Tools

Tools: Debian 13 "Trixie" Complete Guide: Installation, Security & Server Setup (2026)

2026-03-15 0 views admin
Tools: Debian 13 "Trixie" Complete Guide: Installation, Security & Server Setup (2026)

Debian 13 "Trixie" Complete Guide: Installation, Security & Server Setup (2026)

Why Debian 13 Matters

What’s New in Debian 13 "Trixie"

Updated Core Components

Security Enhancements

Installation Options

Example Bootable USB Command

Recommended Server Setup

Initial Update

Essential Tools

Basic Service Management

Security Best Practices

Example SSH Hardening

Example UFW Rules

Web Server and Application Stack

Install NGINX and PHP

Install PostgreSQL

Docker on Debian 13

Backup and Maintenance

Upgrading from Debian 12 to Debian 13

Final Thoughts Debian has long been one of the most trusted Linux distributions in the world. Known for its stability, reliability, and strong security model, it powers millions of servers, cloud environments, and even other distributions such as Ubuntu. With Debian 13 “Trixie”, the project continues its tradition of delivering a stable and dependable operating system while embracing the modern tools, performance improvements, and security defaults that administrators expect in 2026. Whether you are deploying a fresh VPS, building a home lab, preparing a production web server, or upgrading an existing Debian environment, this guide covers the essentials you need to get started with confidence. Debian remains one of the most respected Linux distributions for both servers and desktops. It is widely chosen because of its predictable package ecosystem, long-term reliability, and clean approach to system administration. Debian 13 “Trixie” builds on that foundation by delivering a newer kernel, updated software packages, better hardware compatibility, and stronger default security. For developers, sysadmins, and DevOps engineers, it offers a practical balance between modern features and operational stability. These upgrades make Debian 13 especially attractive for anyone building secure, modern Linux servers with minimal unnecessary complexity. Debian 13 is available in multiple installation formats, each designed for different use cases. For most server deployments, the Netinstall ISO is the recommended choice. It keeps the installation light and allows packages to be downloaded fresh during setup. Verify the ISO before using it: A clean Debian installation is only the beginning. After the OS is installed, it is important to apply updates, install essential packages, configure networking, secure SSH access, and enable a firewall before exposing the server to the internet. One of Debian’s strongest qualities is that it provides an excellent base for hardening and secure operations. A few early decisions can significantly improve the security posture of any new Debian 13 server. Debian 13 is a strong platform for web hosting, APIs, internal tooling, and database-backed applications. A common stack includes NGINX, PHP-FPM, and PostgreSQL. This makes Debian 13 a practical choice not only for traditional websites, but also for container workloads, backend services, and modern application deployment. Containerization remains a core part of infrastructure in 2026, and Debian continues to be a reliable host operating system for Docker-based environments. For teams running self-hosted services, CI/CD runners, or development environments, Debian 13 provides a clean and efficient Docker base. No server setup is complete without a backup plan. Debian 13 works well with simple and reliable backup tools such as BorgBackup. Follow the 3-2-1 rule: If you are already running Debian 12 “Bookworm”, the upgrade path to Debian 13 is straightforward, but it should always be tested first in a non-production environment. Before upgrading production systems, take a full backup and review all third-party repositories. Debian 13 “Trixie” continues the project’s long-standing reputation for stability while delivering the updates needed for modern infrastructure. It is an excellent choice for sysadmins, developers, cloud engineers, and anyone looking for a dependable Linux platform. From installation and first boot to security hardening and service deployment, Debian 13 offers a clean, professional foundation for serious workloads in 2026. Tags: #debian #linux #devops #sysadmin #cloud #docker #opensource Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Command

Copy

$ -weight: 600;">sudo dd if=debian-13-amd64-netinst.iso of=/dev/sdX bs=4M -weight: 500;">status=progress -weight: 600;">sudo dd if=debian-13-amd64-netinst.iso of=/dev/sdX bs=4M -weight: 500;">status=progress sha256sum debian-13-amd64-netinst.iso sha256sum debian-13-amd64-netinst.iso -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update && -weight: 600;">sudo -weight: 500;">apt -weight: 500;">upgrade -y -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update && -weight: 600;">sudo -weight: 500;">apt -weight: 500;">upgrade -y -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y vim -weight: 500;">curl -weight: 500;">wget -weight: 500;">git htop tmux unzip zip ca-certificates -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -y vim -weight: 500;">curl -weight: 500;">wget -weight: 500;">git htop tmux unzip zip ca-certificates -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">start nginx -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">enable nginx -weight: 500;">systemctl -weight: 500;">status nginx -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">start nginx -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">enable nginx -weight: 500;">systemctl -weight: 500;">status nginx PermitRootLogin no PasswordAuthentication no MaxAuthTries 3 PermitRootLogin no PasswordAuthentication no MaxAuthTries 3 -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install ufw -weight: 600;">sudo ufw default deny incoming -weight: 600;">sudo ufw default allow outgoing -weight: 600;">sudo ufw allow ssh -weight: 600;">sudo ufw allow 80/tcp -weight: 600;">sudo ufw allow 443/tcp -weight: 600;">sudo ufw -weight: 500;">enable -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install ufw -weight: 600;">sudo ufw default deny incoming -weight: 600;">sudo ufw default allow outgoing -weight: 600;">sudo ufw allow ssh -weight: 600;">sudo ufw allow 80/tcp -weight: 600;">sudo ufw allow 443/tcp -weight: 600;">sudo ufw -weight: 500;">enable -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install nginx -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install php8.3-fpm php8.3-cli -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">enable nginx -weight: 600;">sudo nginx -t && -weight: 600;">sudo -weight: 500;">systemctl reload nginx -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install nginx -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install php8.3-fpm php8.3-cli -weight: 600;">sudo -weight: 500;">systemctl -weight: 500;">enable nginx -weight: 600;">sudo nginx -t && -weight: 600;">sudo -weight: 500;">systemctl reload nginx -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install postgresql postgresql-contrib -weight: 600;">sudo -u postgres createuser myapp -weight: 600;">sudo -u postgres createdb myappdb -O myapp -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install postgresql postgresql-contrib -weight: 600;">sudo -u postgres createuser myapp -weight: 600;">sudo -u postgres createdb myappdb -O myapp -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -weight: 500;">docker-ce -weight: 500;">docker-ce-cli containerd.io -weight: 600;">sudo usermod -aG -weight: 500;">docker $USER -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install -weight: 500;">docker-ce -weight: 500;">docker-ce-cli containerd.io -weight: 600;">sudo usermod -aG -weight: 500;">docker $USER -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install borgbackup borg init --encryption=repokey /backup/borg-repo -weight: 600;">sudo -weight: 500;">apt -weight: 500;">install borgbackup borg init --encryption=repokey /backup/borg-repo -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update && -weight: 600;">sudo -weight: 500;">apt full--weight: 500;">upgrade -y -weight: 600;">sudo sed -i 's/bookworm/trixie/g' /etc/-weight: 500;">apt/sources.list -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt full--weight: 500;">upgrade -y -weight: 600;">sudo reboot -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update && -weight: 600;">sudo -weight: 500;">apt full--weight: 500;">upgrade -y -weight: 600;">sudo sed -i 's/bookworm/trixie/g' /etc/-weight: 500;">apt/sources.list -weight: 600;">sudo -weight: 500;">apt -weight: 500;">update -weight: 600;">sudo -weight: 500;">apt full--weight: 500;">upgrade -y -weight: 600;">sudo reboot - Linux Kernel 6.12+ for improved hardware support and better performance - systemd 256 with modern -weight: 500;">service and boot management improvements - GCC 14 for updated compiler features and optimizations - 64-bit time_t support for full Year 2038 readiness - nftables as the default firewall framework - AppArmor enabled by default for stronger application confinement - OpenSSL 3.2+ with modern cryptographic improvements - Improved installer firmware support for easier deployment on modern systems - Netinstall ISO — ideal for lean server deployments - Full DVD ISO — useful for offline installation environments - Cloud images — convenient for AWS, Azure, and other platforms - Live images — great for testing before installing - Disable root SSH login - Use SSH keys instead of passwords - Enable a firewall with a default deny policy - Install Fail2Ban to reduce brute-force attacks - Keep packages updated regularly - Use AppArmor profiles where applicable - 3 copies of your data - 2 different storage media - 1 offsite backup

🏷️ Tags

toolsutilitiessecurity toolsdebiantrixiecompleteguideinstallationsecurityserver

More from Tools

Tools: Gas-Aware Trading: Execute Only When Gas Is Cheap (2026)

Tools: Gas-Aware Trading: Execute Only When Gas Is Cheap (2026)

2026-03-30 0
Tools: Grafana k6 Has a Free API That Load Tests Your APIs With JavaScript - Full Analysis

Tools: Grafana k6 Has a Free API That Load Tests Your APIs With JavaScript - Full Analysis

2026-03-30 0
Tools: Caddy Has a Free API That Gives You Automatic HTTPS With Zero Configuration (2026)

Tools: Caddy Has a Free API That Gives You Automatic HTTPS With Zero Configuration (2026)

2026-03-30 0
Tools: Fly.io Has a Free API That Deploys Docker Apps Globally With Edge Hosting (2026)

Tools: Fly.io Has a Free API That Deploys Docker Apps Globally With Edge Hosting (2026)

2026-03-30 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views