There are some few steps that you should take to setup your VPS to survive the Internets viciousness and to make it more convenient for your use. Below are some of the things I do on any VPS I purchase. Most of my VPS run on Centos so am going to use Centos based commands and file paths for this illustration. But you can of course use the same guidelines and change the commands used to suite your distro.
1. Update the system
When you setup a new VPS, its important to run an update of all packages available even before you start using it. In centos, this can be done by running a simple yum update command
[root@host
~]# yum update -y
2. Change your hostname
The default hostname that a VPS comes with is normally hard to memorize. Ideally, a hostname is supposed to be a reference to an IP address, so that we use the hostname instead of the harder to memorize IP address to access the server. So we need to customize the hostname to something you would love to use – not struggle to use otherwise we’d be beating this logic
The first step is to create an A record of your hostname so it resolves to your VPS IP, then add it as follows from terminal.
[root@host
~]# hostnamectl set-hostname
serv.domain.tld
3. Change your time and timezone
Its convenient to use your local time and timezone for your VPS. This helps applications to provide logs using a timestamp that translates to local time
You can update time zone using the command below:
[root@host
~]# timedatectl set-timezone
Africa/Nairobi
You can also sync your time with a local time ntp server. In Kenya, for instance, we can use 0.ke.pool.ntp.org
[root@host ~]# yum install -y ntpdate
[root@host ~]# ntpdate 0.ke.pool.ntp.org
You can check out more ways to manage time on this link You can also check your local ntp server here
4. Install useful utilities
I have never had a server and failed to want to use vim or wget. I always find myself in a situation where I’ll need them. So, why not install them once and for all? Also, I find the epel repositiry to be very useful
[root@host ~]# yum install -y vim wget screen epel-release
5. Configure sudoer
Its common practice to disable root login to your server. This means you need t configure another username to use for remote logins. You want to be able to use sudo with such a user hence must configure the user to be a sudoer too. Run command below to create a user called wallace
[root@host ~]# useradd wallace
[root@host ~]# usermod -aG wheel wallace
Then add the line below in the sudoers file, which can be accessed by typing visudo
wallace ALL=(ALL) NOPASSWD:ALL
6. Change SSH port from default 22
Changing the default SSH port is an important step towards securing your server even from automated script brute force attacks. You can miss every other step stated before and after this one, but never fail to change your SSH port. Its advisable to select a port greater than 1000 as most ports below that are assigned to various common services already, and assigning the same port to different services causes issues.
[root@host
~]# vim /etc/ssh/sshd_config
[root@host
~]# systemctl
restart sshd
7. Configure ssh key login
It is more convenient and safer to use ssh keys to login compared to passwords authentication. This can be configured in the ssh configuration file. In /etc/ssh/sshd_config file, set PubkeyAuthentication to yes
8. Update user passwords
Change the password your VPS provider sent you to something different.
[root@host
~]# passwd
Changing
password for user root.
New
password:
Retype
new password:
9. Install a firewall.
All Internet accessible servers need a firewall, no matter what app will be running there. Personally, I like csf so that’s what I install for my VPS normally. SO first, disable possibly preconfigured firewalls such as firewalld or selinux (common with OVH VPS). Then install csf.
[root@host ~]# cd /usr/src;rm -fv csf.tgz; wget https://download.configserver.com/csf.tgz; tar -xzf csf.tgz;cd csf; sh install.sh
After that, remember to remove csf from TESTING mode by setting TESTING =0 in /etc/csf/csf.conf file and then enable lfd so they auto start anytime system is rebooted.
[root@host ~]#
systemctl
enable lfd
That should set you up well to start off running your application now.
I have been absent for a while, but now I remember why I used to love this website. Thanks , I will try and check back more often. How frequently you update your site?