Tavo-IT Logo

Debian InstallationProfessional Guide

Complete step-by-step guide to installing Debian – from Stable and Testing to production-ready configuration for servers and desktops.

Debian 12 BookwormDebian ServerAPT Package ManagerLinux Stable

📋 Contents

🔄 Debian Editions

🟢 Stable

Current version: Bookworm (12)

  • - Maximum stability
  • - Production environments
  • - Long-term support
  • - Conservative updates
  • - Recommended for servers

RECOMMENDED for Production

🟡 Testing

Current version: Trixie (13)

  • - Newer packages
  • - Becomes next stable
  • - Good stability
  • - Suitable for desktops
  • - Rolling release

⚠️ For experienced users

🔴 Unstable (Sid)

Rolling development

  • - Latest packages
  • - Development branch
  • - May break
  • - For developers only
  • - Experimental

⚠️ NOT for Production

💾 Download & Preparation

🔽 ISO Images

🖥️ Desktop Images

Debian 12 Bookworm (GNOME)~3.7 GB
wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.7.0-amd64-netinst.iso

🖧 Server/Netinstall

Minimale Installation (empfohlen)~650 MB
wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.7.0-amd64-netinst.iso

💿 Complete DVD

Offline installation possible~4.7 GB
wget https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-12.7.0-amd64-DVD-1.iso

🔐 Integrity Check

Important: Check ISO integrity!

# SHA256-Checksummen herunterladen
wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA256SUMS

# Prüfung durchführen
sha256sum -c SHA256SUMS

⚠️ System Requirements

Minimum:

  • - RAM: 512 MB (2 GB recommended)
  • - Storage: 10 GB
  • - CPU: Pentium 4 (1 GHz)
  • - Network for Netinst

Recommended:

  • - RAM: 4 GB+
  • - Storage: 20 GB+
  • - CPU: Multi-Core
  • - SSD for better performance

⚙️ Installation Process

Step-by-step installation

1

Boot Menu

Empfohlene Option:

Graphical install

Easier for beginners

2

Language & Localization

Language: English / German
Country: Germany
Keyboard: German
3

Hostname & Domain

Hostname: debian-server
Domain: local (oder leer lassen)
4

User Accounts

Root Password

Leave empty for sudo-only setup (recommended)

User Account
Name: Administrator
Username: admin
Password: [secure password]

💾 Partitioning

🔰 Guided (Recommended)

Automatic partitioning

Option: "Guided - use entire hard disk"
LVM: ✅ Yes (for flexibility)
Encryption: ✅ Yes (for laptops)

🔧 Manual (Advanced)

Custom partitioning

MountSizeType
/boot/efi512 MBFAT32
/boot1 GBext4
/20 GBext4
/var10 GBext4
/homeRestext4
swap= RAMswap

📊 Server Partitioning

Optimized for server workloads:

Partition Size Mount Purpose /dev/sda1 512M /boot/efi UEFI Boot /dev/sda2 1G /boot Kernel & initrd /dev/sda3 Rest LVM Volume Group LVM Layout: lv_root 15G / System lv_var 20G /var Logs, Cache lv_tmp 5G /tmp Temporary files lv_home 10G /home Users lv_swap 4G swap Swap Space

📦 APT & Package Management

🔄 APT Basics

Basic Commands

# Update package lists sudo apt update # Upgrade packages sudo apt upgrade # Full system upgrade sudo apt full-upgrade # Install package sudo apt install package-name # Remove package sudo apt remove package-name # Remove with config sudo apt purge package-name

Advanced Commands

# Search packages apt search keyword # Show package info apt show package-name # List installed apt list --installed # Autoremove unused sudo apt autoremove # Clean cache sudo apt autoclean # Hold package sudo apt-mark hold package

📚 Sources.list Configuration

Repository configuration for Debian Stable:

# /etc/apt/sources.list # Debian Bookworm (12) - Stable # Main repositories deb http://deb.debian.org/debian bookworm main contrib non-free-firmware deb-src http://deb.debian.org/debian bookworm main contrib non-free-firmware # Security updates deb http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware # Updates deb http://deb.debian.org/debian bookworm-updates main contrib non-free-firmware # Backports (optional) deb http://deb.debian.org/debian bookworm-backports main contrib non-free-firmware

Repository Components:

  • - main: Free software (DFSG)
  • - contrib: Free software with non-free dependencies
  • - non-free-firmware: Firmware blobs for hardware

🖥️ Desktop Environment

🎨 Desktop Environments

GNOME (Default)

Modern, touch-friendly

sudo apt install gnome-core

KDE Plasma

Customizable, Windows-like

sudo apt install kde-plasma-desktop

XFCE

Lightweight, stable

sudo apt install xfce4

🛠️ Essential Apps

# Development sudo apt install -y \ git vim code \ build-essential \ python3-pip nodejs npm # Multimedia sudo apt install -y \ vlc gimp inkscape \ audacity # Office & Productivity sudo apt install -y \ libreoffice \ thunderbird firefox-esr # System Tools sudo apt install -y \ htop neofetch tree \ curl wget rsync \ gparted timeshift

🖧 Server Configuration

⚙️ Server Base Setup

# System aktualisieren sudo apt update && sudo apt upgrade -y # Essential Server Tools sudo apt install -y \ openssh-server fail2ban ufw \ htop iotop iftop ncdu \ curl wget git rsync \ sudo vim nano # Netzwerk Tools sudo apt install -y \ net-tools dnsutils \ iputils-ping traceroute # Monitoring sudo apt install -y \ sysstat logwatch \ smartmontools # Backup Tools sudo apt install -y \ borgbackup rsnapshot

🌐 Web Server Stack

NGINX + PHP

# NGINX Web Server sudo apt install nginx # PHP-FPM sudo apt install php8.2-fpm \ php8.2-mysql php8.2-curl \ php8.2-gd php8.2-xml # MariaDB sudo apt install mariadb-server sudo mysql_secure_installation

Docker Setup

Add Docker repository:

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

Install Docker:

sudo apt install docker-ce docker-ce-cli containerd.io

Install Docker Compose:

sudo apt install docker-compose-plugin

Add users to the Docker group:

sudo usermod -aG docker $USER

🔒 Security Hardening

🔥 Firewall (UFW)

# Enable UFW sudo ufw --force reset sudo ufw default deny incoming sudo ufw default allow outgoing # Allow SSH sudo ufw allow ssh # or specific port sudo ufw allow 2222/tcp # Web Server (optional) sudo ufw allow 80/tcp sudo ufw allow 443/tcp # Enable firewall sudo ufw enable # Check status sudo ufw status verbose

🛡️ SSH Hardening

# Adjust SSH configuration sudo nano /etc/ssh/sshd_config # Important settings: Port 2222 # Change default port PermitRootLogin no # Disable root login PasswordAuthentication no # Only after SSH key setup! PubkeyAuthentication yes # Enable SSH keys MaxAuthTries 3 # Limit login attempts ClientAliveInterval 300 # Set timeout # Restart SSH service sudo systemctl restart ssh

Generate SSH keys:

# On client system:
ssh-keygen -t ed25519 -C "your_email@example.com"
ssh-copy-id -p 2222 username@server-ip

🔧 System Hardening

# Fail2Ban for SSH protection sudo apt install fail2ban sudo systemctl enable fail2ban sudo systemctl start fail2ban # Automatic Updates sudo apt install unattended-upgrades sudo dpkg-reconfigure -plow unattended-upgrades # AppArmor (Application Armor) sudo apt install apparmor apparmor-utils sudo systemctl enable apparmor # Intrusion Detection sudo apt install aide sudo aideinit sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db # Log Monitoring sudo apt install logwatch sudo nano /etc/logwatch/conf/logwatch.conf

Best Practices

📋 Debian Checklist

⚠️ Common Errors

Testing/Unstable in Production

❌ Unstable, only use Stable for servers

Root account left enabled

❌ Security risk, use sudo

Firewall disabled

❌ Enable UFW immediately after installation

No updates

❌ Security updates are critical