| Line 18: | Line 18: | ||
in updating the name service. | in updating the name service. | ||
| − | =Login to Server & perform preliminaries= | + | = Server Setup = |
| + | |||
| + | ==Login to Server & perform preliminaries== | ||
At this point log into the server to ensure that the service is up and running. There are a number of steps you can perform that will make | At this point log into the server to ensure that the service is up and running. There are a number of steps you can perform that will make | ||
the remaining steps easier. First loging to the server. Then setup a user prompt to make navigation easier. Switch to root (or use sudo in | the remaining steps easier. First loging to the server. Then setup a user prompt to make navigation easier. Switch to root (or use sudo in | ||
| Line 28: | Line 30: | ||
$ apt upgrade | $ apt upgrade | ||
$ apt install man | $ apt install man | ||
| + | |||
| + | ==Apt error== | ||
| + | If you receive the "apt error" mesage put "nameserver 8.8.8.8" in /etc/resolve.conf. | ||
| + | $ echo 'nameserver 8.8.8.8 >>' /etc/resolve.conf | ||
| + | |||
| + | ==Secure the SSH login== | ||
| + | The following changes will disable logging into the server by using a password on any account and prevent logging into root remotly. Root can | ||
| + | still be accessed by logging into a ''sudo'' enabled account and using the command ''su root''. For more information on the sshd_config file | ||
| + | options, go [https://man.openbsd.org/sshd_config here]. The unattended-upgrades package is used to keep they server up to date automatically. | ||
| + | $ sudo vim /etc/ssh/sshd_config | ||
| + | ChallengeResponseAuthentication no | ||
| + | PasswordAuthentication no | ||
| + | PermitRootLogin no | ||
| + | $ service ssh reload | ||
| + | $ apt install unattended-upgrades | ||
| + | $ dpkg-reconfigure --priority=low unattended-upgrades | ||
| + | $ sudo unattended-upgrade -d | ||
Revision as of 10:27, 28 May 2018
Deploying a Web Server
Contents
Dependencies - Launch Cloud Instance
Before deploying a web server, first a cloud instance must be lauched. The instruction to do this can be found here. For the remainder of the instructions the ip address used is 199.241.164.95, this is for demonstration purposes and you should replace it with your assigned floating IP address.
- login to cloud.sharcnet.ca
- Don’t forget volume size
- Choose Debian 9.2.2 (not required, but the remaining instructions are Debian centric).
- Choose persistent (ephemeral is for shorter jobs) (4C-8GB)
- Setup keypair
- Associate floating ip
(Optional) Apply IP Address to your name server
If you have a registered domain name you should apply your floating IP address to it so that you can use the "let's encrypt" service to enable the secure socket layer without client side warnings. It is often best to do this at the beginning as there is typically a delay in updating the name service.
Server Setup
Login to Server & perform preliminaries
At this point log into the server to ensure that the service is up and running. There are a number of steps you can perform that will make the remaining steps easier. First loging to the server. Then setup a user prompt to make navigation easier. Switch to root (or use sudo in from of the remaining commands). Update and upgrade the system. Last install the manual pages.
$ ssh debian@199.241.164.95 $ echo 'export PS1="\[\e[33m\]\w\[\e[0m\]\n\[\e[32m\]\u@\h$ \[\e[0m\]"' >> .bash_aliases $ sudo su root $ apt update $ apt upgrade $ apt install man
Apt error
If you receive the "apt error" mesage put "nameserver 8.8.8.8" in /etc/resolve.conf.
$ echo 'nameserver 8.8.8.8 >>' /etc/resolve.conf
Secure the SSH login
The following changes will disable logging into the server by using a password on any account and prevent logging into root remotly. Root can still be accessed by logging into a sudo enabled account and using the command su root. For more information on the sshd_config file options, go here. The unattended-upgrades package is used to keep they server up to date automatically.
$ sudo vim /etc/ssh/sshd_config ChallengeResponseAuthentication no PasswordAuthentication no PermitRootLogin no $ service ssh reload $ apt install unattended-upgrades $ dpkg-reconfigure --priority=low unattended-upgrades $ sudo unattended-upgrade -d