Add bare beginnings to server hosting guide/blog posts

4 years ago · 192cbf9cd5
parent 8fb106ff43
commit 192cbf9cd5
4 changed files with 194 additions and 35 deletions
--- a/blog/add-domain-to-server.html
+++ b/blog/add-domain-to-server.html
@ -0,0 +1,69 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<meta name="description" content="To avoid using an IP, this guide will help you point your domain name at your server.">
+		<meta name="keywords" content="Blog, articles, news, DNS, domain, server">
+		<meta name="author" content="Nathan (Aney) Steel">
+		<meta name="theme-color" content="white">
+		<meta name="theme-color" content="black">
+		<link rel="stylesheet" type="text/css" href="/main.css">
+		<link rel="icon" type="image/png" href="/images/favicon.svg">
+		<title>Link your domain name to your server</title>
+	</head>
+
+	<body>
+		<header>
+			<h1>Link your domain name to your server</h1>
+			<hr/>
+			<nav>
+				<a href="/">home</a>
+				<a href="/equipment.html">equipment</a>
+				<a href="/projects.html">projects</a>
+				<a href="/blog/">blog</a>
+				<a href="/sitemap.html">misc</a>
+				<a href="/support.html">support</a>
+			</nav>
+			<hr/>
+		</header>
+
+		<main>
+			<section>
+				<p class="intro">To avoid needing to remember an IP, this guide will help to link your domain name to your server.</p>
+				<h2>Login to your domain name registrar</h2>
+				<p>Login to the registrar, and select the domain name you want to point at your server.</p>
+
+				<h2>Find the section for DNS</h2>
+				<p>The domain name should have a section named, "DNS", "Custom DNS records", or something similar to this. Find, and open it, there should be a bunch of boxes and an option to add a new record</p>
+
+				<h2>Add the A record</h2>
+				<p>There will likely be many option for adding records, but all we need is to add a singular A record</p>
+				<p>Find the box that allows you to "Add a new record" and input the below, changing <IP> and <DOMAIN> with your IP address, and domain name</p>
+				<pre>
+					<code>
+					</code>
+				</pre>
+
+				<p>If there are not multiple boxes, but instead a single box to input your record into, this will be what you add instead</p>
+				<pre>
+					<code>
+					</code>
+				</pre>
+
+				<h2>Wait for propagation</h2>
+				<p>Now there's a bit of a waiting game, as you need to wait for the new DNS record to propagate (get updated) for all nameservers. This can be anywhere from instantly to 72 hours, but typically takes an hour or two.</p>
+
+				<h3>Check your domain has propagated</h3>
+				<p>Pinging the domain name will let you know when the IP has propagated, as when the ping command shows your IP, you're all set</p>
+
+			</section>
+		</main>
+
+		<footer>
+			<hr/>
+			<p>Written by <a href="http://www.aney.co.uk" target="_blank" rel="noopener">@aney</a> with <a href="https://danluu.com/web-bloat/" target="_blank" rel="noopener">web bloat</a> in mind | <a href="https://github.com/Aney/website" target="_blank" rel="noopener">Source Code</a></p>
+		</footer>
+	</body>
+</html>
+
--- a/blog/debian-server-setup.html
+++ b/blog/debian-server-setup.html
@ -32,16 +32,17 @@
 		<main>
 			<section>
 				<p>This section assumes you have a fresh Debian 11 install on a server (either physical or VPS)</p>
-				<p>It will cover installing the essentials for access, and basic security so you don't need to worry in the future. This section may seem a little daunting for a first-time linux user, but most of it is copy/paste, hopefully with enough description to understand what is being done.</p>
+				<p>It will cover installing the essentials for access, and basic security so you don't need to worry in the future. This section may seem a little daunting for a first-time linux user, but most of it is copy/paste, hopefully with enough description to understand what is being done. Just remember not to copy the $/root$ they're there to show what user/directory we're in. </p>
 			</section>

 			<section>
-				<p>This first section will be done on the physical PC, or on the VPS via their website</p>
+				<p>This first section will be done on the physical PC, or on the VPS via their website, or SSH'd as root if that's the option given.</p>
+
 				<h2>Update the OS</h2>
 				<p>Even with a fresh install of Debian from the latest ISO, there may be some updates you're missing, and it's a good idea to have these, especially in case they're security updates.</p>>
 				<pre>
 					<code>
-						root# apt update && apt upgrade	
+						root$ apt update && apt upgrade	
 					</code>
 				</pre>

@ -49,13 +50,13 @@
 				<p>These are packages that are needed for accessing, and controlling the server</p>
 				<pre>
 					<code>
-						root# apt install sudo ssh	
+						root$ apt install sudo ssh	
 					</code>
 				</pre>
 				<h3>Some useful packages too</h3>
 				<pre>
 					<code>
-						root# apt install vim htop wget curl tmux	
+						root$ apt install vim htop wget curl tmux	
 					</code>
 				</pre>

@ -63,29 +64,109 @@
 				<p>You want to avoid using root as much as possible in regular use, so a new user for yourself is a must</p>
 				<pre>
 					<code>
-						root# adduser <USERNAME>	
-						root# usermod -aG sudo <USERNAME>
+						root$ adduser <USERNAME>	
+						root$ usermod -aG sudo <USERNAME>
 					</code>
 				</pre>
 				<p>*replace <USERNAME> with the user you want to create, e.g. nathan</p>

-				<h2>Set static IP</h2>
-				<p><strong>TODO: Homeserver</strong>. If the server is a physical PC in your home you will need to set a static IP, otherwise your router could assign a differnent IP on reboot, and this would mess with port forwarding, and internal DNS.</p>
+				<h2>(Local server) Set static IP</h2>
+				<p>If the server is a physical PC in your home you will need to set a static IP, otherwise your router could assign a differnent IP on reboot, and this would mess with port forwarding, and internal DNS.</p>

 				<h2>Secure ssh</h2>
+				<p>Although this is optional, I recommend it, as SSH (secure shell) will be the primary means of access to the server.</p>
+				<pre>
+					<code>
+						root$ vim /etc/ssh/sshd_config
+					</code>
+				</pre>
+				<p>Within the editor you will need to search for <strong>PermitRootLogin</strong> and set it to <strong>no</strong>, this prevents ssh as root</p>
+				<p>Search for <strong>Port</strong> and set it to a different port to 22, a port over 1024 prevents basic nmap scans, and therefor a lot of bruteforcing, so let's go with 2020 so it's easy to remember</p>
+				<p>Below the <strong>Port</strong> line, add a new line with <strong>Protocol 2</strong> this enables ssh2, which is more secure</p>
+				<p>(Optional) Comment/Add a <strong>#<strong> to the beginning of the <strong>passwordlogin</strong> line. This will prevent sshing to the server from any PC that doesn't have it's SSH key on the server already. I recommend only doing this if your sshkeys are on the server, or you're comfortable adding them.</p>
+				<pre>
+					<code>
+						root$ systemctl reload sshd
+					</code>
+				</pre>
+				<p>This reloads the ssh daemon, and enables all the changes we've made</p>

 				<h2>Setup UFW</h2>
+				<p>UFW (Uncomplicated Firewall) is a simple to use firewall, that can be used to easily open/close ports on your server.</p>
+				<p>We'll install ufw, deny access inwards to all ports, but allow our server to access any ports outwards. We will then manually allow inwards traffic to the SSH port we set, in this case 2020</p>
+				<pre>
+					<code>
+						root$ apt install ufw
+						root$ ufw deny incoming
+						root$ ufw allow outgoing
+						root$ ufw allow 2020
+						root$ ufw enable
+					</code>
+				</pre>
+				<p>If there are any other ports that need to be opened in the future this can be done with:</p>
+				<pre>
+					<code>
+						root$ ufw allow <PORT>
+					</code>
+					or
+					<code>
+						root$ sudo ufw allow <PORT>
+					</code>
+				</pre>

 				<h2>Set hostname</h2>
 				<p>Setting the name for a server is an important step, but the name doesn't need to be serious</p>
+				<pre>
+					<code>
+						root$ vim /etc/hosts
+						root$ vim /etc/hostname
+					</code>
+				</pre>
+				<p>Within both of these files the hostname should be changed to the same thing</p>

 			</section>

 			<section>
-				<p>This next section can be done via a terminal, or a SSH client else you can secure shell with e.g. PuTTY for Windows</p>
+				<p>This next section can be done via a terminal, or an SSH client e.g. PuTTY for Windowss. For the sake of the guide, this assume you're using a Unix terminal</p>
 				<h2>Create an SSH key</h2>
+				<p>We'll create an ed25519 ssh-key, as it's more secure, and performant than the defaultrsa</p>
+				<pre>
+					<code>
+						$ ssh-keygen -t ed25519
+					</code>
+				</pre>
 				<h2>SSH into the server</h2>
+				<p>This is a two part section, and I recommend using this every time you SSH into a server from a new PC</p>
+				<pre>
+					<code>
+						$ ssh <USER>@<HOST> -p 2020
+					</code>
+				</pre>
+				<p>This will likely display a message asking to verify the key for the server. This is to prevent man-in-the-middle attacks, so I reccommend verifying this whenever asked.</p>
+				<p>To check the key for the server, you need to run this command on the server.</p>
+				<pre>
+					<code>
+						$ ssh-keygen -l -f /etc/ssh/ssh_host_<KEY>_key.pub	
+					</code>
+				</pre>
+				<p>Replace <KEY> with the key the message is asking about. Then if key the server shows matches that on your PC you are SSHing from, type <strong>yes</strong> and hit enter</p>
+
+				<h2>TODO:(Optional) Fail2Ban</h2>
+
+				<h2>TODO:(Optional) Unattended Upgrades</h2>
+				<p>Updates to a server typically want to be done by a human in case things go wrong, but smaller updates can be set to be done automatically</p>
+
+				<h2>TODO:(Optional) Setup User preferences</h2>
+				<p>These are a few things I personally like to have on a basic server</p>
+				<h3>Vi mode bash</h3>
+				<h3>Aliases</h3>
+				<h3>Ctrl-L clear-screen</h3>
+				<h3>BashRC PS1</h3>

+				<h2>Server maintance notes</h2>
+				<p>Keep the server up-to date as much as possible</p>
+				<p>Only install things that you need. If this is a server for learning, half ignore this, but for production servers only install services, and make changes that are required.</p>
+				<p>

 			</section>
 		</main>
--- a/blog/guide-to-server-hosting.html
+++ b/blog/guide-to-server-hosting.html
@ -5,7 +5,7 @@
 		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<meta name="title" content="Aney's guide to server hosting">
 		<meta name="description" content="Learn to host a public/private server with a bunch of great services">
-		<meta name="keywords" content="Blog, articles, news, server, hosting, website">
+		<meta name="keywords" content="Blog, server, hosting, website, guide, admin, homelab, self-host">
 		<meta name="author" content="Nathan (Aney) Steel">
 		<meta name="theme-color" content="white">
 		<meta name="theme-color" content="black">
@ -31,57 +31,59 @@

 		<main>
 			<section>
-				<p class="intro">If you want to start getting into server hosting, system administration, or just want to get a basic minecraft/web server up for you and your friends, then welcom. We all start somewhere, and I would love if I could get your foot in the door.<br/>I'll be adding to this guide whenever I get time, and will update it's readibility once it's 'complete'.</p>
+				<p class="intro">If you want to start getting into server hosting, system administration, or just want to get a basic minecraft/web server up for you and your friends, then welcome. We all start somewhere, and I would love if I could get your foot in the door.</p>
+				<p>This is a WIP, so I'll be adding to this guide whenever I get time, and will update it's readibility once it's 'complete'.</p>

 				<h2>Basic Server setup</h2>
 				<ul>
-					<li>Get a server</li>
+					<li>TODO:Get a server</li>
 					<li><a href="/blog/debian-server-setup.html">Basic Debian Server setup (with some security)</a></li>
-					<li>Get a domain name</li>
-					<li>Connect your server and domain name</li>
+					<li>TODO:Get a domain name</li>
+					<li><a href="/blog/add-domain-to-server.html">Connect your server and domain name</a></li>
 				</ul>
-				<p>Now you officially own a server, but currently all you can do is SSH into it, so let's get some services on there</p>
+				<p>Now you officially own, and have setup a server. Currently all you can do is SSH into it though, so let's get some services on there</p>

 				<h2>Nginx Webserver</h2>
-				<p>A great first service for any server is a website, even if it's just a little page to let people know you own the server</p>
+				<p>A great first service for any server is a website, even if it's just a little page to let people know you own the server/domain name</p>
 				<ul>
-					<li>Install nginx</li>
-					<li>Setup your first website</li>
-					<li>Add an SSL certificate w/Certbot</li>
-					<li>Nginx web hardening</li>
-					<li>Add PHP to your webserver (optional)</li>
+					<li>TODO:Install nginx</li>
+					<li>TODO:Setup your first website</li>
+					<li>TODO:Add an SSL certificate w/Certbot</li>
+					<li>TODO:Nginx web hardening</li>
+					<li>TODO:Add PHP to your webserver (optional)</li>
 				</ul>

 				<h2>MariaDB Database</h2>
 				<p>A database is a great tool to store, access, and filter data. Typically used alongside a website, or other services, but can be useful standalone if you know what you're doing</p>
 				<ul>
-					<li>Install mariaDB</li>
-					<li>SQL cheatsheet</li>
-					<li>Adminer install</li>
-					<li>Backup databases (optional)</li>
+					<li>TODO:Install mariaDB</li>
+					<li>TODO:SQL cheatsheet</li>
+					<li>TODO:Adminer install</li>
+					<li>TODO:Backup databases (optional)</li>
 				</ul>

 				<h2>Backup your server!</h2>
-				<p>Backups are super useful. If something breaks, or gets accidentally deleted you can always use a backup to get back to operational</p>
+				<p>Backups are super useful. If something breaks, or gets accidentally deleted you can always use a backup to get back it back</p>
 				<ul>
-					<li>Setup rsync</li>
-					<li>Setup rdiff-backup</li>
-					<li>Setup backup cronjob(s)</li>
+					<li>TODO:Setup rsync</li>
+					<li>TODO:Setup rdiff-backup</li>
+					<li>TODO:Setup backup cronjob(s)</li>
 				</ul>

 				<h2>Run virtual machines</h2>
 				<p>Virtual machines allow you to use your server as multiple servers at once, with different operating systems, services, files, etc.</p>
 				<ul>
-					<li>Setup Qemu/KVM</li>
-					<li>Setup a bridged adapter</li>
-					<li>Setup a virtual machine</li>
-					<li>Virsh cheatsheet</li>
+					<li>TODO:Setup Qemu/KVM</li>
+					<li>TODO:Setup a bridged adapter</li>
+					<li>TODO:Setup a virtual machine</li>
+					<li>TODO:Virsh cheatsheet</li>
 				</ul>

 				<h2>Proxy services to port 80/433</h2>
 				<p>Many services you install will be accessible via the web, but will use a different ports. Proxying these allows access (and security) without the need to append a port to the server address</p>

 				<h2>Additional services/potential guides</h2>
+				<p>Unless there is an anchor, these are all "TODO", and may just be omitted from this guide</p>
 				<ul>
 					<li>Install debain on home server</li>
 					<li>Self hosting and port forwarding</li>
--- a/blog/index.html
+++ b/blog/index.html
@ -32,9 +32,16 @@
 		<main>
 			<section>

+				<h2>Pinned</h2>
+				<ul>
+					<li><a href="/blog/guide-to-server-hosting.html">Aney's guide to server hosting</a></li>
+				</ul>
+				
 				<h2>2022</h2>
 				<ul>
-					<li><a href="/blog/guide-to-server-hosting.html">Aney's guide to server hosting</a> - 22/05/2022</li>
+					<li><a href="/blog/add-domain-to-server.html">Link your domain name to your server</a> - 24/05/2022</li>
+					<li><a href="/blog/debian-server-setup.html">Debian Server Setup</a> - 24/05/2022</li>
+					<li><a href="/blog/guide-to-server-hosting.html">Aney's guide to server hosting</a> - 24/05/2022</li>
 				</ul>

 				<h2>2021</h2>