Django

Is it correct or not I am setting up VPS for django?

I take a VPS on reg.ru and carry out the following manipulations with it. Since he himself is not very strong in all this, he collected everything you need from various articles. At the moment, everything works for me, but I’m interested in the question whether it’s correct or not, I’m doing everything and what I end up with security, are there any special problems.

Here are my steps:

1. Update:
apt update && apt upgrade -y

2. Change the root password
passwd

3. Create a new user and add it to sudo
adduser NewUserName
usermod -aG sudo NewUserName log in
as a new user

4. Install the required software
sudo apt install mc htop git nginx
sudo apt install python3-pip python3-venv python3-dev libpq-dev
sudo apt install postgresql postgresql-contrib curl

5. Create an SSH key and copy it to the server.
Key generation: ssh-keygen -t rsa -b 4096
Uploading the key to the server: ssh-copy-id -i ~/.ssh/keyname.pub [email protected]

6. SSH access settings.
sudo nano /etc/ssh/sshd_config.d/myssh.conf

Port 59043
Protocol 2
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
PermitEmptyPasswords no
PubkeyAuthentication yes
UseDNS yes
MaxAuthTries 3
# Set users and groups allowed to access via SSH
# AllowGroups Group1, Group2, Group3
#AllowUsers NewUserName, root
LoginGraceTime 30
ClientAliveInterval 200
ClientAliveCountMax 3 TCPKeepAlive
no AddressFamily
inet IgnoreRhosts
yes HostbasedAuthentication
no
LogLevel INFO
StrictModes yes
UsePrivilegeSeparation yes 0 8. Configure firewall ufw sudo ufw reset sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow 59043/tcp sudo ufw allow 443/tcp sudo ufw allow 80/tcp sudo ufw allow OpenSSH sudo ufw allow 'Nginx Full'


sudo ufw enable

9. Automatic security updates
sudo apt install unattended-upgrades
sudo nano /etc/apt/apt.conf.d/10periodic

Update this file as follows:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Edit the file as follows:
Unattended-Upgrade::Allowed-Origins {
"Ubuntu lucid-security";
//"Ubuntu lucid-updates";
};

ten.
chmod 700 /home/NewUserName/.ssh
chmod 400 /home/NewUserName/.ssh/authorized_keys
chown NewUserName:NewUserName /home/NewUserName -R

With this item, I just found out quite by accident that there is some trouble with the rights, since after a while I can not go to my servers myself. I sit I understand and I reinstall all servers.

After that I roll out the project on django.
Am I doing everything initially correctly, is there anything superfluous or stupid, or maybe something else needs to be added?