1 0 S T E P S T O W E L L
C O N F I G U R E D V P S
F O R Y O U R W E B A P P. R U B A C I . C Z M A Y, 2 0 1 4
L I N U X D I S T R O
# NEVER
Ubuntu XX.10 # 9 months
!
# Yes
Ubuntu XX.04 LTS # 5 years
H O S T I N G
# SSD
DigitalOcean.com
linode.com
!
# AWS - Good for Dynamic Hosting
aws.amazon.com
B A S I C U P D AT E
# Update all
sudo apt-get -y update && sudo apt-get -y upgrade
!
# Basic packages
sudo apt-get instal...
N E V E R B E R O O T, N E V E R ! !
# Add deploy user
adduser deploy --ingroup admin
!
# Switch to Deploy user
su deploy
...
N O PA S S W O R D S P L E A S E !
# SSH with keys
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
sudo aptitude install vim
...
S S H - S E R V E R
# Change port to XXXX
# And turn off Root login and forbid passwords
sudo vim /etc/ssh/sshd_config
>>>...
S S H - C L I E N T
# Generate SSH key
ssh-keygen -t rsa
!
# ~/.ssh/config
Host mojejmeno
HostName mujserver.com # /etc/ho...
P R E V E N T AT TA C K S
# Firewall
ufw allow 80 # HTTP
ufw allow 443 # HTTPS
ufw enable
!
# SSH
ufw allow from {your-ip}...
P R E V E N T AT TA C K S # 2
# Fail2ban is a daemon that monitors login attempts
to a server and blocks suspicious activi...
E N A B L E A U T O M AT I C S E C U R I T Y
U P D AT E S
# Install automatic upgrades
apt-get install unattended-upgrades...
E M A I L N O T I F I C AT I O N
# Install LogWatch
apt-get install logwatch
vim /etc/cron.daily/00logwatch
!
# Setup emai...
W H AT N E X T ?
# Troubleshooting
http://devo.ps/blog/2013/03/06/
troubleshooting-5minutes-on-a-yet-unknown-
box.html
!
#...
H A P P Y, V P S I N G ! ! !
L A D I S L A V M A R T I N C I K { @ M A R T I N C I K }
Upcoming SlideShare
Loading in …5
×

10 Steps To Well Configured VPS

485 views
357 views

Published on

Linux, VPS, setup, Ubuntu

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
485
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

10 Steps To Well Configured VPS

  1. 1. 1 0 S T E P S T O W E L L C O N F I G U R E D V P S F O R Y O U R W E B A P P. R U B A C I . C Z M A Y, 2 0 1 4
  2. 2. L I N U X D I S T R O # NEVER Ubuntu XX.10 # 9 months ! # Yes Ubuntu XX.04 LTS # 5 years
  3. 3. H O S T I N G # SSD DigitalOcean.com linode.com ! # AWS - Good for Dynamic Hosting aws.amazon.com
  4. 4. B A S I C U P D AT E # Update all sudo apt-get -y update && sudo apt-get -y upgrade ! # Basic packages sudo apt-get install build-essential git-core sudo apt-get install curl    sudo apt-get install python-software-properties
  5. 5. N E V E R B E R O O T, N E V E R ! ! # Add deploy user adduser deploy --ingroup admin ! # Switch to Deploy user su deploy cd # To home directory ! # Allow deploy to run SUDO visudo root ALL=(ALL) ALL deploy ALL=(ALL) ALL
  6. 6. N O PA S S W O R D S P L E A S E ! # SSH with keys mkdir -p ~/.ssh touch ~/.ssh/authorized_keys sudo aptitude install vim vim ~/.ssh/authorized_keys ! # OR cat ~/.ssh/id_rsa.pub | ssh deploy@ip 'cat >> ~/.ssh/authorized_keys'
  7. 7. S S H - S E R V E R # Change port to XXXX # And turn off Root login and forbid passwords sudo vim /etc/ssh/sshd_config >>>>>>>>>>>> Port 3245 PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication no AllowUsers deploy@(your-ip) deploy@(another-ip-if-any) # Optional! <<<<<<<<<<<< ! # Restart ssh deamon sudo service ssh restart
  8. 8. S S H - C L I E N T # Generate SSH key ssh-keygen -t rsa ! # ~/.ssh/config Host mojejmeno HostName mujserver.com # /etc/hosts nebo IP Port XXXX User deploy
  9. 9. P R E V E N T AT TA C K S # Firewall ufw allow 80 # HTTP ufw allow 443 # HTTPS ufw enable ! # SSH ufw allow from {your-ip} to any port XXXX
  10. 10. P R E V E N T AT TA C K S # 2 # Fail2ban is a daemon that monitors login attempts to a server and blocks suspicious activity as it occurs. It’s well configured out of the box. apt-get install fail2ban
  11. 11. E N A B L E A U T O M AT I C S E C U R I T Y U P D AT E S # Install automatic upgrades apt-get install unattended-upgrades vim /etc/apt/apt.conf.d/10periodic >>>>>>>> APT::Periodic::Update-Package-Lists “1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade “1"; <<<<<<<< ! # Setup only security upgrades vim /etc/apt/apt.conf.d/50unattended-upgrades >>>>>>>> Unattended-Upgrade::Allowed-Origins { "Ubuntu lucid-security"; // "Ubuntu lucid-updates"; }; <<<<<<<<
  12. 12. E M A I L N O T I F I C AT I O N # Install LogWatch apt-get install logwatch vim /etc/cron.daily/00logwatch ! # Setup email notification /usr/sbin/logwatch --output mail --mailto ladislav@martincik.com --detail high
  13. 13. W H AT N E X T ? # Troubleshooting http://devo.ps/blog/2013/03/06/ troubleshooting-5minutes-on-a-yet-unknown- box.html ! # Keep Swipe file Every good dev/ops should have swipe file of the best work and stuff he did or will repeat.
  14. 14. H A P P Y, V P S I N G ! ! ! L A D I S L A V M A R T I N C I K { @ M A R T I N C I K }

×