10 Steps To Well Configured VPS
-
Upload
ladislav-martincik -
Category
Technology
-
view
278 -
download
2
description
Transcript of 10 Steps To Well Configured VPS
![Page 1: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/1.jpg)
1 0 S T E P S T O W E L L C O N F I G U R E D V P SF O R Y O U R W E B A P P. R U B A C I . C Z M A Y, 2 0 1 4
![Page 2: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/2.jpg)
L I N U X D I S T R O
# NEVER Ubuntu XX.10 # 9 months !
# Yes Ubuntu XX.04 LTS # 5 years
![Page 3: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/3.jpg)
H O S T I N G
# SSD DigitalOcean.com linode.com !
# AWS - Good for Dynamic Hosting aws.amazon.com
![Page 4: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/4.jpg)
B A S I C U P D AT E
# Update all sudo apt-get -y update && sudo apt-get -y upgrade !# Basic packages sudo apt-get install build-essential git-core sudo apt-get install curl sudo apt-get install python-software-properties
![Page 5: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/5.jpg)
N E V E R B E R O O T, N E V E R ! !
# Add deploy user adduser deploy --ingroup admin !# Switch to Deploy user su deploy cd # To home directory !# Allow deploy to run SUDO visudo root ALL=(ALL) ALL deploy ALL=(ALL) ALL
![Page 6: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/6.jpg)
N O PA S S W O R D S P L E A S E !
# SSH with keys mkdir -p ~/.ssh touch ~/.ssh/authorized_keys sudo aptitude install vim vim ~/.ssh/authorized_keys !# OR cat ~/.ssh/id_rsa.pub | ssh deploy@ip 'cat >> ~/.ssh/authorized_keys'
![Page 7: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/7.jpg)
S S H - S E R V E R# Change port to XXXX # And turn off Root login and forbid passwords sudo vim /etc/ssh/sshd_config >>>>>>>>>>>> Port 3245 PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication no AllowUsers deploy@(your-ip) deploy@(another-ip-if-any) # Optional! <<<<<<<<<<<< !# Restart ssh deamon sudo service ssh restart
![Page 8: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/8.jpg)
S S H - C L I E N T
# Generate SSH key ssh-keygen -t rsa !# ~/.ssh/config Host mojejmeno HostName mujserver.com # /etc/hosts nebo IP Port XXXX User deploy
![Page 9: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/9.jpg)
P R E V E N T AT TA C K S
# Firewall ufw allow 80 # HTTP ufw allow 443 # HTTPS ufw enable !# SSH ufw allow from {your-ip} to any port XXXX
![Page 10: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/10.jpg)
P R E V E N T AT TA C K S # 2
# Fail2ban is a daemon that monitors login attempts to a server and blocks suspicious activity as it occurs. It’s well configured out of the box. apt-get install fail2ban
![Page 11: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/11.jpg)
E N A B L E A U T O M AT I C S E C U R I T Y U P D AT E S# Install automatic upgrades apt-get install unattended-upgrades vim /etc/apt/apt.conf.d/10periodic >>>>>>>> APT::Periodic::Update-Package-Lists “1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade “1"; <<<<<<<< !# Setup only security upgrades vim /etc/apt/apt.conf.d/50unattended-upgrades >>>>>>>> Unattended-Upgrade::Allowed-Origins { "Ubuntu lucid-security"; // "Ubuntu lucid-updates"; }; <<<<<<<<
![Page 12: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/12.jpg)
E M A I L N O T I F I C AT I O N
# Install LogWatch apt-get install logwatch vim /etc/cron.daily/00logwatch !# Setup email notification /usr/sbin/logwatch --output mail --mailto [email protected] --detail high
![Page 13: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/13.jpg)
W H AT N E X T ?
# Troubleshooting http://devo.ps/blog/2013/03/06/troubleshooting-5minutes-on-a-yet-unknown-box.html !# Keep Swipe file Every good dev/ops should have swipe file of the best work and stuff he did or will repeat.
![Page 14: 10 Steps To Well Configured VPS](https://reader033.fdocuments.in/reader033/viewer/2022052822/554c7436b4c90575798b51dc/html5/thumbnails/14.jpg)
H A P P Y, V P S I N G ! ! !L A D I S L A V M A R T I N C I K { @ M A R T I N C I K }