1- Server Setup
Log in to your server
Once your machine is up and running SSH to the server.
ssh root@IP.x.x.x
OR
ssh -i key.pem root@IP.x.x.x
System Update/Upgrade
Now we are inside the machine, update and upgrade the system.
sudo apt update -y
sudo apt upgrade -y
Change Password
Once system has been updated/upgraded You can change your password (optional)
passwd
Add a new non-root user and add it to sudoers
sudo usermod -aG sudo username
sudo -l -U username #Verify the user has sudo access
OR
useradd -m -s /bin/bash username
groups username
usermod -aG sudo username
Set password for new user
sudo passwd username
Now log in as a new user:
ssh username@192.IP.IP.IP
Authenticate using SSH and Restrict Password Login (Recommended)
ssh-keygen -t ed25519 -C "user@domain.com"
To view all public keys
Windows: C:\Users\YourUser\.ssh\id_ed25519.pub
Linux: cat ~/.ssh/id_ed25519.pub
Copy the content of the public(.pub) key file. Paste the public key into the file.
nano ~/.ssh/authorized_keys
ssh-add -k ~/.ssh/id_ed25519 #add it to the ssh utility
Disable password login if you only want authentication using ssh only.
sudo nano /etc/ssh/sshd_config
Search for: PasswordAuthentication=no
For root user: PermitRootLogin=no
Now restart the ssh service:
sudo service ssh restart "OR" sudo systemctl restart ssh
ssh username@IP.x.x.x #Login With ssh
2- Secure server with firewall
3- Setup Nginx on Ubuntu
Install and configure nginx on your ubuntu server
sudo apt install nginx
sudo systemctl start nginx #start service
sudo systemctl enable nginx #enable service
sudo vim /etc/nginx/sites-available/default #Create new server block config
Do nginx configuration for your site:
server {
listen 80; # Listen on port 80, the default HTTP port
server_name localhost; # The server name, here it is set to localhost
root /var/www/html; # The root directory where files are served from
index index.html index.htm; # The default files to serve
location / {
try_files $uri $uri/ =404; # Try to serve the requested URI, if not found return a 404
}
}
If /var/html/www doesn't exist
sudo mkdir -p /var/www/html
sudo chown -R $USER:$USER /var/www/html #Change ownership of the document root directory to the current user
sudo chmod -R 755 /var/www/html #set permission
Test the nginx server serving file:
cd /var/www/html
touch index.html #write some dummy code
sudo nginx -t #test the configuration
sudo systemctl reload nginx #reload to apply changes
Visit URL/IP to see if it works
Setup Ratelimit
sudo vim /etc/nginx/nginx.conf
Add the following code to the http block
http {
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=2r/s;
...
}
- $binary_remote_addr: This is a variable that holds the client’s IP address in a binary format. Using the binary format saves memory, which is important when dealing with large numbers of requests
- zone=mylimit:10m: This specifies the name and size of the shared memory zone used to store the state of rate limits. mylimit means the name of the zone. 10m means that the size of the zone is 10 megabytes.
- rate=2r/s: means that each IP address is allowed to make 2 requests per second
Edit nginx server block config to apply rate limit
sudo vim /etc/nginx/sites-available/default
# Add following inside server block
server {
...
location / {
limit_req zone=mylimit burst=20 nodelay;
try_files $uri $uri/ =404;
}
...
}
sudo nginx -t
sudo systemctl reload nginx
4- Setup SSL Certificate
sudo apt install certbot python3-certbot-nginx
sudo vim /etc/nginx/sites-available/default
server {
...
server_name test.arbab.com;
...
}
sudo nginx -t
# Obtain an SSL
sudo certbot --nginx -d test.arbab.com
Follow the prompts:
- Enter the email address associated with your domain registrar account.
- Accept the terms of service.
- Press Enter to continue.
Renew Certificate
sudo certbot renew --dry-run #To check if the certificate is close to expiring
sudo certbot renew
Top comments (0)