Nginx
Always run nginx -t before restarting,it’s your safety net.
Only open the ports you actually use (80/443).
Apache Tomcat
Create a separate user to run it, don’t use root!!!!!!.
Set JAVA_HOME and CATALINA_HOME early,missing these will waste hours.
Critical tip: After making a systemd service, run:
I lost so much time because I didn’t know this refreshes systemd’s brain.
RabbitMQ
Change the default username/password immediately.
By default, it only listens on 127.0.0.1. If you need remote access, switch it to 0.0.0.0, but lock it down with a firewall.
Memcached
If you must allow remote access, change it to 0.0.0.0 and secure it immediately.
Give it enough memory but leave room for the other services to breathe.
SQL Server
Create separate DB users with only the permissions they actually need.
Final takeaway: Doing it manually forces you to understand not just what to install, but why each part is there, how they talk to each other, and where things break.
Top comments (0)