First Steps on a New Virtual Private Server – an Example on DigitalOcean and Ubuntu 16.04 LTS

These short notes list example first steps when manually configuring a new virtual private server on DigitalOcean and configuring a DNS name on NameCheap.
Always use good passwords. Only good passwords. Good passwords every moment.

Virtual private servers and domain names are competitive businesses. There are many competitors similar to the ones used in this article, such as Linode and Gandi, but these examples were chosen because they are part of GitHub Education student pack.
If you are a student, you can get a free GitHub Education student pack. At the time of writing, it includes use of a virtual private server and a .me domain name for a limited time. First register an account with your university email on GitHub, then claim the pack. Registering the email first usually means that you don’t have to scan proof of studies to claim the pack.

Create a New Virtual Server on DigitalOcean

Create a new account, add your credit card and/or promo code. Create a new Ubuntu 16.04 LTS virtual server. Choose a data center near your customers, e.g. in Europe. If you already know how, you can upload your SSH public keys. Otherwise, your initial password is generated to you. Check the IP address of your server.
Log in for the first time (the only time you log in as root):

$ ssh root@10.0.0.1

Give a good, new password when asked. Never give a bad password, even for a short time.

Firewall

Make hole for SSH first, before enabling firewall.

$ sudo ufw allow 22/tcp
$ sudo ufw enable

Sudo user

One human, one account, named after this human.

$ sudo adduser tero
$ sudo adduser tero sudo
$ sudo adduser tero adm
$ sudo adduser tero admin

Try it first: open a new local terminal and try your user before closing the last shell on remote host.

$ ssh tero@tero.example.com

Close Root Account

Lock root account. Note that ‘usermod –lock’ just locks the password, not every way to use the user.

$ sudo usermod --lock root

Disable root login on SSH

$ sudoedit /etc/ssh/sshd_config
    # ...
    PermitRootLogin no
    # ...
$ sudo service ssh restart

Upgrade Software

A child could use a year old vulnerability with metasploit. Solution: don’t have old packages. Upgrade your packages to get latest security patches.

$ sudo apt-get update
$ sudo apt-get upgrade

Start Using It

When you install a public server such as Apache, remember to make a hole to your firewall. E.g. ‘sudo ufw allow 80/tcp’.
You’re ready to use your new server. What would you like to do?

Public DNS Name on NameCheap

If you installed Apache, and can access it using IP address, good.
But TeroKarvinen.com is much better than 109.74.201.133. So add a name.
NameCheap and Gandi are good options for renting names. If you’re using GitHub Education Package, you might get a free .me name. Check the docs to point NameCheap nameservers to your host. Add a new A record (“@”). To test your name, use ‘host example.com dns1.registrar-servers.com’. Only test with Firefox once you name works, otherwise the old and wrong name is cached into your local nameserver.

Adminstrivia

This article has been updated and appended multiple times.

Posted in Uncategorized | Tagged , , , , , , , , , , | Comments Off on First Steps on a New Virtual Private Server – an Example on DigitalOcean and Ubuntu 16.04 LTS

Comments are closed.