. In general, focus encryption primarily on user data partitions housing sensitive information. Encrypting entire OS disks complicates recovery administrative when issues arise. Dual boot support also becomes more challenging.
Now that we have a better understanding of partitioning best practices, let‘s move on to networking.
Configuring Networks for Production Loads
Ubuntu configures network connectivity using the Netplan YAML-based config. At install, DHCP is the default for dynamic address assignment. However DHCP leads to unpredictable changing server addresses – unsuitable for production hosting.
While you can opt to set a static IP at install time, I suggest leaving dynamically assigned to simplify wired/wireless troubleshooting if your network is unreachable initially. Once powered on later with connectivity verfied, then better optimize networking.
Here are some key optimizations to plan at install time:
Static IP – Configure a static IP not managed by DHCP after installation to avoid unpredictable IP changes on reboot.
Speed Limits – Increase nic speed limits past default 100 Mbps full duplex via the /etc/network/interfaces file .
Bonding – Setup link aggregation for bandwidth sharing across multiple nics. Configure a bond primary interface with two member interfaces for redundancy.
VLANs – Segment networks by creating 802.1q tagged VLAN subinterfaces, assigning separate VLAN IDs per network. Useful for security zones and network isolation.
WiFi – If stuck on WiFi, choose the 5GHz band rather than 2.4GHz for reduced interference. Test signal levels and use LAN whenever possible however.
Note you may need to tune kernel network parameters later under load such as changing TCP timeouts, TCP fast open queue depths, buffer sizes etc. Testing under load with monitoring allows further optimization.
With network setup planned, let‘s discuss some security considerations.
Improving Security Stance Through Users and SSH
No server is completely secure, but prudent steps go a long way to prevent compromise or data loss. Here are key principles to apply both during install and post boot:
- Avoid root login – Administer via sudo user accounts instead which log actions
- Leverage SSH keys not just passwords – Adds public key encryption
- Install only what you must – Unneeded packages increase attack surface
- Review network services often – Stop and disable unused ones
- Setup unattended security updates – Ubuntu makes this easy
- Monitor logs heavily – Script rotation and forwarding
- Consider IPtables rules – Rate limiting, geo-blocking problem regions
- Fail2ban for repeat offenders – Auto blocks hostile IPs
- Filesystem ACLs to augment permissions – Improves least privilege
Later when logged into our newly provisioned server, we can implement the above including strict SSH key access over VPN or private subnet, removing insecure protocols, password policies and more.
LAMP Stack Configuration
With Ubuntu Server installed to disk, first bootinitialization sets up users and SSH keys. But to serve web apps or websites, Apache or Nginx is necessary with essential LAMP stack components. Ubuntu offers flexibility to choose our exact software versions.
For example, by default Apache 2.4.x is installed, but if your web apps mandate Apache 2.2 compatibility that can configured instead. Need Php 5.3 to run older CMS? Likewise Ubuntu provides packages to support this.
Here are key tuning areas to optimize and secure our LAMP stack:
Apache
- Prefork vs Worker MPM – Match multi-process module to security needs
- Enable only required modules – Reduce attack surface area
- Limit allowed methods, protocols and headers
- Offload static assets to S3/CDN – Reduce server load
- Consider PHP handlers for speed or compatibility
MySQL
- Optimize my.cnf – Set max connections, query cache etc
- Tune table schema for InnoDB performance
- Separate tablespaces for IOPS partitioning
- Master/slave replication for scale and outage tolerance
PHP
- Fine tune opcache and APC settings
- Choose thread safe or regular builds per app
- Enable only required extensions – Avoid unused
There are many other detailed optimizations like PHP FPM for Nginx, Varnish for page caching, memcached to reduce database hits and more. Measure twice, tune once.
Planning Maintenance and Backups
Once spun up with LAMP services provisioned, we adminstrators sometimes hastily move onto the next task, forgetting two crucial items – backups and maintenance.
Backups
No service remains 100% available year after year. Outages large and small eventually strike – both within and outside our control. Mitigate this risk through regular backups at the filesystem, database and application tiers.
Test restoration semi-annually. Partial failures should happen frequently enough that restoration seems rote procedure. Backup media dies however just when most needed, so test backup integrity.
Consider and budget for offsite backups, even tape. Services like AWS S3 Glacier provide very low cost archiving.
Maintenance
Just as dams require ongoing repairs from cracking, so too do servers need periodic maintenance.一次性配置,终生受用 is naive thinking. As they age, disk failures creep in. Performance gradually declines under years of patch upon patch. Rebooting flushes out "leaky" memory from errant processes.
Treat maintenance just as integrals as backups. Maintenance keeps services happily humming for years well past their expected lifetime.
Preparing for High Availability
Despite best efforts mishaps tanto pequeño como grande can strike production servers. Disk failures aside, buggy application code and resource exhaustion also spell trouble. Mitigate and minimize outages through redundancy and monitoring for high availability.
For mission critical systems, eliminate single points failure with dual power supplies, RAID mirroring, failover SAN replication and backup DCs or regions. Open source solutions like Corosync facilitating automatic failover to standbys.
Proactively instrument monitoring before an outage. Timeseries metrics via Prometheus record utilization trends around memory, IOPS and CPU. Graphing helps visualize slow resource leaks indicating trouble ahead.
Alert thresholds trigger well before resources empty, allowing preemptive intervention. Monitor kernel performance with Sysdig. Profile application performance deeply with Flamegraphs requiring no restart while debugging.
By thorough planning, even the most complex application environment achieves resiliency and uptime through informed design.
Virtualization Flexibility
While our preceding Ubuntu guide focuses on bare metal, virtual machines and containers merit consideration. In these scenarios, instead of local storage we connect remote cloud storage like iSCSI volumes. This abstracts the OS from underlying hardware, helpful for bulk cloud provisioning.
Containers especially assist rapid deployment, allowing customization beyond base images. With container orchestrators like Kubernetes, quickly scale identical containers and services across nodes without manual installation. Kubernetes handles networking, configmaps, secrets, storage and scaling simplicity.
Bare metal still has place for certain workloads like batch processing or databases desiring raw disk performance and vertically scaling CPUs. Evaluate cost, staff skills and software needs when choosing virtualization formats.
Concluding Thoughts
We have explored several key planning dimensions to effectively install and post-configure Ubuntu Server 20.04 for production environments. Real world workloads demand performance, resilience and security well beyond textbook examples. Architecting for long-term maintainability separates short-sighted designs from those standing the test of time. Through informed Ubuntu Server administration, both new and seasoned practitioners alike better meet business challenges with operational excellence.
