Trollböle et al gets its gear and moves to Björneborg. Consumerium.org acquires its first ecoserver from a company that uses electricity sourced from renewable sources only.
Objective: Set up a stack in efficient and clear manner in order to move the current Consumerium.org development wiki onto the new ecological server paying mind to also future needs of upcoming services. Document process.
Information: Today I purchased a VPS server from https://shellit.org, a Finnish hosting services provider that has been operating since 2007. To the international clientele they cater with the brand https://vpsfinland.com. Price is same but in dollars. Costs a hell lot more than the global price leader as always but the laws, the laws.
Their main selling points were the wind powered computers, their data center which is built into a cave system in Finnish bedrock in Björneborg and naturally being local (not multinational giant with huge deep financial pockets to absorb short term losses in gaining market share) and naturally the Finnish law that protects various parties very well.
Step #1: Purchase and pay in webbank. Server is activated very rapidly upon webshop receiving information from webbank that the funds have been debited and are on their way to their bank account. Default OS is Debian GNU/Linux and others are available on request.
Step #2 Login with the root account details given by the GUI. System language seems to be set to Finnish. Can change the locale later on so not very relevant, I hope.
Step #3 Change root pass. Don’t lose it. Resetting will be terribly expensive.
Step #4 Update installed software ‘apt update && apt upgrade’ will get the base system to latest good version. Running it you one notices they run a Debian mirror at their site. Ecological and fast, good citizen.
( Step #5 install tmux session multiplexer and detacher ‘apt install tmux’ and run tmux (not a necessary step but it is good idea. alternative program is ‘screen’ but I use tmux )
Step #6 Add the command ‘sudo‘ with ‘apt install sudo’. This also creates the ‘/etc/sudoers’-file.
Step #7 Now add a normal user and give sudo rights (command ‘useradd’) and add it to sudoers (edit /etc/sudoers). I used ‘useradd -m -s /bin/bash usernamegoeshere’ and ‘nano /etc/sudoers’ and naturally set a password for the usernamegoeshere (‘passwd usernamegoeshere’)
Step #8 Log-out and log-in as the user you just gave sudo rights to. Check that you can sudo. ‘sudo ls’ will do just fine.
Step #9 (Unless causing something unwanted) Disable root logins. There is no reason to allow anyone to attempt to login as root to the sshd. As the normal user with sudo rights you can always ‘sudo su’ if you need the superuser shell. Do so with ‘sudo nano /etc/ssh/sshd_config’ and edit till it says ‘PermitRootLogin no’. Apply changes with ‘sudo service sshd reload’ and test by opening another shell and attempting to login to sshd as root. It should now complain that you have wrong password, excellent. Now log in as the normal user.
Step #10 Set up a stash for storing backups. You do want it outside of your home directory so you can backup that without complications. Start moving your backups from other machines to the server with ‘scp’ or some other more advanced system like rsync over ssh.
Step #11 Install and use nmap: ‘sudo apt install nmap’. Scan localhost from inside and scan the external server address from an outside machine to quickly see what are the firewall settings. Looks like the hosting guys are showing a filtered SMTP port to the Internet even if ‘nmap localhost’ does not see it.
Step #12 Get your firewall in place. I use a simple setup where 22, 80 and 443 are open for incoming traffic and everything else is blocked. This is straightforward and easy to verify to function correctly. Find out about iptables kernel level firewall at The Debian Wiki.
Step #13 Get some monitoring gear ‘sudo apt install htop atop iotop glances
Step #14 Start ‘glances’ and have some snacks and refreshments.
From hereon one probably wants to install a LAMP and LNMP stack as well. I stop here for now because I must contemplate choices as I am moving some sites to this new server and I do not want to make questionable rushed choices.
To be continued..
Relevant reading:
- How to migrate services from a GNU/Linux to another GNU/Linux system manually describes a reasonable process for handling the migration to another server.
- How to set up TLS encryption (automation) with LetsEncrypt.org certficates I am going to be acquiring TLS encryption protections for practically all the sites I host.