Notes tagged with "Server"

Install Caddy on Ubuntu VPS

Setting Caddy Up on Ubuntu

  1. First we need to install caddy on the server:
    ```

    sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl

    curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

    curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list

    sudo chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg

    sudo chmod o+r /etc/apt/sources.list.d/caddy-stable.list

    sudo apt update
    sudo apt install caddy

    ```

1. Next, let's reconfigure caddy:

    Change /etc/caddy/Caddyfile to read:

    ```json
    {
            log {
                    output file /var/log/caddy/caddy_log.txt
                    level DEBUG
            }
    }
    import sites-enabled/*

    ```

1. Make sure we have a 404 error page:
    
    the Caddyfile should look something like this:
    ```json
    ```
    {
            log {
                    output file /var/log/caddy/caddy_log.txt
                    level DEBUG
            }
           
    }
    
    :443 {
    
            handle_errors {
                header Content-Type text/html
                respond <<HTML
                        <html>
                            <head><title>Oops</title></head>
                            <body>
                                <h5>whoa, we have a problem partner...</h5>
                            </body>
                        </html>
                    HTML 200
            }
    
    }
    import sites-enabled/*
    ```
    ```


1. make sure we have have these directories and that they are owned 
   by the caddy user:

    * /var/log/caddy
    * /etc/caddy/sites-enabled
    * /etc/caddy/sites-disabled

1. restart caddy:

    ```bash
    ... sudo systemctl restart caddy.service
    ```


1. create a new static site file so we can test the setup:


    ```json
    [site-url]  {
            root * /var/www/site_dir
            file_server
    }
    ```
    ```

1. make sure ports 80 and 443 is open on the firewall:


    ```bash
    ... sudo ufw allow http 
    ... sudo ufw allow https 

    ```

server ubuntu vps caddy
Ubuntu VPS Security

Optimizing Ubuntu Server

Services and programs you can likely kill:

This was taken from this site

  1. BASICS

    Killing these didn’t impact the system at all when I tested:

    ... sudo apt remove snapd -y --purge
... sudo apt remove lxcfs -y --purge
... sudo apt remove policykit-1 -y --purge
... 
... sudo apt remove lvm2 -y --purge
... sudo apt remove at -y --purge
... sudo apt remove mdadm -y --purge
... sudo apt remove open-iscsi -y --purge
... sudo apt remove accountsservice -y --purge

  2. EXTREME

    server ubuntu vps
Ubuntu VPS Setup

New Ubuntu VPS Set Up

We’ve assuming we’ve created the initial droplet and that we are able to ssh as root into the box. Next steps are as follows:

Add Admin User Account

  1. SSH into the droplet as root:

    Run these commands on the server

    
# create your admin user
... adduser usrnme
# set up ssh key
# this was the old way:
#   ... mkdir /home/usrnme/.ssh
#   ... chmod 700 /home/usrnme/.ssh
#   ... cp /root/.ssh/authorized_keys /home/usrnme/.ssh
#   ... chown -R usrnme:usrnme /home/usrnme/.ssh/authorized_keys
#   ... chmod 600 /home/usrnme/.ssh/authorized_keys
# this is shorter and :
... rsync --archive --chown=usrnme:usrnme ~/.ssh /home/usrnme
# add user to sudo
... usermod -aG sudo usrnme

  2. Install Neovim

    server ubuntu vps
Linux Server Maintenance

Updating Ubuntu:

```bash
sudo apt update
sudo apt upgrade
sudo apt full-upgrade
sudo apt autoremove

reboot
```

Listing user groups:

```bash
... getent group | sort

```

server ubuntu digitalocean
Web Application Setup - Build The Server

New Ubuntu VPS Set Up

We’ve assuming we’ve created the initial droplet and that we are able to ssh as root into the box. Next steps are as follows:

Add Admin User Account

  1. SSH into the droplet as root:

    Run these commands on the server

    # create your admin user
... adduser usrnme
# set up ssh key
# this was the old way:
#   ... mkdir /home/usrnme/.ssh
#   ... chmod 700 /home/usrnme/.ssh
#   ... cp /root/.ssh/authorized_keys /home/usrnme/.ssh
#   ... chown -R usrnme:usrnme /home/usrnme/.ssh/authorized_keys
#   ... chmod 600 /home/usrnme/.ssh/authorized_keys
# this is shorter and :
... rsync --archive --chown=usrnme:usrnme ~/.ssh /home/usrnme
# add user to sudo
... usermod -aG sudo usrnme

  2. Push any user config files necessary from your local computer to the new server from your development environment:

    webapp server ubuntu digitalocean
Web Application Setup - Install Software

Install Software

  1. Install Python 3

    Good news, python 3 is already install on Ubuntu 17.10.

  2. Install other top level software packages:

    You may need to run ubuntu upgrade before insalling:

    ... sudo apt-get update
... sudo apt-get upgrade

    Install the following packages:

    ... sudo apt-get install python3.7
... sudo apt-get install python3.7-venv
... sudo apt-get install python3-pip
... sudo apt-get install uwsgi-core
... sudo apt-get install uwsgi-plugin-python3
... sudo apt-get install nginx

    All other python packages will be installed in the applications virtual environment.

    webapp server python
Web Application Setup - Nginx Set Up

NGINX SET UP

  1. Create your apps nginx configuration

    ... touch /var/www/appname/config/nginx-appname.cfg

  2. The content of your nginx-appname.cfg files should look like this:

    upstream appname {
    server unix:/var/run/uwsgi/appname.socket;
}

server {

    listen 80;
    server_name SERVER_IP SERVER_DOMAIN;

    location = /favicon.ico { access_log off; log_not_found off; }

    location /static/ {
        root /var/www/appname/;
    }

    location / {
        uwsgi_pass      appname;
        include         /etc/nginx/uwsgi_params;
    }

}

  3. Link your nginx config file to nginx’ site config directory:

    ... cd /etc/nginx/sites-enabled
... ln -s /var/www/appname/config/appname-nginx.cfg appname

  4. You can check your nginx config by running the following:

    webapp server nginx
Web Application Setup - Server Security

Optimizing Ubuntu Server

Services and programs you can likely kill:

This was taken from this site

  1. BASICS

    Killing these didn’t impact the system at all when I tested:

    ... sudo apt remove snapd -y --purge
... sudo apt remove lxcfs -y --purge
... sudo apt remove policykit-1 -y --purge
... 
... sudo apt remove lvm2 -y --purge
... sudo apt remove at -y --purge
... sudo apt remove mdadm -y --purge
... sudo apt remove open-iscsi -y --purge
... sudo apt remove accountsservice -y --purge

  2. EXTREME

    webapp server ubuntu digitalocean
Web Application Setup - uWSGI Set Up

Set Up uWSGI To Server Your Application

  1. Create your uWSGI configuration file:

    ... touch /var/www/appname/config/uwsgi-appname.ini

  2. Contents of your uwsgi-appname.ini should look like this:

    [uwsgi]

plugins = python3,logfile

chdir = /var/www/appname
home = /var/www/appname/venv
wsgi-file = /var/www/appname/wsgi.py

master = True 
cheap = True
idle = 600
die-on-idle = True
manage-script-name = True

  3. Link your config file so uwsgi can find it:

    ... cd /etc/uwsgi/apps-enabled
... ln -s /var/www/appname/config/uwsgi-appname.ini appname.ini

SYSTEMD UWSGI SET UP

  1. Create systemd socket and server files for your uwsgi app:

    webapp server python uwsgi