Published on December 29, 2020
Installation
Use any live environment (LiveISO or rescue image) to boot up the system you want to set up. The image doesn't necessarily have to be Alpine Linux, but if you can boot up Alpine linux, the installation may be slightly easier. Use fdisk, gdisk or gparted to partition the disk.
Mount the partition that you want to use as the root filesystem:
mkdir /mnt/chroot
mount /dev/vda1 /mnt/chroot
Download and extract the Alpine Linux rootfs:
wget https://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-minirootfs-3.12.3-x86_64.tar.gz
tar -xvpzf alpine-minirootfs-3.12.3-x86_64.tar.gz -C /mnt/chroot/
Check https://alpinelinux.org/downloads/ for the latest version.
Edit /mnt/chroot/chroot.sh:
mount --rbind /dev /mnt/chroot/dev
mount --make-rslave /mnt/chroot/dev
mount -t proc /proc /mnt/chroot/proc
mount --rbind /sys /mnt/chroot/sys
mount --make-rslave /mnt/chroot/sys
mount --rbind /tmp /mnt/chroot/tmp
cp /etc/resolv.conf /mnt/chroot/etc/resolv.conf
Using this script you can easily chroot into the installation:
sh chroot.sh
chroot /mnt/chroot /bin/bash
Add the following lines to /etc/apk/repositories:
@edge http://dl-cdn.alpinelinux.org/alpine/edge/main
@community http://dl-cdn.alpinelinux.org/alpine/edge/community
@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing
Installing basic software:
apk add bash shadow openrc vim
Remove the # from the following line in /etc/inittab to enable the serial console at boot:
ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100
If you installed Alpine to a VPS or a container, then you may not need a boot loader, a kernel and the firmware to boot into Alpine. Otherwise, you can set up a Linux kernel:
apk add linux-firmware linux-lts grub grub-efi
Install GRUB:
grub-install --target=x86_64-efi --efi-directory=/boot /dev/vda
Generate the GRUB config:
grub-mkconfig -o /boot/grub/grub.cfg
Create user
Create a user that you can use to log onto the server:
useradd -mUG wheel user
Configure a password for the user:
passwd user
Setting the timezone
Install the tzdata package:
apk add tzdata
You can list the available timezones as follows:
ls /usr/share/zoneinfo
Assuming you want to use the Europe/Amsterdam timezone, you can copy it as follow to the localtime file:
cp /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
Do also specify your timezone:
echo "Europe/Amsterdam" > /etc/timezone
You can check the current time and date:
date
After configuring the timezone, you can remove the tzdata package:
apk del tzdata
Setting the hostname
Edit /etc/hostname:
hostname
Networking
Edit /etc/network/interfaces and adjust the settings for IPv6 accordingly:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 static
address 2001:bc8:600:1236::1
netmask 64
gateway 2001:bc8:600:1236::
pre-up echo 1 > /proc/sys/net/ipv6/conf/eth0/accept_ra
Restart the service:
/etc/init.d/networking restart
Firewall
Install ufw:
apk add ip6tables ufw@testing
Block incoming traffic by default:
ufw default deny incoming
ufw default allow outgoing
Start the service:
ufw enable
rc-update add ufw
Check the status of ufw:
ufw status
SSH
Install OpenSSH:
apk add openssh-server
Edit /etc/ssh/sshd_config:
PasswordAuthentication no
AllowTcpForwarding yes
Open the SSH port, but limit the amount of possible traffic:
ufw limit ssh
Start the service:
/etc/init.d/sshd start
rc-update add sshd
Log in as user:
su user
mkdir .ssh
chmod 0700
Upload your public key as ~/.ssh/authorized_keys.
DNS
Add an A-record and AAAA-record with your IPv4 and IPv6 addresses to your DNS records:
@ IN A ( "163.172.149.186" );
@ IN AAAA ( "2001:bc8:600:1236::1" );
Add a CNAME-record to your DNS record:
* IN CNAME ( "@" );
Finally, you also want to set up reverse DNS to map your IP addresses back to the hostname. This can typically be done through the provider of your server instance.
[ #alpine ]
If you like my work or if my work has been useful to you in any way, then feel free to donate me a cup of coffee. Any donation is much appreciated!