menu
Root-Server Tutorial

ROOT-SERVER TUTORIAL

Setup of 2FAuth on Ubuntu Standalone

Learn how to set up 2FAuth on Ubuntu to secure your logins.
< back to search

Author:

Konstantin Protzen

Last updated:

16/11/2023

linux ubuntu uptime auth authentication security two-factor two factor second

Introduction

Requirements

For a 'small instance' (just one for yourself and not many users) a VPS 200 is sufficient.

I recommend setting up the instance on a VPS 200.
If you feel like the instance is slowing down, you can always update to a bigger server trough the CCP.

The server needs to have Ubuntu 22.04 already installed.

You will also need a domain. A domain used in a webhosting package is sufficient. (You can still use it for your webhosting, because we will use a subdomain.)

Step 1 - Finding out the IP of your server

  1. Log in to the SCP (ServerControlPanel) under https://www.servercontrolpanel.de.
  2. Click on the server you want to use.
  3. If you are already on the "General" tab, you'll see a pane labeled "Network" in the bottom right corner.
  4. Here you can find the IP of your server (under IPv4).
  5. Write the IP of your server down.

Step 2 - Configuring DNS

  1. Log in to the CCP (CustomerControlPanel) under https://www.customercontrolpanel.de.
  2. In the sidebar on the left, click on "Domains".
  3. Find the domain you want to use and click on the magnifying glass symbol next to it.
  4. In the new window, click on "DNS".
  5. Scroll down until there are empty fields.
  6. In the first field, write your subdomain name (This tutorial will use "2fauth").
  7. In the dropdown menu, select A.
  8. In the last field, enter the IP of your server (from Step 1).
  9. Click on "Save DNS records".

Step 3 - Preparing the server

First you need to log in to your server via SSH, then follow these steps:

  1. Enter sudo -s to get root privileges.
  2. If asked for your password, enter it and press Enter.
  3. Now enter add-apt-repository ppa:ondrej/php -y && apt update -y && apt upgrade -y to update the server.
  4. If a pink window appears, press Enter once to continue.
  5. Enter apt install curl nginx git zip unzip php8.2-fpm php8.2-cli php8.2-gd php8.2-curl php8.2-cli php8.2-bcmath php8.2-mysql php8.2-ctype php8.2-fileinfo php8.2-mbstring php8.2-tokenizer php8.2-xml php8.2-zip -y || curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && snap install certbot --classic to install all the required software.
  6. If a pink window appears, press Enter once to continue.
  7. Enter composer update to update composer. (When asked if you want to continue as root, enter Yes and press Enter to continue.)

Step 4 - Installing MariaDB

Follow these steps to install and configure MariaDB:

  1. Enter apt install mariadb-server to install MariaDB.
  2. Run mysql_secure_installation to configure MariaDB.
  3. You will be asked for the root password. Press Enter to continue (there is no password yet).
  4. You will be asked if you want to change authentication method. Enter n and press Enter to continue.
  5. You will be asked if you want to set a root password. Enter n and press Enter to continue.
  6. You will be asked if you want to remove anonymous users. Enter y and press Enter to continue.
  7. You will be asked if you want to disallow root login remotely. Enter y and press Enter to continue.
  8. You will be asked if you want to remove the test database and access to it. Enter y and press Enter to continue.
  9. You will be asked if you want to reload privilege tables now. Enter y and press Enter to continue.

Step 5 - Creating a database and a user for 2FAuth

  1. Enter mysql -u root to log in to MariaDB.
  2. Enter CREATE DATABASE 2fauth; to create the database.
  3. Enter CREATE USER '2fauth'@'localhost' IDENTIFIED BY '<REPLACE_WITH_PASSWORD>'; to create a user. Replace <REPLACE_WITH_PASSWORD> with a password of your choice.
  4. Enter GRANT ALL PRIVILEGES ON 2fauth.* TO '2fauth'@'localhost'; to grant the user all privileges.
  5. Enter FLUSH PRIVILEGES; to apply the changes.
  6. Enter exit; to exit MariaDB.

Step 6 - Installing 2FAuth

  1. Enter mkdir /var/www/2fauth && chown www-data 2fauth && cd /var/www/2fauth to create a directory for 2FAuth.
  2. Enter sudo su -l www-data -s /bin/bash to switch to the www-data user.
  3. Enter curl https://api.github.com/repos/Bubka/2FAuth/tags | grep "tarball_url" | grep -Eo 'https://[^\"]*' | sed -n '1p' | xargs wget -O - | tar -xz --strip-components=1 -C /var/www/2fauth to download and extract the latest version of 2FAuth.
  4. Enter cd /var/www/2fauth && composer install --prefer-dist --no-scripts --no-dev && exit to install the dependencies.
  5. Enter php artisan 2fauth:install to start the installation.
  6. Enter your URL (e.g. http://2fauth.example.com) and press Enter.
  7. Enter my and press Enter five times to select MariaDB as the database driver.
  8. Enter your database users password (from Step 5) and press Enter.

Step 7 - Setup of nginx

  1. If asked for your password, enter it and press Enter.
  2. Enter mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.old && nano /etc/nginx/nginx.conf to edit the nginx standard config file.
  3. Paste the following code into the file:
user www-data;
events {}
http {
  include mime.types;

  access_log /dev/stdout;
  error_log /dev/stderr;

  server {
   listen 80;
   server_name 2fauth.example.com;
   root /var/www/2fauth/public;

   index index.php;

   charset utf-8;

   location / {
    try_files $uri $uri/ /index.php?$query_string;
   }

   location = /favicon.ico { access_log off; log_not_found off; }
   location = /robots.txt  { access_log off; log_not_found off; }

   error_page 404 /index.php;

   location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
    include fastcgi_params;
   }

   location ~ /\.(?!well-known).* {
    deny all;
   }
  }
}
  1. Exit the file by pressing Ctrl + X, then Y and then Enter.
  2. Now you can reload nginx by entering systemctl reload nginx.

Step 8 - Setting up HTTPS

  1. Enter certbot --nginx to start the CertBot setup.
  2. I recommend using these settings:
    1. Enter your email address.
    2. Yes (Terms of Service)
    3. No (Advertisement)
    4. Press Enter to select the only option (your domain).
    5. This process can take a while, so please be patient.

Step 8 - Setting up the Firewall

We need a firewall to protect our server from unwanted connections.

We will use ufw (Uncomplicated Firewall) to set up the firewall, because it is easy to use and configure and is also pre-installed on Ubuntu.

  1. Enter ufw allow ssh && ufw allow http && ufw allow https && ufw enable to allow SSH, HTTP and HTTPS connections and to enable the firewall.
  2. Press Y and then Enter to confirm.

Step 10 - Setting up 2FAuth

  1. Open your browser and go to your subdomain (e.g. https://2fauth.example.com).
  2. You should see a login screen.
  3. Click on "Register" and enter your data.
  4. Click on "Register" to register your account. (First account registered will be the admin account.)

I recommend disabling registration after you have registered your account. You can do this by opening the settings and enabling "Disable registration" at the bottom of the page.

Conclusion

Now you have successfully installed 2FAuth!

From now on your 2FAuth instance will be available under your subdomain (e.g. https://2fauth.example.com).

Thank you for using this tutorial!

Licence

Copyright (c) 2023 Konstantin Protzen

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Contributor's Certificate of Origin

By making a contribution to this project, I certify that:

  1. The contribution was created in whole or in part by me and I have the right to submit it under the licence indicated in the file; or

  2. The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate licence and I have the right under that licence to submit that work with modifications, whether created in whole or in part by me, under the same license (unless I am permitted to submit under a different licence), as indicated in the file; or

  3. The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

  4. I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the licence(s) involved.

Published 16/11/2023 by Konstantin Protzen

Submit your tutorial

Get 60€ netcup vouchers for every published tutorial.
Learn more >