Dit bericht verscheen eerder bij FOSSlife
Automate and Protect
At this point, you have a VPS up and running, and it has a domain name associated with it. But the VPS can’t do much until you install the required software and specify a basic configuration. At the very least, you need to add a non-privileged user, add the user to sudoers, install a web server, configure a virtual host, and enable SSL. Completing all these tasks is not particularly difficult, but it does require some manual work. It can quickly become a chore if you regularly spin new VPS instances and reset the existing ones. This is where the VPS Express package cobbled together by yours truly can come in rather handy. The package includes a Bash shell script that does the following:
- Updates software repositories and installs the required packages
- Sets up and configures a virtual host (an Apache configuration that basically redirects a domain name to the dedicated directory in the document root of the server)
- Enables SSL HTTP connections
- Sets up MariaDB
- Creates a new MariaDB user with administrative privileges
- Creates a MariaDB database
Run the script, and you have a ready-to-go VPS, running the Apache/MariaDB/PHP stack. The most straightforward way to run the script directly on the VPS is to use the following command as root:
curl -sSL https://raw.githubusercontent.com/dmpop/vps-express/main/vps-installer.sh | bash
However, if you’d prefer to study and modify the script before running it, clone the project’s repository using the command:
git clone https://github.com/dmpop/vps-express.git
Note that the script is designed to work on Ubuntu, so if your VPS is running a different Linux distribution, you have to adjust the script before you run it.
Of course, you can extend the script to perform additional tasks, if needed. For example, if you want the script to automatically fetch the Adminer tool for working with popular database engines, you can add the following command to the script (replace the example values with the actual version number and document root):
wget https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php -O /var/www/html/hello.xyz/adminer.php
Next, you need to make the VPS instance more secure. Linux hardening is a complex topic that warrants a separate article, but as the bare minimum, you want to enable automatic upgrades as well as configure and enable the Fail2ban tool.
Enabling automatic upgrades ensures that your VPS runs the latest software that includes all security fixes. Enabling this feature on Ubuntu is a matter of installing the unattended-upgrades package and enabling it:
apt install unattended-upgrades dpkg-reconfigure unattended-upgrades
The Fail2ban tool makes it possible to ban an IP address after a specified number of unsuccessful login attempts, which makes brute force attacks less effective. The VPS installer script installs Fail2ban automatically, so you only need to configure and enable the tool. First, create a new configuration file by copying the supplied template:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Open the new configuration file for editing using the command:
nano /etc/fail2ban/jail.local
Scroll down to the [sshd]
section, and add the following options:
enabled = true maxretry = 3
This enables Fail2ban for the incoming SSH connection and sets the number of unsuccessful login attempts to 3
. Save the changes, and then enable and start the Fail2ban service:
systemctl enable fail2ban systemctl start fail2ban
Run the systemctl status fail2ban command to check whether the service is up and running.
Safe Landing
Whenever you point a browser to the domain name assigned to the VPS, you’re greeted with the default Apache page. If you want to replace the default page with something more useful, you might want to give the landing page template that comes with VPS Express a try. Written in PHP, the landing page provides basic information about the VPS it’s running on, a five-day weather forecast for the specified location, a section with user-defined links, and a feed section where you can add your favorite RSS feeds (Figure 2). To configure the available settings, open the index.php
file for editing and adjust the user-defined settings. Most of these settings are self-explanatory, so you shouldn’t have problems figuring out what they do and how to configure them. To be able to use the weather forecast functionality, you need to obtain an OpenWeatherMap API key. Once you’re done editing the settings, save the changes and upload the index.php
file along with the fonts
and css
folders into the document root of the server.
Dit bericht verscheen eerder bij FOSSlife