DocsLinux Server SetupArch Linux

🏹 Arch Linux Server Setup

This guide covers server setup on Arch Linux - a lightweight, rolling-release distribution.

⚠️ Note: Arch Linux is not typically recommended for production servers due to its rolling-release nature. Consider using Arch for development servers or if you need cutting-edge packages.

System Update

# Sync package database and upgrade
sudo pacman -Syu
 
# Install essential tools
sudo pacman -S curl wget git vim htop base-devel

Install yay (AUR Helper)

# Clone yay
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si
cd ..
rm -rf yay

Create Admin User

# Create user with home directory
sudo useradd -m -G wheel admin
 
# Set password
sudo passwd admin
 
# Enable wheel group sudo access
sudo visudo
# Uncomment: %wheel ALL=(ALL:ALL) ALL

Configure SSH

# Install OpenSSH
sudo pacman -S openssh
 
# Enable and start
sudo systemctl enable sshd
sudo systemctl start sshd
 
# Edit config
sudo vim /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
Port 2222
sudo systemctl restart sshd

Firewall (iptables/nftables)

Using nftables (recommended)

# Install
sudo pacman -S nftables
 
# Create config
sudo vim /etc/nftables.conf
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;

        # Accept established/related
        ct state established,related accept

        # Accept loopback
        iif lo accept

        # Accept SSH
        tcp dport 2222 accept

        # Accept HTTP/HTTPS
        tcp dport { 80, 443 } accept

        # Accept ICMP
        ip protocol icmp accept
        ip6 nexthdr icmpv6 accept
    }

    chain forward {
        type filter hook forward priority 0; policy drop;
    }

    chain output {
        type filter hook output priority 0; policy accept;
    }
}
# Enable nftables
sudo systemctl enable nftables
sudo systemctl start nftables

Install Fail2Ban

# Install from AUR
yay -S fail2ban
 
# Configure
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vim /etc/fail2ban/jail.local
[sshd]
enabled = true
port = 2222
maxretry = 3
bantime = 3600
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Enable Automatic Updates

Using pacman-contrib:

# Install
sudo pacman -S pacman-contrib
 
# Create update script
sudo vim /usr/local/bin/auto-update.sh
#!/bin/bash
pacman -Syu --noconfirm
sudo chmod +x /usr/local/bin/auto-update.sh
 
# Create systemd timer
sudo vim /etc/systemd/system/auto-update.timer
[Unit]
Description=Weekly system update
 
[Timer]
OnCalendar=weekly
Persistent=true
 
[Install]
WantedBy=timers.target
sudo systemctl enable auto-update.timer

Arch-Specific Tips

  • 📰 Check Arch News before updating: https://archlinux.org/news/
  • 📦 Use pacman hooks for automated tasks
  • 🔒 Consider linux-lts kernel for stability
# Install LTS kernel
sudo pacman -S linux-lts linux-lts-headers
 
# Update bootloader
sudo grub-mkconfig -o /boot/grub/grub.cfg

Back to: Linux Server Setup Overview

CentOS/RHELDocker Basics