This is the version 0.01 of this blog. It's mainly a static page.
At the moement, the server only has a root account, is only running ssh and Apache without vhosts, only has support for http, and is accessible through the IP address of the server (no DNS). Low tech...
Ok, this isn't serious: we shouldn't be logging in as root. Let's create a user, create an ssh key to login remotely, make it able to sudo and lock down root.
# adduser gle (you will have to answer a few questions and choose a password)
# apt install sudo
# echo "gle ALL=(ALL) ALL" >/etc/soduers/gle
You can now ssh as gle and run:
# ssh-keygen -t ed25519Even if nearly nothing is running on the server yet (only ssh and Apache), we should start to think about security. As a bare minimum, let's install UFW (uncomplicated firewall), add rules to enable connection to ssh and http and make it active:
# apt install ufw
# ufw allow ssh
# ufw allow http
# ufw enable
As you can see that's quite easy.
By default, ssh will close the connection when it's idle and that's quite annoying so let's add this to /etc/ssh/sshd_config:
ClientAliveInterval 30
ClientAliveCountMax 10
Of course we need to "systemct reload ssh" to get the new configuration to be taken into account.
This is just the beginning. So far, a new VPN has been provisionded from Contabo (cheap and reliable VPS here) with a Debian 12 install, Apache has been installed (apt install apache2), and the /var/www/html/index.html (which originally contained the "It works!" default page) has been edited to put this content instead.
That's all but it's already serving this so I guess it's a decisive step anyway.