Preparing Linux Server
Installing
Installing and strenghtening new VPS Linux server.
In many virtualized environments you can automate installation using cloud-init config file.
Here is an example (ToDo: Jinja templating with cloud-init)
Steps for manual installation
Update system
apt update
apt upgrade
Change root passwor
passwd
Add sudo user
adduser myusername
usermod -aG sudo myusername
Add authorized public keys for logging in over ssh.
mkdir .ssh
nano .ssh/authorized_keys
... add public keys one per row
Disable password authentication for ssh. ⚠️ Be carefull not to disable password logins without adding authorized_keys.
sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.\*$/PasswordAuthentication no/' /etc/ssh/sshd_config
Edit sshd_config for additional options like:
- PermitRootLogin no
- PubkeyAuthentication yes
- PasswordAuthentication no
- KbdInteractiveAuthentication no
- AuthorizedKeysFile
- AllowUsers
sudo nano /etc/ssh/sshd_config
sudo service ssh restart
Enable firewall
ufw allow OpenSSH
ufw enable
Protect SSH DDosig
apt install fail2ban
systemctl status fail2ban.service
printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
Enable automatic updates
apt install unattended-upgrades
dpkg-reconfigure unattended-upgrades
nano /etc/apt/apt.conf.d/50unattended-upgrades
systemctl status unattended-upgrades
Some other stuff
Install SSL certificates on VPS
curl https://get.acme.sh | sh
.acme.sh/acme.sh --issue -d yourdomain.com -d www.yourdomain.com -d mail.yourdomain.com -w /home/public_html/ --server letsencrypt
Self Hosting with Coolify
-
Coolify requires root ssh access. Try configuring sshd_config with
PermitRootLogin: prohibit-password -
Need to use DNS challenge for SSL certificate requests
Static Web page with Hugo
- On Coolify
- On CloudFlare