Based on Debian 11 "Bullseye" environment.

Basic configuration and utilities

The system is still minimum. Configure the base system and install basic tools.

Configure apt-line

APT will get only basic software by default. Add “contrib” and “non-free” to install more applications.

# vi /etc/apt/sources.list

Delete unnecessary “cdrom” lines (it's only for the installation).
You can delete “deb-src” lines unless you plan to download the source code.

deb http://ftp.jp.debian.org/debian/ bullseye main contrib non-free

deb http://security.debian.org/debian-security bullseye-security main contrib non-free

# bullseye-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://ftp.jp.debian.org/debian/ bullseye-updates main contrib non-free

deb http://ftp.jp.debian.org/debian/ bullseye-backports main contrib non-free
  • The line for security updates slightly changed the format.
  • Even if "bullseye-backports" is added to the line, you have to explicitly specify when installing packages from backports. (Adding this line doesn't mean packages will be upgraded to backports version unintentionally.)

In fact, you only need four lines. After editing the apt-line, check if the update completes without errors.

# apt update
# apt upgrade

If you have any errors, check the apt-line.

Basic utilities

Install basic utilities. The lineup may change according to your server usage. Here is my case.

# apt install bind9-dnsutils man-db net-tools nkf rsync telnet tmux wget curl
  • bind9-dnsutils: DNS-related commands (e.g. dig). The package name changed from dnsutils (Buster).
  • man-db: Provides “man” command
  • net-tools: Network-related commands (e.g. netstat).
  • nkf: Character set converter similar to “iconv” with some Japanese specific functionality.
  • rsync: Synchronize files/directories.
  • telnet: For the check of mail/web servers
  • tmux: Terminal multiplexer.
  • wget: Downloader
  • curl: Data transfer mainly with HTTP(S)

Programming Languages

Install

Install major programming languages. This will be required when installing some tools.
(Python should have already been installed with fail2ban, but listed here to make sure.)

# apt install ruby ruby-dev python3 php php7.4-fpm perl
  • ruby & ruby-dev: ruby-dev will be required to connect to the databases.
  • python3: There used to be "python" without 3 to call 2.7 version till Buster. The package "python" is not available after Bullseye.
  • php & php7.4-fpm: Installing only “php” will install apache2 according to the dependency. To use nginx, you have to explicitly choose fpm version.
  • perl: Still useful and used.

For PHP, the timezone has to be set to php.ini. There are 2 php.ini files, for CLI:/etc/php/7.4/cli/php.ini and FPM:/etc/php/7.4/fpm/php.ini.

[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = "Asia/Tokyo"

You need to restart php-fpm after changing php.ini.

# systemctl reload php7.4-fpm

Libraries for each language

Each language offers external modules. Python pip, Ruby gems, PHP pecl. There are multiple way to use them, but if you don't need too many modules, the major modules may be available as a debian package. If you're ok with the debian package, you don't have to care about the version discrepancies between packaged languages and modules.

For example, PHP cURL is available as php7.4-curl package.

Locales (Languages)

Since I need to display Japanese characters, ja_JP locale has to be added.

# dpkg-reconfigure locales

Then select “ja_JP.UTF-8” to add locales. If you need to use more languages, select whatever you need.
The default locale is recommended to be kept English as described in the Debian installation.

Vim

Vi IMproved. If you feel vi is OK to use, please install this to enhance the simple vi editor. If you don’t like it, you can find alternatives. 

# apt install vim
# vi /etc/vim/vimrc

Now you can see the colored config file since the command “vi” now calls “vim”. Here is my case of configuration.

" Vim5 and later versions support syntax highlighting. Uncommenting the next
" line enables syntax highlighting by default.
syntax on

" If using a dark background within the editing area and syntax highlighting
" turn on this option as well
set background=dark

* snip *

" Uncomment the following to have Vim load indentation rules and plugins
" according to the detected filetype.
filetype plugin indent on

" The following are commented out as they cause vim to behave a lot
" differently from regular Vi. They are highly recommended though.
"set showcmd            " Show (partial) command in status line.
set showmatch           " Show matching brackets.
"set ignorecase         " Do case insensitive matching
"set smartcase          " Do smart case matching
set incsearch           " Incremental search
"set autowrite          " Automatically save before commands like :next and :make
"set hidden             " Hide buffers when they are abandoned
"set mouse=a            " Enable mouse usage (all modes)

* snip *

" Additional configuration for me
set number
set ambiwidth=double

systemd-timesyncd

I used to use NTP to synchronize the time, but systemd-timesyncd is better.
systemd-timesyncd is already installed and enabled by default, and it refers to debian ntp pool servers. If you can use nearer NTP servers, add it to /etc/systemd/timesyncd.conf

[Time]
NTP=available.ntp.server.here
#FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

Restart the service to enable it.

# systemctl restart systemd-timesyncd

systemd-timesyncd gets time data from another server and adjusts the local clock. If you have to set up the NTP server to distribute the time data, you have to use NTP.

IPv6

t the installation, only IPv4 is set up and IPv6 is disabled. Configure /etc/network/interfaces to enable IPb6 address.
(You have to find out what is the interface name. Normally that is already set up for IPv4. In my case, it was ens3.)

# IPv6
allow-hotplug ens3
iface ens3 inet6 static
        address 2401:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
        gateway xxxx::1
        netmask 64
        dns-nameservers 2401:xxxx::1

To apply the configuration, restart the server. There should be some process to restart networks, but I just don’t know the proper way…

# reboot

After reboot, reconnect the server and check if IP addresses are set.

# ip address

Update History

2021-08-22

  • Update package names according to Bullseye
  • Remove NTP section
  • Add systemd-timesyncd section

2021-09-19

  • Add bullseye-updates apt line

Ginnojo LLC company website