I’m using ROCK64 at home. ROCK64 is very similar with Raspberry PI 3 with more RAM. Because I want to learn docker, I decide to use my ROCK64 machine as my docker server. I’m using an image created by ayufan. You can download the image in here. I’m using Ubuntu 18.04 Bionic Containers Image (DockerCE & Kubernetes). You need SDcard reader and I recommeded using an application Etcher to burn it.
1. Secure your admin account#
Your default admin account is rock64. It is not a good idea if you want to publish your server to internet with default admin account. So we will rename our administrator account using step below.
First we need to enable root by using below command:
sudo passwd root
Insert your root password. Next, we need to allow root in SSH by changing some settings using below command:
sudo vim /etc/ssh/sshd_config
If you dont see the following line, just add it into the last line:
PermitRootLogin yes
Restart your SSH service using below command:
service sshd restart
Then close all SSH session and re-login using root. Use below command to change your account name and group:
usermod -l <newname> -d /home/<newname> -m <oldname>
groupmod -n <newgroup> <oldgroup>
Next, try to login using new account and change your password:
sudo passwd <newname>
Do not forget to lock your root account using command:
sudo passwd -l root
Change SSH settings back to:
PermitRootLogin no
2. Set your time zone#
Use below command to change your time zone:
sudo dpkg-reconfigure tzdata
Follow the instruction on your screen.
3. Change computer name#
Modify both file below and change your computer name:
sudo vim /etc/hostname
sudo vim /etc/hosts
The changes require reboot, so use below command to reboot:
sudo reboot
4. Install firewall#
To simplify firewall installation we will install Uncomplicated Firewall or UFW. Try below command to check if you already have the application or not
sudo ufw status
If you dont have the application, install it using below command:
sudo apt-get install ufw
Next, we need to allow SSH to our machine using below command:
sudo ufw allow ssh
or you can use below command to allow SSH port (22):
sudo ufw allow 22/tcp
Once you set the firewall rule, you can enable UFW using below command:
sudo ufw enable
There will be a confirmation before you enable firewall.
Press “y” and then enter to apply the changes.
5. Register Dynamic DNS + Port forward#
I’m using cheap internet connection at home and the IP address is changing from time to time. So I need Dynamic DNS to make sure I can contact my server. I try to use No-IP before but it require 30 days re-activation confirmation. I recommend to use FreeDNS services. The problem with FreeDNS, it is not integrate with my router. The easiest solution is to make task scheduler using crontab in my Ubuntu server.
First we need to create an account in FreeDNS then create sub domain. After that click on Dynamic DNS section and you can see there is a link with words like quick cron excample. Open the link and follow the instruction to create crontab in your server.
Once the DNS pointing to my router IP address, I just need to forward my SSH port in my Router. The settings are different on each router. I recommend to use a different port on the internet so anyone need to guess your port in order to use your SSH service.
I’m using Termius to access my server from my android device.