10 Steps To Well Configured VPS
14
10 STEPS TO WELL CONFIGURED VPS FOR YOUR WEB APP. RUBACI.CZ MAY, 2014
-
Upload
ladislav-martincik -
Category
Technology
-
view
285 -
download
2
description
Linux, VPS, setup, Ubuntu
Transcript of 10 Steps To Well Configured VPS
1 0 S T E P S T O W E L L C O N F I G U R E D V P SF O R Y O U R W E B A P P. R U B A C I . C Z M A Y, 2 0 1 4
L I N U X D I S T R O
# NEVER Ubuntu XX.10 # 9 months !
# Yes Ubuntu XX.04 LTS # 5 years
H O S T I N G
# SSD DigitalOcean.com linode.com !
# AWS - Good for Dynamic Hosting aws.amazon.com
B A S I C U P D AT E
# Update all sudo apt-get -y update && sudo apt-get -y upgrade !# Basic packages sudo apt-get install build-essential git-core sudo apt-get install curl sudo apt-get install python-software-properties
N E V E R B E R O O T, N E V E R ! !
# Add deploy user adduser deploy --ingroup admin !# Switch to Deploy user su deploy cd # To home directory !# Allow deploy to run SUDO visudo root ALL=(ALL) ALL deploy ALL=(ALL) ALL
N O PA S S W O R D S P L E A S E !
# SSH with keys mkdir -p ~/.ssh touch ~/.ssh/authorized_keys sudo aptitude install vim vim ~/.ssh/authorized_keys !# OR cat ~/.ssh/id_rsa.pub | ssh deploy@ip 'cat >> ~/.ssh/authorized_keys'
S S H - S E R V E R# Change port to XXXX # And turn off Root login and forbid passwords sudo vim /etc/ssh/sshd_config >>>>>>>>>>>> Port 3245 PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication no AllowUsers deploy@(your-ip) deploy@(another-ip-if-any) # Optional! <<<<<<<<<<<< !# Restart ssh deamon sudo service ssh restart
S S H - C L I E N T
# Generate SSH key ssh-keygen -t rsa !# ~/.ssh/config Host mojejmeno HostName mujserver.com # /etc/hosts nebo IP Port XXXX User deploy
P R E V E N T AT TA C K S
# Firewall ufw allow 80 # HTTP ufw allow 443 # HTTPS ufw enable !# SSH ufw allow from {your-ip} to any port XXXX
P R E V E N T AT TA C K S # 2
# Fail2ban is a daemon that monitors login attempts to a server and blocks suspicious activity as it occurs. It’s well configured out of the box. apt-get install fail2ban
E N A B L E A U T O M AT I C S E C U R I T Y U P D AT E S# Install automatic upgrades apt-get install unattended-upgrades vim /etc/apt/apt.conf.d/10periodic >>>>>>>> APT::Periodic::Update-Package-Lists “1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade “1"; <<<<<<<< !# Setup only security upgrades vim /etc/apt/apt.conf.d/50unattended-upgrades >>>>>>>> Unattended-Upgrade::Allowed-Origins { "Ubuntu lucid-security"; // "Ubuntu lucid-updates"; }; <<<<<<<<
E M A I L N O T I F I C AT I O N
# Install LogWatch apt-get install logwatch vim /etc/cron.daily/00logwatch !# Setup email notification /usr/sbin/logwatch --output mail --mailto [email protected] --detail high
W H AT N E X T ?
# Troubleshooting http://devo.ps/blog/2013/03/06/troubleshooting-5minutes-on-a-yet-unknown-box.html !# Keep Swipe file Every good dev/ops should have swipe file of the best work and stuff he did or will repeat.
H A P P Y, V P S I N G ! ! !L A D I S L A V M A R T I N C I K { @ M A R T I N C I K }
