K
K
Konstantin Andreevich2014-07-22 20:38:00
linux
Konstantin Andreevich, 2014-07-22 20:38:00

DigitalOcean as a replacement for hosting. How to correctly configure everything?

Good afternoon, I'm asking for advice and help. For a long time I want to leave the usual hosting provider on DigitalOcean, but one thing scares me - I don’t know if I have enough skills to set up a server ready to go.
In general, I know how to install apache + mysql + php on ubuntu, install the necessary extensions, etc. But this is all very basic knowledge. On the digitalocean community I read a lot of setup articles, but most of them are just do-it-yourself, basic knowledge.
So that's the question - please help me, throw me links with information on how to correctly set up a server on Ubuntu on DigitalOcean, which will replace my regular hosting (I use reg.ru now). Those. as I see it, I install apache+php+mysql, place sites in the home directory of the created user (~/www/{site1.ru,site2.ru.site3.ru}) and start working, but I'm sure it's not safe and wrong, something else needs to be done, but I don’t know what.

Answer the question

In order to leave comments, you need to log in

15 answer(s)
N
neol, 2014-07-23
@neol

First, security is a process, not a state.
In order for the system to be more or less secure, you need to:
- be aware of existing vulnerabilities in the software you use (at least follow ubuntu security notices )
- install updates
- use fairly strong passwords and change them periodically
- disable unused services
- if possible, limit as much as possible network access (for example, do not put mysql on public display)
- disable unused modules, plugins, extensions, features, etc.
- make backups
- always strictly observe the principle of minimum privileges
- do not connect to the server from unreliable systems (connecting from a home desktop where kids play pirated games, and you watch "porn online free without sms" is not a good idea).
These rather simple KO-style tips actually give almost 100% protection against "automatic" hacks (meaning bots that scan everything in search of vulnerable systems and Trojans that pull out saved passwords). Everything else depends more on your code than on any settings.

K
Konstantin, 2014-07-30
@tromp

Use vestap. Everything is configured from the package. The only hosting panel that does not induce quiet horror in the system (does not deliver a ton of garbage libraries and does not store configs following alien logic) - everything is laid out on the shelves.

M
Mikhail Gubanov, 2014-07-23
@lsreg

Just recently I came across an article - stf-life.livejournal.com/88634.html

F
Fyodor Dostoyevsky, 2014-07-31
@frops

In general, to keep it simple, there is a puphpet.com generator that generates a server skeleton for Vagrant as well as for DigitalOcean .
There you can completely customize the server you want. With all php+mysql etc. etc.
Try )

A
anyd3v, 2014-07-22
@anyd3v

What's the problem? Are you afraid that your passwords will be stolen? use fail2ban. Otherwise, without specific questions, go to Google with the request "vps security tips"

P
Pavel Solovyov, 2014-07-22
@pavel_salauyou

in fact, the question is important, but you won’t get a practical answer here, because. There are a lot of articles on this topic, for example, my server was hacked, through a vulnerability in elastisearch (badly configured), and digitalocean closed the server and said do another one. I will add, switch to DO for sure, and immediately after the server is fully configured, make an initial spanshot, but in general it will be cool if you also enable backups.

S
sasha, 2014-07-22
@madmages

I am a pohape programmer and in setting up servers I think at the level of "Apache is e capatal o grit brit", but that's not the point. There are tons of manuals for setting up a bunch of Apache muscle and php in the internet. I used one of them and I have apache2+php5.5+muscle koito version+nodeJS and goodies like php may admin xdebugger for dev versions of things. It was difficult in subtleties such as how to make htaccess work, but I successfully coped with them. Leave the hoster and the skill will start sharpening;)

A
AleksDesker, 2014-07-23
@AleksDesker

"I place sites in the home directory of the created user" and how did you do it? I raised something similar from the default options to DO, where the normal directory is set by itself. I had a couple of questions about how to fasten a secure enough ftp, it was not there by default, so there were several posts about this on the forum of the same DO, if you have a site in your home directory due to some dancing with a tambourine, then try to find there is a tutorial on how to do it in the right way.

M
Mikhail Osher, 2014-07-23
@miraage

Have you looked at their site? :)
https://www.digitalocean.com/community/tutorials/

D
DuD, 2014-07-23
@DuD

Just use any more or less adequate panel.
I recommend ISPManager. Installed once and will continue to use your server as a familiar hosting.

K
Kuptsov Robert, 2014-07-23
@Maxim4eck777

In general, I recommend that you do not configure anything yourself, but turn to freelancing. You can’t even imagine how many people for $ 10 an hour, they know the whole kitchen by heart!
And it is better to spend your time on things more important than communication with iron.

A
Alexander Kubintsev, 2014-07-31
@akubintsev

If you have time, you can read the PCI DSS security standard. Much will probably be excessive for your conditions, but it will give a clear idea of ​​\u200b\u200bhow good security should be.
As for setting up a VPS for $ 10, I doubt that an intelligent person will undertake it. I recently undertook to do such work, I set up a website for 1 host with wordpress, I did it according to my already worked out templates on debian/ubuntu. The process took about 1.5 hours and the cost was $30. Everyone is happy.
Perhaps I sold it, on the other hand, $ 20 / hour - in my opinion, it's normal.

D
dmko, 2014-07-31
@dmko

as written above, install vestacp , installed with one command, everything works out of the box, then google about setting up iptables, more than enough for the base

V
Vladimir, 2014-08-05
@Cosss

This is how I solved the hosting problem for myself. I bought a perpetual license for the ISP manager panel. From my friends https://ru-tld.ru/soft-ispsystem/
Put it on centos. The server itself is in the hetzner, but there is no difference, it's still on the same virtual machine as in DO.
I had to struggle a little with the installation, but they helped me. Now without problems I create a DB, Domains even ftp accounts. In general, there is everything you need. I'm not sure that everything is good there with security, but for me it's not critical at the moment.

A
alextih, 2016-01-20
@alextih

Here is a simple and affordable instruction for setting up a web server on DigitalOcean - Web server on CentOS

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question