Guides - Secure Your Server through the Linode Marketplace

Quickly deploy a Compute Instance with many various software applications pre-installed and ready to use.

Create a Linode account to try this guide with a $ credit.
This credit will be applied to any valid services used during your first  days.

This Marketplace App automatically configures a new Compute Instance with a limited user account and other best practices discussed in the Setting Up and Securing a Compute Instance guide. In addition to creating a limited user with sudo access, the app updates the system, optionally configures a domain in the DNS Manager, and optionally configures a Block Storage Volume. It also configures a basic firewall through UFW and enables Fail2Ban.

Deploying a Marketplace App

The Linode Marketplace allows you to easily deploy software on a Compute Instance using the Cloud Manager. See Get Started with Marketplace Apps for complete steps.

  1. Log in to the Cloud Manager and select the Marketplace link from the left navigation menu. This displays the Linode Create page with the Marketplace tab pre-selected.

  2. Under the Select App section, select the app you would like to deploy.

  3. Complete the form by following the steps and advice within the Creating a Compute Instance guide. Depending on the Marketplace App you selected, there may be additional configuration options available. See the Configuration Options section below for compatible distributions, recommended plans, and any additional configuration options available for this Marketplace App.

  4. Click the Create Linode button. Once the Compute Instance has been provisioned and has fully powered on, wait for the software installation to complete. If the instance is powered off or restarted before this time, the software installation will likely fail.

To verify that the app has been fully installed, see Get Started with Marketplace Apps > Verify Installation. Once installed, follow the instructions within the Getting Started After Deployment section to access the application and start using it.

Note
Estimated deployment time: The Secure Your Server tasks should be fully installed within 2-5 minutes after the Compute Instance has finished provisioning.

Configuration Options

  • Supported distributions: Ubuntu 20.04 LTS, Debian 10, Debian 11
  • Recommended plan: All plan types and sizes can be used.

Secure Your Server Options

Limited User (Required)

Fill out the following fields to automatically create a limited user for your new Compute Instance. This account will be assigned to the sudo group, which provides elevated permission when running commands with the sudo prefix.

  • Limited sudo user: Enter your preferred username for the limited user.
  • Password for the limited user: Enter a strong password for the new user.
  • SSH public key for the limited user: If you wish to login as the limited user through public key authentication (without entering a password), enter your public key here. See Creating an SSH Key Pair and Configuring Public Key Authentication on a Server for instructions on generating a key pair.
  • Disable root access over SSH: To block the root user from logging in over SSH, select Yes (recommended). You can still switch to the root user once logged in and you can also log in as root through Lish.

Custom Domain (Optional)

If you wish to automatically configure a custom domain, you first need to configure your domain to use Linode’s name servers. This is typically accomplished directly through your registrar. See Use Linode’s Name Servers with Your Domain. Once that is finished, you can fill out the following fields for the Marketplace App:

  • Linode API Token: If you wish to use the Linode’s DNS Manager to manage DNS records for your custom domain, create a Linode API Personal Access Token on your account with Read/Write access to Domains. If this is provided along with the subdomain and domain fields (outlined below), the installation attempts to create DNS records via the Linode API. See Get an API Access Token. If you do not provide this field, you need to manually configure your DNS records through your DNS provider and point them to the IP address of the new instance.
  • Subdomain: The subdomain you wish to use, such as www for www.example.com.
  • Domain: The domain name you wish to use, such as example.com.
  • Email address: The start of authority (SOA) email address for this server. This is a required field if you want the installer to create DNS records.

  • Send email from domain: If you’d like to be able to send email from the custom domain you optionally configured, select Yes. This configures the related DNS records, allows traffic through relevant ports within the internal firewall, and sets the rDNS. It does not configure any email software or guarantee email deliverability.

    This guide may involve sending email from a Compute Instance. In an effort to fight spam, Linode may restrict outbound connections on ports 25, 465, and 587 on Compute Instances for new accounts created after November 5th, 2019. For more information, please see Sending Email on Linode.

Block Storage (Optional)

You can optionally specify an existing Block Storage Volume or create a new Block Storage Volume. This attaches and mounts the Volume to the Compute Instance so you can start using it right away.

  • Block Storage Volume label: Enter a label for an existing Block Storage Volume you’d like to use.
  • Block Storage Volume size (in GB): If you wish to create a new Block Storage Volume, enter the size in GB. This creates a billable resource. See Block Storage pricing.
Note
For more information on what Block Storage is and how to get started using it, review the Block Storage product documentation.
Note
Currently, Linode does not manage software and systems updates for Marketplace Apps. It is up to the user to perform routine maintenance on software deployed in this fashion.

This page was originally published on


Your Feedback Is Important

Let us know if this guide was helpful to you.