Arch-based distributions like Arch Linux, Manjaro, and EndeavourOS are renowned for their flexibility, customization, and up-to-date software packages. However, this flexibility comes with the need for careful configuration to ensure security, reliability, and performance. This guide walks you through the critical steps for setting up an Arch-based server for success.
By investing time in these steps, you’ll ensure a stable, secure, and optimized server environment.
Arch-based systems typically allow root login immediately after installation. Log in using the root account:
ssh root@your_server_ip
If your distribution includes a pre-configured user (e.g., Manjaro’s manjaro), log in with that user and use sudo for administrative tasks.
Immediately update the root password for enhanced security:
passwd
Using the root account for daily operations is discouraged. Create a new user with administrative privileges:
useradd -m -G wheel username
Set a password for the new user:
passwd username
To allow the new user to execute administrative tasks, configure the sudoers file. Use the visudo command to avoid syntax errors:
EDITOR=nano visudo
Uncomment the following line to enable sudo for the wheel group:
%wheel ALL=(ALL:ALL) ALL
Test the setup by switching to the new user and running a command with sudo:
su - username
sudo pacman -Syu
Using SSH keys is more secure than password-based login. Generate an SSH key pair on your local machine:
ssh-keygen
Copy the public key to the server:
ssh-copy-id username@your_server_ip
Edit the SSH server configuration file to improve security:
sudo nano /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
AllowUsers username
Restart the SSH service:
sudo systemctl restart sshd
Test the new configuration by logging out and logging back in with your regular user.
Arch Linux does not enable a firewall by default. Install and configure ufw for easy firewall management:
sudo pacman -S ufw
Enable and start the firewall:
sudo systemctl enable ufw
sudo systemctl start ufw
Allow SSH traffic to avoid locking yourself out:
sudo ufw allow OpenSSH
Enable the firewall rules:
sudo ufw enable
Verify active rules:
sudo ufw status
For other services like HTTP and HTTPS, allow traffic with:
sudo ufw allow http
sudo ufw allow https
Keeping your Arch system updated is critical, as Arch uses a rolling release model. Update your system with:
sudo pacman -Syu
For safe updates, especially on critical systems, consider using tools like downgrade to roll back problematic updates if needed.
Install tools to monitor server performance:
sudo pacman -S htop
htop
sudo pacman -S nmap
Keep an eye on disk space to prevent issues:
df -h
Use journalctl to review system logs for troubleshooting:
sudo journalctl -xe
Arch systems do not automatically enable services. Enable critical services to start at boot:
sudo systemctl enable sshd
sudo systemctl enable ufw
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si
rsync or borg for scheduled backups.Zabbix, Netdata, or Prometheus for advanced system monitoring.By following these steps, your Arch-based server is now secure, functional, and ready for further customization. Whether you’re running Arch Linux, Manjaro, or EndeavourOS, this setup ensures a solid foundation for deploying applications and services.
Happy configuring! 🚀
Return to the Table of Contents for more guides and tutorials.