Beginners Of Vps Website Building

First we search the best web hosting providers for our website, the DedicatedCore is the best option for VPS hosting, we can purchase the hosting in affordable format by using this hosting services.

After purchasing a VPS, we first need to install a system for it. The common choices are CentOS and Debian. If you want top cheapest SSD vps hosting Netherlands best managed Linux server system, then you’ve come to the right place. The installation process is usually completed with one click, and there is no need to go into details.

However, after the system installation is completed, some initial configuration steps are needed to ensure the security and stability of our server and lay a solid foundation for our next station building work.

Below I will take CentOS 7 as an example to introduce these steps one by one for you (if there are any omissions, please leave a message to supplement).

Step 1: Root login

Usually we can use the web version of the shell tool on the VPS service provider’s website to directly log in to the server, or use the SSH command line tool, or use a third-party tool such as PuTTY / Bitvise SSH Client, according to the VPS service provider ‘s Our IP, port, password, and use the username ” root” to log in. Buy this physical server provider of best dedicated server hosting services at a reasonable price for 21x faster speed.

Notice

The root user has the highest authority of the system. Once someone with malicious intentions obtains the root user authority of your server, he can read/modify/delete any file in the system, or use your server to do anything (such as mining, sending fraudulent emails, etc.).

Step 2: Create a New User

The privileges of the root user are both convenient and dangerous. Therefore, we have to take measures to limit the use of root users. If you are searching to buy kvm vps for usa then cheap managed server hosting provider best for you.

First create a new user for yourself, here we create a user called “rookie”, you can replace it with a name of your choice:

adduser rookie

Then set a password for this user:

passwd rookie

Enter the password once on the command line first, and then repeat it for confirmation.

In this way, the user named “rookie” is created.

Step 3: Grant Root Permissions

The user created in the previous step does not have root privileges. However, in daily use, there are often operations that require root privileges (such as installing programs, modifying configurations, etc.). suIn order to avoid switching users back and forth after logging out and logging in, we can give this user root privileges so that we can use the / sudocommand to switch to the root user when needed.

In CentOS 7, we give the user root privileges by adding it to the “wheel” group.

gpasswd -a demo wheel

Now, this user can execute commands with root privileges.

Step 4: Set up Public Key Authentication (Recommended)

The authentication method of SSH user name + password may be cracked by brute force, and the use of SSH key authentication can further strengthen security.

●  Generate Key Pair

Execute the following command in a command line tool such as terminal or cmd of your local machine (non-server):

ssh-keygen

Add your local machine username as “localrookie” and you should see output similar to the following:

Generating public/private rsa key pair.

Enter file in which to save the key (/Users/localrookie/.ssh/id_rsa):

Press Enter to confirm or enter another file path.

Next, you can choose whether to set a password. If a password is set, you will need to enter the password when you log in with the private key in the future.

After the password is set, the key pair is generated under the previously specified path, including a private key file id_rsaand a public key file id_rsa.pub.

Notice

Keep your private key safe. If it is leaked, you should immediately regenerate the key pair and deploy a new public key to the server.

●  Deploy the Public Key to the Server –

After the key pair is generated, we need to configure the public key to the server, so that our local machine can use the private key to authenticate through SSH and log in to the server.

Option 1: Automatic Deployment using ssh-copy-id

If ssh-copy-idthe script (not under Windows), you can run the following commands directly on your local machine command line tool (replace username “rookie” and SERVER_IP_ADDRESS with your own):

ssh-copy-id rookie@SERVER_IP_ADDRESS

After entering your passphrase in the next prompt step, your public key will be deployed as .ssh/authorized_keysa file .

Option 2: Manual Deployment

Enter the following command in the server-side shell to switch to the newly created user:

su – rookie

Now your current directory in the shell will be switched to the user’s home directory.

Create .ssha directory and modify permissions:

mkdir .ssh

chmod 700 .ssh

.sshThen create a authorized_keysfile named in the directory:

nano .ssh/authorized_keys

id_rsa.pubCopy the content of the public key to this file, save and exit. ( nano is a command line text editor on Linux, please search for the specific usage method)

Then modify the permissions of the file:

chmod 600 .ssh/authorized_keys

Then execute the following command to return to the root user:

exit

Step 5: Configure SSH Daemon

Now that we have created a new user with root privileges, we need to modify the server’s SSH daemon configuration to allow new users to log in remotely using SSH, and to disable root users from logging in remotely using SSH.

Why do you do that? Because the user name of the root user is fixed, and password authentication is used to log in, the attacker only needs to brute force the layer of protection of the password; and if we use our newly created user authentication to log in, our user name is difficult for the attacker. It is also unknown: if user name + password authentication is used, the attacker needs to brute force the combination of account and password, which greatly increases the difficulty; and if user name + key authentication is used, the attacker also needs to obtain our private key. The difficulty is further increased.

Enter the following command in the server shell to edit the SSH daemon configuration file:

nano /etc/ssh/sshd_config

Find PermitRootLoginthis line, change “yes” to “no”; find AllowUsersthis line (if not, add it), add the new username we created earlier. The final result is as follows:

PermitRootLogin no

AllowUsers rookie

Then save and exit.

Restart the SSH service for the modified configuration to take effect:

systemctl reload sshd

Now we can try to telnet into our server via SSH using the newly created user. We will complete the following steps as a non-root user.

remind

In order to prevent shutting ourselves out, let’s not log out of the current session, open another command line tool or a third-party tool, and use the newly created user to try to log in. This way, if there is a problem, we can use the original session to correct the error.

Step 6: Configure the Firewall (Recommended)

The role of the firewall is to block all access to server services/ports, except what we allow. CentOS comes with a pre-installed firewall firewalld, which is controlled firewall-cmdthrough .

remind

Since firewalld can only be configured after it is enabled, the SSH port may be closed after it is enabled, resulting in failure to connect to the server.
It is recommended to use the root shell tool provided on the website of the VPS service provider to configure the firewall, or use firewall-offline-cmdto .

Enable the firewall service firewalld:

sudo systemctl start firewalld

Set the firewall service to run on boot:

sudo systemctl enable firewalld

Set to allow SSH service:

sudo firewall-cmd –permanent –add-service=ssh

If your SSH service is not using the default port (22), use the following command instead (change the port to your own value):

sudo firewall-cmd –permanent –add-port=4444/tcp

The same is true for other services that need to be used, such as http, https, smtp, ntp, etc.:

sudo firewall-cmd –permanent –add-service=http

sudo firewall-cmd –permanent –add-service=https

sudo firewall-cmd –permanent –add-service=smtp

sudo firewall-cmd –permanent –add-service=ntp

View all available services:

sudo firewall-cmd –get-services

View the currently active ports of the server:

sudo netstat -tulnp

View the results of the current configuration:

sudo firewall-cmd –permanent –list-all

After confirming that there is no problem with the configuration, reload the configuration to make it take effect:

sudo firewall-cmd –reload

remind

In the future, if you want to use new services or open new ports, you must add configurations to the firewall.

Step 7: Set time Zone and Time Synchronization (Recommended)

Only by ensuring that the server’s time is accurate can we provide correct services for our subsequent applications.

Set Time Zone

We use the command line tool timedatectlto set the time zone.

View the currently set time zone:

timedatectl

Check available timezones:

timedatectl list-timezones

Set the time zone:

sudo timedatectl set-timezone Asia/Shanghai

Configure Time Synchronization

We use ntp service to synchronize time. First install the ntp service:

sudo yum install ntp

Then run the service and set it to start on boot:

sudo systemctl start ntpd

sudo systemctl enable ntpd

remind

Don’t forget to add allow the service in firewall settings.

This way your server will automatically calibrate the time.

Step 8: Create a SWAP Partition

The memory (RAM) is not enough, and the disk (SWAP) is used to make up. Creating a reasonably sized SWAP partition can reduce the chances of your application crashing or process being killed, especially database applications. The recommended capacity of SWAP partition is 100%~200% of RAM.

Check if the system already has a SWAP partition:

swapon –show

If not, first create a file for SWAP to use:

sudo fallocate -l 1G /swapfile

Modify the permissions of the file, only the root user can read and write:

sudo chmod 600 /swapfile

SWAP formats this file:

sudo mkswap /swapfile

Use this file as the SWAP partition:

sudo swapon /swapfile

Modify /etc/fstabthe file so that the SWAP partition is automatically mounted when booting:

sudo sh -c ‘echo “/swapfile none swap sw 0 0” >> /etc/fstab’

Summarize,

Ok, all the way through, after completing these steps, our server is ready to start working. Whether it is building a website or surfing the Internet scientifically, there are more interesting things waiting for you to explore.

If you want to buy web hosting in affordable price, then DomainRacer and DedicatedCore companies are the best choice for your website.

Recent Post