Det's ICT & Data Blog

Deploying Ubuntu 24.04 on GCP E2-Micro: A Step-by-Step Guide

By Det |

Welcome to my first technical deep-dive! In this article, I'll walk you through the process of setting up a lean and efficient Ubuntu 24.04 LTS server on a Google Cloud Platform (GCP) e2-micro instance. This guide is perfect for anyone looking to host a personal website, run a small application, or set up a secure VPN on a budget-friendly free-tier VM.

Why Ubuntu 24.04 LTS and E2-Micro?

Ubuntu 24.04 LTS (Noble Numbat) offers long-term support and stability, making it an ideal choice for server environments. The e2-micro instance, while having limited resources (2 shared vCPUs, 1GB RAM), is part of GCP's free tier, allowing you to run a small VM without incurring costs. This combination provides a powerful yet economical foundation for your projects.

Prerequisites:

  • A Google Cloud Platform account with billing enabled (don't worry, e2-micro is free tier!).
  • Basic familiarity with the Linux command line.
  • An SSH client (like PuTTY on Windows, or built-in terminal on Linux/macOS).

Step 1: Provisioning Your GCP E2-Micro Instance

Log into your GCP Console. Navigate to "Compute Engine" > "VM instances". Click "Create Instance". 

# Example of a command you might run on the VM
sudo apt update && sudo apt upgrade -y

Choose `e2-micro` as the machine type. Select `us-west1` as the region to qualify for the free tier. For the boot disk, select `Ubuntu 24.04 LTS Minimal`. Ensure "Allow HTTP traffic" and "Allow HTTPS traffic" are checked under Firewall.

Step 2: Initial Server Setup and Security

After your VM is provisioned, connect to it via SSH.

Create a Non-Root User:

sudo adduser detuser
sudo usermod -aG sudo detuser
su - detuser

Replace `detuser` with your preferred username. This enhances security by preventing direct root logins for daily tasks.

SSH Key Authentication:

Set up SSH key-based authentication for secure access. 

# On your local machine
ssh-keygen -t ed25519 -C "your_email@example.com"
ssh-copy-id -i ~/.ssh/id_ed25519.pub detuser@your_server_ip

Then, disable password authentication and root login in `/etc/ssh/sshd_config`.

Configure Firewall (UFW):

UFW is Ubuntu's simple firewall. 

sudo ufw allow OpenSSH
sudo ufw allow http
sudo ufw allow https
sudo ufw enable

Verify with `sudo ufw status verbose`.

Step 3: Installing and Configuring Caddy Web Server

Caddy is an amazing web server known for its simplicity and automatic HTTPS.

Installation:

Ensure you install it via the official repository for proper systemd integration: 

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy.list
sudo apt update
sudo apt install caddy -y

Caddyfile Configuration:

For your blog, you'll create a dedicated directory and configure Caddy to serve it. 

sudo mkdir -p /var/www/html/blog.domain.com
sudo chown -R caddy:caddy /var/www/html/blog.domain.com

Edit `/etc/caddy/Caddyfile` and add a block for `blog.domain.com`: 

blog.domain.com {
    root * /var/www/html/blog.domain.com
    file_server
    encode gzip zstd
    # ... other security headers or logging as needed ...
}

Validate and reload Caddy: 

sudo caddy validate --config /etc/caddy/Caddyfile
sudo systemctl reload caddy

Step 4: Docker and WireGuard VPN Deployment (Coming Soon!)

The next step in this server's journey will be to install Docker and deploy WireGuard, creating a secure personal VPN. This will involve careful resource management due to the e2-micro's limitations, but it's entirely achievable! Stay tuned for a detailed guide on this.

This initial setup provides a solid, secure, and efficient foundation for your projects on Google Cloud's free tier. Happy building!

← Back to All Articles