Answer the question
In order to leave comments, you need to log in
Is it correct or not I am setting up VPS for django?
I take a VPS on reg.ru and carry out the following manipulations with it. Since he himself is not very strong in all this, he collected everything you need from various articles. At the moment, everything works for me, but I’m interested in the question whether it’s correct or not, I’m doing everything and what I end up with security, are there any special problems.
Here are my steps:
1. Update:
apt update && apt upgrade -y
2. Change the root password
passwd
3. Create a new user and add it to sudo
adduser NewUserName
usermod -aG sudo NewUserName log in
as a new user
4. Install the required software
sudo apt install mc htop git nginx
sudo apt install python3-pip python3-venv python3-dev libpq-dev
sudo apt install postgresql postgresql-contrib curl
5. Create an SSH key and copy it to the server.
Key generation: ssh-keygen -t rsa -b 4096
Uploading the key to the server: ssh-copy-id -i ~/.ssh/keyname.pub [email protected]
6. SSH access settings.
sudo nano /etc/ssh/sshd_config.d/myssh.conf
Port 59043
Protocol 2
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
PermitEmptyPasswords no
PubkeyAuthentication yes
UseDNS yes
MaxAuthTries 3
# Set users and groups allowed to access via SSH
# AllowGroups Group1, Group2, Group3
#AllowUsers NewUserName, root
LoginGraceTime 30
ClientAliveInterval 200
ClientAliveCountMax 3
TCPKeepAlive
no
AddressFamily
inet
IgnoreRhosts
yes
HostbasedAuthentication
no
LogLevel INFO
StrictModes yes
UsePrivilegeSeparation yes 0
8. Configure firewall ufw
sudo ufw reset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 59043/tcp
sudo ufw allow 443/tcp
sudo ufw allow 80/tcp
sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable
9. Automatic security updates
sudo apt install unattended-upgrades
sudo nano /etc/apt/apt.conf.d/10periodic
Update this file as follows:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
Edit the file as follows:
Unattended-Upgrade::Allowed-Origins {
"Ubuntu lucid-security";
//"Ubuntu lucid-updates";
};
ten.
chmod 700 /home/NewUserName/.ssh
chmod 400 /home/NewUserName/.ssh/authorized_keys
chown NewUserName:NewUserName /home/NewUserName -R
With this item, I just found out quite by accident that there is some trouble with the rights, since after a while I can not go to my servers myself. I sit I understand and I reinstall all servers.
After that I roll out the project on django.
Am I doing everything initially correctly, is there anything superfluous or stupid, or maybe something else needs to be added?
Answer the question
In order to leave comments, you need to log in
The question is no longer about django, but about setting up a web server, so don't care about django or something else. Well, or is it better to divide it into parts, one is common, the second is the conditions for running django (and I installed a bunch of everything, but the server forgot about wsgi). Plus, for example, I take turnips for ngixn and postgresql from their offsite sites. And everyone has their own nuances and preferences.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question