This is the version 0.01 of this blog. It's mainly a static page.
At the moement, the server only has a root account, is only running ssh and Apache without vhosts, only has support for http, and is accessible through the IP address of the server (no DNS). Low tech...
Logging in or looking at this page using the IP address is not ideal, let's install DNS!
apt install bind9 dnsutils
Ok, this isn't serious: we shouldn't be logging in as root. Let's create a user, create an ssh key to login remotely, make it able to sudo and lock down root.
# adduser gle (you will have to answer a few questions and choose a password)
# apt install sudo
# echo "gle ALL=(ALL) ALL" >/etc/soduers/gle
now we can run ssh-keygen on our client machineand copy the new public key to the server
# scp id_ed25519.pub [email protected]:/home/gle/.ssh/authorized_keys
at this point we can set PasswordAuthentication No in /etc/ssh/sshd_config
Even if nearly nothing is running on the server yet (only ssh and Apache), we should start to think about security. As a bare minimum, let's install UFW (uncomplicated firewall), add rules to enable connection to ssh and http and make it active:
# apt install ufw
# ufw allow ssh
# ufw allow http
# ufw enable
As you can see that's quite easy.
By default, ssh will close the connection when it's idle and that's quite annoying so let's add this to /etc/ssh/sshd_config:
ClientAliveInterval 30
ClientAliveCountMax 10
Of course we need to "systemct reload ssh" to get the new configuration to be taken into account.
This is just the beginning. So far, a new VPN has been provisionded from Contabo (cheap and reliable VPS here) with a Debian 12 install, Apache has been installed (apt install apache2), and the /var/www/html/index.html (which originally contained the "It works!" default page) has been edited to put this content instead.
That's all but it's already serving this so I guess it's a decisive step anyway.