Dominik Jasiński

Linux administration and DevOps practices are essential skills for modern developers and system administrators. This guide is specifically designed for junior developers and those new to Linux administration. We'll cover everything from setting up a local development environment to managing production servers, with a focus on security, performance, and best practices. Each section includes detailed explanations and practical examples to help you understand the concepts better.

What is DevOps?

DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the development lifecycle and provide continuous delivery with high software quality. As a junior developer, understanding DevOps practices will help you:

Deploy applications more efficiently
Collaborate better with your team
Understand the full application lifecycle
Write more production-ready code

Why Linux?

Linux is the most popular operating system for servers and development environments because:

It's free and open-source
Highly secure and stable
Excellent for development and deployment
Most cloud services run on Linux
Most development tools are Linux-first

Local Development Environment

Setting Up Your Workstation

Before we start, let's understand what each tool does:

git: Version control system for tracking code changes
curl & wget: Tools for downloading files from the internet
vim: Text editor for editing files in the terminal
htop: Interactive process viewer (better than the basic 'top' command)
tmux: Terminal multiplexer (allows you to run multiple terminal sessions)
build-essential: Contains basic tools for building software
software-properties-common: Helps manage software repositories

# Update system
# This command updates the list of available packages and their versions
sudo apt update && sudo apt upgrade

# Install essential development tools
# The -y flag automatically answers "yes" to prompts
sudo apt install -y \
    git \
    curl \
    wget \
    vim \
    htop \
    tmux \
    build-essential \
    software-properties-common

# Install Docker && Docker Compose
# Docker helps you run applications in isolated containers
# Docker Compose helps you manage multiple containers
# This makes it easier to develop and deploy applications
curl -fsSL https://get.docker.com | sudo sh

Development Tools

Let's understand what each development tool does:

Node.js: JavaScript runtime for building server-side applications
npm: Node.js package manager for installing JavaScript libraries
PHP: Server-side scripting language
Composer: PHP package manager for managing PHP dependencies

# Install Node.js and npm
# LTS means "Long Term Support" - more stable version
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -
sudo apt install -y nodejs

# Install PHP and common extensions
# Each extension adds specific functionality to PHP:
# - php-fpm: FastCGI Process Manager for PHP
# - php-mysql: MySQL database support
# - php-gd: Image processing
# - php-mbstring: Multibyte string handling
# - php-xml: XML processing
sudo apt install -y \
    php \
    php-cli \
    php-fpm \
    php-json \
    php-common \
    php-mysql \
    php-zip \
    php-gd \
    php-mbstring \
    php-curl \
    php-xml \
    php-bcmath

# Install Composer
# Composer is like npm but for PHP
curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composer

Server Administration

Initial Server Setup

When you first get access to a server, these are the essential steps to secure it:

Update the system: Always start with an updated system
Create a deployer user: Never use root for daily operations
Set up SSH keys: More secure than passwords
Configure SSH: Disable password login and root access

# Update system
sudo apt update && sudo apt upgrade

# Create new user
# This creates a user named 'deployer' with a home directory
sudo adduser deployer
# Add the user to the sudo group (allows running commands as root)
sudo usermod -aG sudo deployer

# Set up SSH key authentication
# SSH keys are more secure than passwords
# They use public-key cryptography
mkdir -p ~/.ssh
chmod 700 ~/.ssh  # Restrict permissions to owner only
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys  # Restrict permissions to owner only

# Configure SSH
sudo nano /etc/ssh/sshd_config
# These settings make your server more secure:
# PermitRootLogin no        # Prevents root login
# PasswordAuthentication no # Disables password login
# PubkeyAuthentication yes # Enables key-based authentication

Server Security

Security is crucial for any server. Here's what each security measure does:

UFW (Uncomplicated Firewall): A user-friendly interface for managing firewall rules
fail2ban: Protects against brute-force attacks by banning IPs that fail to authenticate

# Install and configure firewall
sudo apt install -y ufw
# Default policies
sudo ufw default deny incoming  # Block all incoming connections by default
sudo ufw default allow outgoing # Allow all outgoing connections
# Allow specific services
sudo ufw allow ssh    # Port 22
sudo ufw allow http   # Port 80
sudo ufw allow https  # Port 443
sudo ufw enable       # Start the firewall

# Install fail2ban
# fail2ban monitors log files and bans IPs that show malicious behavior
sudo apt install -y fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local  # Create custom config
sudo systemctl enable fail2ban  # Start on boot
sudo systemctl start fail2ban   # Start now

Remote Access & Security

SSH Configuration

SSH (Secure Shell) is the primary way to access remote servers. Here's how to set it up securely:

Generate an SSH key: Creates a pair of keys (public and private)
Copy the public key: Adds your key to the server's authorized keys
Configure SSH client: Makes connecting easier

# Generate SSH key
# -t ed25519: Use the Ed25519 algorithm (more secure than RSA)
# -C: Add a comment (usually your email)
ssh-keygen -t ed25519 -C "[email protected]"

# Copy key to server
# This adds your public key to the server's authorized_keys file
ssh-copy-id user@server_ip

# SSH config file (~/.ssh/config)
# This file makes it easier to connect to your servers
# Instead of typing the full command, you can just type 'ssh myserver'
Host myserver
    HostName server_ip        # The server's IP address
    User username             # Your username on the server
    IdentityFile ~/.ssh/id_ed25519  # Your private key
    Port 22                   # SSH port (default is 22)

Secure File Transfer

There are two main ways to transfer files securely:

SCP (Secure Copy): Simple file transfer
RSYNC: More powerful, with features like:
- Resume interrupted transfers
- Only copy changed files
- Compression
- Progress display

# SCP (Secure Copy)
# Basic file transfer
scp file.txt user@server:/path/to/destination
# Transfer a directory
scp -r directory/ user@server:/path/to/destination

# RSYNC (with compression and progress)
# -a: archive mode (preserves permissions, etc.)
# -v: verbose
# -z: compress during transfer
# --progress: show progress
rsync -avz --progress source/ user@server:/path/to/destination
# Mirror directories (delete files that don't exist in source)
rsync -avz --delete source/ user@server:/path/to/destination

Monitoring & Debugging

System Monitoring

Understanding your system's health is crucial. Here are the key tools:

Process Monitoring:
- top: Basic process viewer
- htop: Enhanced process viewer with better interface
- ps: List processes
- pgrep: Find processes by name
Resource Usage:
- df: Disk space
- free: Memory usage
- vmstat: Virtual memory statistics
- iostat: I/O statistics
- netstat: Network connections
Log Monitoring:
- System logs: General system events
- Journal logs: Systemd service logs
- Kernel logs: Hardware and driver messages

# Process monitoring
top        # Basic process viewer
htop       # More user-friendly process viewer
ps aux | grep process_name  # Find specific process
pgrep process_name         # Get process ID by name

# Resource usage
df -h      # Show disk space in human-readable format
free -h    # Show memory usage in human-readable format
vmstat 1   # Show virtual memory stats every 1 second
iostat     # Show I/O statistics
netstat -tulpn  # Show all listening ports and connections

# Log monitoring
tail -f /var/log/syslog    # Follow system log in real-time
journalctl -f              # Follow systemd logs in real-time
dmesg                      # Show kernel messages

Performance Analysis

When your system is slow, these tools help identify the cause:

CPU Profiling:
- perf: Performance analysis tools
- Shows which functions use the most CPU
Memory Analysis:
- free: Basic memory usage
- vmstat: Detailed memory statistics
- /proc/meminfo: Raw memory information
Disk I/O:
- iostat: I/O statistics
- iotop: Real-time I/O monitoring

# CPU profiling
perf top              # Show CPU usage by function
perf record -g -p PID # Record CPU usage for a process
perf report           # Analyze the recording

# Memory analysis
free -h               # Show memory usage
vmstat 1             # Show memory stats every second
cat /proc/meminfo    # Show detailed memory information

# Disk I/O
iostat -x 1          # Show I/O stats every second
iotop                # Show I/O usage by process

Backup

Automated Backups

Regular backups are crucial.

# Database backup script
#!/bin/bash
# Configuration
BACKUP_DIR="/backup/mysql"
DATE=$(date +%Y%m%d_%H%M%S)
DB_USER="user"
DB_PASS="password"
DB_NAME="database"

# Create backup
# mysqldump creates a SQL file of your database
# gzip compresses it to save space
mysqldump -u $DB_USER -p$DB_PASS $DB_NAME | gzip > $BACKUP_DIR/$DB_NAME-$DATE.sql.gz

# Remove old backups
# Keep only the last 7 days of backups
find $BACKUP_DIR -name "*.sql.gz" -mtime +7 -delete

# Backup files
# tar creates an archive
# -c: create
# -z: compress with gzip
# -f: specify filename
tar -czf /backup/files/website-$DATE.tar.gz /var/www/website

🔗 Follow me on LinkedIn for more DevOps tips and updates!

💡 Found this guide helpful? Share it with your team and follow for more DevOps content!