diff --git a/blog/add-domain-to-server.html b/blog/add-domain-to-server.html index 5bfc9bb..c46d70b 100644 --- a/blog/add-domain-to-server.html +++ b/blog/add-domain-to-server.html @@ -40,16 +40,12 @@

Add the A record

There will likely be many option for adding records, but all we need is to add a singular A record

Find the box that allows you to "Add a new record" and input the below, changing and with your IP address, and domain name

- 
-					
-					
-
+ +

If there are not multiple boxes, but instead a single box to input your record into, this will be what you add instead

- 
-					
-					
-
+ +

Wait for propagation

Now there's a bit of a waiting game, as you need to wait for the new DNS record to propagate (get updated) for all nameservers. This can be anywhere from instantly to 72 hours, but typically takes an hour or two.

diff --git a/blog/debian-server-setup.html b/blog/debian-server-setup.html index 3a4e57a..7acae7b 100644 --- a/blog/debian-server-setup.html +++ b/blog/debian-server-setup.html @@ -39,34 +39,23 @@

Update the OS

Even with a fresh install of Debian from the latest ISO, there may be some updates you're missing, and it's a good idea to have these, especially in case they're security updates.

- 
-					
-						root$ apt update && apt upgrade	
-					
-
+ + 
apt update && apt upgrade

Install essential packages

These are packages that are needed for accessing, and controlling the server

- 
-					
-						root$ apt install sudo ssh	
-					
-
+ + 
apt install sudo ssh
+

Some useful packages too

- 
-					
-						root$ apt install vim htop wget curl tmux	
-					
-
+ 
apt install vim htop wget curl tmux

Add a user, and give super user privilleges

You want to avoid using root as much as possible in regular use, so a new user for yourself is a must

- 
-					
-						root$ adduser 	
-						root$ usermod -aG sudo 
-					
-
+ +
adduser 	
+usermod -aG sudo
+

*replace with the user you want to create, e.g. nathan

(Local server) Set static IP

@@ -74,53 +63,38 @@

Secure ssh

Although this is optional, I recommend it, as SSH (secure shell) will be the primary means of access to the server.

- 
-					
-						root$ vim /etc/ssh/sshd_config
-					
-
+ + 
vim /etc/ssh/sshd_config
+

Within the editor you will need to search for PermitRootLogin and set it to no, this prevents ssh as root

Search for Port and set it to a different port to 22, a port over 1024 prevents basic nmap scans, and therefor a lot of bruteforcing, so let's go with 2020 so it's easy to remember

Below the Port line, add a new line with Protocol 2 this enables ssh2, which is more secure

-

(Optional) Comment/Add a # to the beginning of the passwordlogin line. This will prevent sshing to the server from any PC that doesn't have it's SSH key on the server already. I recommend only doing this if your sshkeys are on the server, or you're comfortable adding them.

- 
-					
-						root$ systemctl reload sshd
-					
-
+

(Optional) Comment/Add a # to the beginning of the passwordlogin line. This will prevent sshing to the server from any PC that doesn't have it's SSH key on the server already. I recommend only doing this if your sshkeys are on the server, or you're comfortable adding them.

+ + 
systemctl reload sshd
+

This reloads the ssh daemon, and enables all the changes we've made

Setup UFW

UFW (Uncomplicated Firewall) is a simple to use firewall, that can be used to easily open/close ports on your server.

We'll install ufw, deny access inwards to all ports, but allow our server to access any ports outwards. We will then manually allow inwards traffic to the SSH port we set, in this case 2020

- 
-					
-						root$ apt install ufw
-						root$ ufw deny incoming
-						root$ ufw allow outgoing
-						root$ ufw allow 2020
-						root$ ufw enable
-					
-
+ +
apt install ufw
+ufw deny incoming
+ufw allow outgoing
+ufw allow 2020
+ufw enable

If there are any other ports that need to be opened in the future this can be done with:

- 
-					
-						root$ ufw allow 
-					
-					or
-					
-						root$ sudo ufw allow 
-					
-
+ 
ufw allow
+

or

+ 
sudo ufw allow

Set hostname

Setting the name for a server is an important step, but the name doesn't need to be serious

- 
-					
-						root$ vim /etc/hosts
-						root$ vim /etc/hostname
-					
-
+ +
vim /etc/hosts
+vim /etc/hostname
+

Within both of these files the hostname should be changed to the same thing

@@ -129,25 +103,17 @@

This next section can be done via a terminal, or an SSH client e.g. PuTTY for Windowss. For the sake of the guide, this assume you're using a Unix terminal

Create an SSH key

We'll create an ed25519 ssh-key, as it's more secure, and performant than the defaultrsa

- 
-					
-						$ ssh-keygen -t ed25519
-					
-
+ 
ssh-keygen -t ed25519
+

SSH into the server

This is a two part section, and I recommend using this every time you SSH into a server from a new PC

- 
-					
-						$ ssh @ -p 2020
-					
-
+ 
ssh @ -p 2020
+

This will likely display a message asking to verify the key for the server. This is to prevent man-in-the-middle attacks, so I reccommend verifying this whenever asked.

To check the key for the server, you need to run this command on the server.

- 
-					
-						$ ssh-keygen -l -f /etc/ssh/ssh_host__key.pub	
-					
-
+ + 
ssh-keygen -l -f /etc/ssh/ssh_host__key.pub
+

Replace with the key the message is asking about. Then if key the server shows matches that on your PC you are SSHing from, type yes and hit enter

TODO:(Optional) Fail2Ban