FeministWiki:Server setup: Difference between revisions
    No edit summary
    Line 21: Line 21:
      apt-get dist-upgrade
      apt-get dist-upgrade


    === Tighten security of SSH access ===
    === Install miscellaneous tools ===


    Port 22 will get lots of malicious login attempts.  It's a good idea to change the SSH port, and also to disable password authentication in favor of key-based authentication.  Both can be done by editing {{C|/etc/ssh/sshd_config}}.
    Some of these are needed further down, some are just good to have.


    Before restarting the SSH service, make sure you've actually added your public key (the contents of {{C|~/.ssh/id_rsa.pub}} on your computer) to {{C|/root/.ssh/authorized_keys}} on the server, or you'll lock yourself out.
    apt-get install automysqlbackup \
                    bsdutils \
                    certbot \
                    curl \
                    dnsutils \
                    emacs-nox \
                    git \
                    imagemagick \
                    mg \
                    moreutils \
                    net-tools \
                    netcat-openbsd \
                    nmap \
                    rsync \
                    tree


    === Copy SSH key from old server ===
    === Copy SSH key from old server ===
    Line 42: Line 56:
      Host feministwiki.dev
      Host feministwiki.dev
         Port <SSH_PORT>
         Port <SSH_PORT>
    === Tighten security of SSH access ===
    Port 22 will get lots of malicious login attempts.  It's a good idea to change the SSH port, and also to disable password authentication in favor of key-based authentication.  Both can be done by editing {{C|/etc/ssh/sshd_config}}.
    Before restarting the SSH service, make sure you've actually added your public key (the contents of {{C|~/.ssh/id_rsa.pub}} on your computer) to {{C|/root/.ssh/authorized_keys}} on the server, or you'll lock yourself out.


    === Set up firewall ===
    === Set up firewall ===
    Line 50: Line 70:
      ufw allow proto tcp to 0.0.0.0/0 port ${SSH_PORT} # Replace with actual port number
      ufw allow proto tcp to 0.0.0.0/0 port ${SSH_PORT} # Replace with actual port number
      ufw enable
      ufw enable
    === Install miscellaneous tools ===
    Some of these are needed further down, some are just good to have.
    apt-get install automysqlbackup \
                    bsdutils \
                    certbot \
                    curl \
                    dnsutils \
                    emacs-nox \
                    git \
                    imagemagick \
                    mg \
                    moreutils \
                    net-tools \
                    netcat-openbsd \
                    nmap \
                    rsync \
                    tree


    === Fetch scripts & config repo ===
    === Fetch scripts & config repo ===
    Retrieved from "https://feministwiki.org/wiki/FeministWiki:Server_setup"