This guide is intended to describe the installation of Debian for a server (i.e without a desktop environment). Since the installation is straightforward using the Debian installer, this guide concentrates on post-installation configuration.
- Download the Debian image (
debian-...-netinst.iso) and prepare a bootable media.
- Boot on install media.
- Install Debian step-by-step using Debian installer. For a server, do a minimal installation. A full guide is available for more details.
Install Nftables (it might be already installed on your system)
apt-get install nftables
Copy nftables.conf in
/etc. Minimal configuration with only the SSH port open.
Enable nftables systemd service.
SSH. Enable sshd systemd service.
Networkd (Using systemd)
Disable the default system managing network interfaces in Debian (configured in
systemctl disable networking mv /etc/network/interfaces /etc/network/interfaces.save
Create /etc/systemd/network/wired.network (replace interface name enp1s0 with yours. You can list interfaces using
[Match] Name=enp1s0 [Network] DHCP=yes
Systemd can also manage name resolution (using systemd-resolved). Activate it by replacing
/etc/resolv.confgenerated by systemd-resolved:
rm /etc/resolv.conf ln -s ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
Enable systemd-networkd and systemd-resolved services.
Time synchronization with timesyncd (systemd)
timedatectl set-ntp true
Summary of detailed installation.
Enable contrib and non-free sources in
/etc/apt/sources.listif they aren’t already enabled.
Starting with (example for bullseye):
deb http://deb.debian.org/debian bullseye main deb-src http://deb.debian.org/debian bullseye main deb http://security.debian.org/debian-security bullseye-security main deb-src http://security.debian.org/debian-security bullseye-security main deb http://deb.debian.org/debian bullseye-updates main deb-src http://deb.debian.org/debian bullseye-updates main
deb http://deb.debian.org/debian bullseye main contrib non-free deb-src http://deb.debian.org/debian bullseye main contrib non-free deb http://security.debian.org/debian-security bullseye-security main contrib non-free deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free deb http://deb.debian.org/debian bullseye-updates main contrib non-free deb-src http://deb.debian.org/debian bullseye-updates main contrib non-freeNoteURL deb.debian.org should be different in your config file, and should be set with a local mirror of Debian.
Install the microcode package.
apt-get update apt-get install amd64-microcode
apt-get update apt-get install intel-microcode
Debian can automatically install software upgrades, including security updates. Unattended Upgrades maintain a system up-to-date without human intervention. The system also reboots automatically when necessary.
If necessary (they might be already installed on your system), install the
apt-listchangespackages. Also install the
powermgmt-basepackage. It will allow to skip updates if the system is running on battery.
apt-get install unattended-upgrades apt-get install apt-listchanges apt-get install powermgmt-base
To activate automatic upgrades, create the 20auto-upgrades file in
To activate automatic reboot, uncomment and change to
Unattended Upgrades can be further configured in
/etc/apt/apt.conf.d/50unattended-upgrades. For example, the time at which reboot is performed can be set there.
Logs of upgrades performed are recorded in
/var/log/unattended-upgrades. After a day or two that Unattended Upgrades have been setup, it’s recommended to check these logs.