1,106
edits
FeministWiki:Server setup: Difference between revisions
no edit summary
Technician (talk | contribs) |
Technician (talk | contribs) No edit summary |
||
| Line 21: | Line 21: | ||
apt-get dist-upgrade | apt-get dist-upgrade | ||
=== | === Install miscellaneous tools === | ||
Some of these are needed further down, some are just good to have. | |||
apt-get install automysqlbackup \ | |||
bsdutils \ | |||
certbot \ | |||
curl \ | |||
dnsutils \ | |||
emacs-nox \ | |||
git \ | |||
imagemagick \ | |||
mg \ | |||
moreutils \ | |||
net-tools \ | |||
netcat-openbsd \ | |||
nmap \ | |||
rsync \ | |||
tree | |||
=== Copy SSH key from old server === | === Copy SSH key from old server === | ||
| Line 42: | Line 56: | ||
Host feministwiki.dev | Host feministwiki.dev | ||
Port <SSH_PORT> | Port <SSH_PORT> | ||
=== Tighten security of SSH access === | |||
Port 22 will get lots of malicious login attempts. It's a good idea to change the SSH port, and also to disable password authentication in favor of key-based authentication. Both can be done by editing {{C|/etc/ssh/sshd_config}}. | |||
Before restarting the SSH service, make sure you've actually added your public key (the contents of {{C|~/.ssh/id_rsa.pub}} on your computer) to {{C|/root/.ssh/authorized_keys}} on the server, or you'll lock yourself out. | |||
=== Set up firewall === | === Set up firewall === | ||
| Line 50: | Line 70: | ||
ufw allow proto tcp to 0.0.0.0/0 port ${SSH_PORT} # Replace with actual port number | ufw allow proto tcp to 0.0.0.0/0 port ${SSH_PORT} # Replace with actual port number | ||
ufw enable | ufw enable | ||
=== Fetch scripts & config repo === | === Fetch scripts & config repo === | ||