I have an extremely low-utilization server on my personal network. It serves three functions: nginx to serve a couple of static webpages, ssh to be a back door into my network if needed, and a Unifi controller.
Since that's literally all it has to do, it's not real server hardware like my real servers. It's a repurposed laptop. It's been running Stretch for some time.
A few days ago I noticed that gnupg and a couple of other things were being held back when doing updates. I tried to resolve the holdbacks but I wound up in dependency hell. While poking around, I realized that due to a mistake I'd made in past setup, there were files throughout the system that should have been symlinks. So I decided the best thing would be to rebuild the server. Because this server is of low importance, out of curiosity I decided to experiment with Ubuntu Server this time around, installing 18.04.3 just to see how much different it would be from using Debian.
The answer is, somewhat more than I expected. Here's a list of things, in no particular order.
- - Installation prompted me for whether I wanted "Server snaps" (preconfigured server images). Nice idea but not what I needed.
- Installation prompted me to set up the network interface for static or DHCP. I let it go to DHCP intending to change it later in /etc/network/interfaces. We'll return to this.
- Installation enforces lowercase-only for hostnames. I guess that's customary but I've never seen it made a requirement before.
- Shell login comes with almost a pageful of motd that I had to figure out how to disable.
- Fail2ban is a version that doesn't add chains until it needs them. Good idea for efficiency but confusing when you start it and don't see anything change in iptables right away.
- Also, installing Fail2ban brought in Postfix and a bunch of other stuff for some reason.
- Network interface configuration doesn't happen in /etc/network/interfaces. They replaced ifupdown with netplan and use yaml files to define devices. On the surface a good idea except that the yaml files are stupidly sensitive to indentation, and even though it wants you to specify nameserver IPs per interface, it doesn't appear to use them.
- Why doesn't it use them? Oh yeah, it's because it's caching everything and running the DNS through whatever's set up in the systemd resolv.conf stub. I had to disable that and replace it with an actual resolv.conf. That leaves the caching service active and doing nothing, I guess, but I don't care.
- For some reason they have cloud configuration utilities enabled by default. I had to turn off something called cloud-init, and rename the netplan config file from 50-cloud-init.yaml. Note that installation never asked me if it's a cloud server, it just assumed.
- There's apparently a pseudo random number generator enabled, so you don't have to install haveged if you want Unifi to start up right away after boot.
- Things I installed that worked more or less the same as I'm used to: certbot, ipset, nginx (from the nginx repos, not Ubuntu's), smartmontools, sshd, iptables-persistent.