Home > Guides > Alpine Server > Setting up Alpine Linux

Setting up Alpine Linux

Installation

Use any live environment (LiveISO or rescue image) to boot up the system you want to set up. The image doesn't necessarily have to be Alpine Linux, but if you can boot up Alpine linux, the installation may be slightly easier. Use fdisk, gdisk or gparted to partition the disk.

Mount the partition that you want to use as the root filesystem:

mkdir /mnt/chroot
mount /dev/vda1 /mnt/chroot

Download and extract the Alpine Linux rootfs:

wget https://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-minirootfs-3.12.3-x86_64.tar.gz
tar -xvpzf alpine-minirootfs-3.12.3-x86_64.tar.gz -C /mnt/chroot/

Check https://alpinelinux.org/downloads/ for the latest version.

Edit /mnt/chroot/chroot.sh:

mount --rbind /dev /mnt/chroot/dev
mount --make-rslave /mnt/chroot/dev
mount -t proc /proc /mnt/chroot/proc
mount --rbind /sys /mnt/chroot/sys
mount --make-rslave /mnt/chroot/sys
mount --rbind /tmp /mnt/chroot/tmp
cp /etc/resolv.conf /mnt/chroot/etc/resolv.conf

Using this script you can easily chroot into the installation:

sh chroot.sh
chroot /mnt/chroot /bin/bash

Add the following lines to /etc/apk/repositories:

@edge http://dl-cdn.alpinelinux.org/alpine/edge/main
@community http://dl-cdn.alpinelinux.org/alpine/edge/community
@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing

Installing basic software:

apk add bash shadow openrc vim

Remove the # from the following line in /etc/inittab to enable the serial console at boot:

ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100

If you installed Alpine to a VPS or a container, then you may not need a boot loader, a kernel and the firmware to boot into Alpine. Otherwise, you can set up a Linux kernel:

apk add linux-firmware linux-lts grub grub-efi

Install GRUB:

grub-install --target=x86_64-efi --efi-directory=/boot /dev/vda

Generate the GRUB config:

grub-mkconfig -o /boot/grub/grub.cfg

Create user

Create a user that you can use to log onto the server:

useradd -mUG wheel user

Configure a password for the user:

passwd user

Setting the timezone

Install the tzdata package:

apk add tzdata

You can list the available timezones as follows:

ls /usr/share/zoneinfo

Assuming you want to use the Europe/Amsterdam timezone, you can copy it as follow to the localtime file:

cp /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime

Do also specify your timezone:

echo "Europe/Amsterdam" > /etc/timezone

You can check the current time and date:

date

After configuring the timezone, you can remove the tzdata package:

apk del tzdata

Setting the hostname

Edit /etc/hostname:

hostname

Networking

Edit /etc/network/interfaces and adjust the settings for IPv6 accordingly:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
iface eth0 inet6 static
	address 2001:bc8:600:1236::1
	netmask 64
	gateway 2001:bc8:600:1236::
	pre-up echo 1 > /proc/sys/net/ipv6/conf/eth0/accept_ra

Restart the service:

/etc/init.d/networking restart

Firewall

Install ufw:

apk add ip6tables ufw@testing

Block incoming traffic by default:

ufw default deny incoming
ufw default allow outgoing

Start the service:

ufw enable
rc-update add ufw

Check the status of ufw:

ufw status

SSH

Install OpenSSH:

apk add openssh-server

Edit /etc/ssh/sshd_config:

PasswordAuthentication no
AllowTcpForwarding yes

Open the SSH port, but limit the amount of possible traffic:

ufw limit ssh

Start the service:

/etc/init.d/sshd start
rc-update add sshd

Log in as user:

su user
mkdir .ssh
chmod 0700

Upload your public key as ~/.ssh/authorized_keys.

DNS

Add an A-record and AAAA-record with your IPv4 and IPv6 addresses to your DNS records:

@ IN A ( "163.172.149.186" );
@ IN AAAA ( "2001:bc8:600:1236::1" );

Add a CNAME-record to your DNS record:

* IN CNAME ( "@" );

Finally, you also want to set up reverse DNS to map your IP addresses back to the hostname. This can typically be done through the provider of your server instance.