Tag Archives: cloud

Server Management Tool

If you have VPS and don’t know much on linux command to manage, you have option to use server management tools like the following

  1. runcloud.io
    1. come with 5 day free trial for PRO
    2. free package available with limited features
  2. serverpilot.io
  3. laravel forge – no trial or free package

good reading on review of those tools

AWS notes

Some notes on setting up AWS services.

EC2 (Elastic Compute Cloud)

Go to EC2 console and cilck Launch Instance.

There are 7 steps to go

  1. Choose an image to use – OS and services to use
    They call it as AMI – Amazon Machine Image
  2. Choose instance type – cpu, memory etc
    Refer available instance type with explanation
  3. Configure instance details – more configuration on the instance.
  4. Add storage
    The call it as EBS – Elastic Block Store
  5. Add tag – not sure what is this for
  6. Configure security group
  7. Review before launch

RDS (Relational Database Service)

S3 (Simple Storage Service)

AWS – full service diagram
(cilck to enlarge)

References:

  1. AWS 10-minute tutorial on some basic things
  2. AWS in plain english

DigitalOcean – Notes

This is my notes on digital ocean.

Click here to register with DigitalOcean and get free USD10 to start using the service.

I used to install Ubuntu 14.04 with LAMP on it. With this also get SFTP ready.

Manage users and groups

Change root password. If logged in as root

  • passwd

Add new user

  • adduser is perl script to simplify original useradd function
  • command – adduser username_here
  • just answer all questions asked
  • This add user function will …
    • Create the user named username.
    • Create the user’s home directory (default is /home/username and copy the files from /etc/skel into it.
    • Create a group with the same name as the user and place the user in it.
    • Prompt for a password for the user.
    • Prompt for additional information on the user.
  • allow user for sudo mode (optional) – usermod -a -G sudo <your username>
  • add user to group – adduser username groupname
  • more on adduser
  • and more

Manage groups for user

  • list group – cat /etc/group
  • add user to group – adduser usrname groupname

Manage services

Connect to server via SSH, in terminal type the following:

  • ssh username@yourdomain_or_ip

To get default MySQL root password, write this in terminal. Remove the file once done change the MySQL root password.

  • cat /etc/motd.tail

To enter mysql console

  • mysql -u root -p

Secure MySQL server. Run following command and answer all the questions.

  • mysql_secure_installation

To change MySQL root password:

  • mysqladmin -u root -p’oldpassword’ password newpass

To only allow certain IP to access directly to database

  • edit file /etc/mysql/my.cnf
  • comment line with IP 127.0.0.1
  • restart service – service mysql restart
  • enter following command in mysql command line
    • type mysql -u root -p
    • enter password when asked
  • mysql> GRANT ALL ON database_name.* TO user@xx.xxx.xx.xx IDENTIFIED BY ‘your_password’;
    • xx.xxx.xx.xx is the remote IP to access the server

Enable .htaccess (mod rewrite)

  • enable mod rewrite – sudo a2enmod rewrite
  • update file /etc/apache2/apache2.conf
  • change Override none to Override all for web root directory
  • restart service

To restart services (can also use stop and start)

  • service mysql restart
  • service apache2 restart

Install sendmail service (used by PHP mail function)

  • apt-get install sendmail
  • Run the sendmail config and answer ‘Y’ to everything: sendmailconfig

Server general settings

Change permission for directory (especially for ‘upload’ directory)

  • chmod 755 /path/directorypath

Change the timezone. By default using US time zone

  • sudo dpkg-reconfigure tzdata
  • follow instruction on screen
  • check if the date is correct by typing – date

To turn off server

  • sudo shutdown -h now
  • OR
  • sudo poweroff

Check for disk utilization

  • to check for disk utilization
    • df -h
  • to check for huge files location
    • sudo du -a / | sort -n -r | head -n 10

Securing the server

To update/upgrade OS

  • aptitude update
  • aptitude upgrade

Disable root login on SSH

  • edit /etc/ssh/sshd_config
  • set PermitRootLogin no
  • restart ssh – service ssh restart

Block IP’s from accessing certain services

Other measures:

  1. Disallow access to server via root username
  2. Disallow access directly to database from outside
  3. Close all unused ports. Left only web, SFTP, MySQL, SSH
  4. auto patch?

To explore

  • using VPN
  • using SSH key
  • creating ftp user to access only certain directory
  • virtual host (multiple domains for a server)
  • security for 777 chmod directory
  • change ssh port to different port (but still below 1024)
  • install fail2ban to protect against brute force attack

Additional tools

  1. Ansible.com
  2. Docker.com

Other reading and references

  1. Securing the server (SSH, VPN etc)
  2. Initial setup for Ubuntu 14.04

Editors

vi, vim, nano

Click here to register with DigitalOcean and get free USD10 to start using the service.