Shujito · November 8, 2016 19:46
diff --git a/configuration.sh b/configuration.sh
 # basic debian vps setup (configurations and security)

 #################
 ## root config ##

 # change root password
 passwd
 # fix locales (e.g. "Setting locale failed" messages)
 locale-gen en_US.UTF-8
 dpkg-reconfigure locales
 # resize VPS partitions (use entire space, cloudatcost VPS templates are 10GB)
 vgextend localhost-vg /dev/sda3
 lvextend -l +100%FREE /dev/localhost-vg/root
 resize2fs /dev/localhost-vg/root
 # I'd reboot here, just in case
 reboot

 ## update aptitude and then install screen
 # watch for prompts
 apt-get update
 apt-get install screen

 ## getting into screen
 # howto:
 screen
 # detach screen with 'CTRL+A,D'
 # attach to detached screen
 screen -r

 ## configure iptables ##
 wget https://gist.githubusercontent.com/Shujito/86f4134d4b6310716a21/raw/73d2780f0e73dc216664bc18047a9df1c7babc07/iptables.txt
 iptables-restore < iptables.txt

 # update and install basic stuff
 apt-get upgrade
 apt-get install iptables-persistent sudo lighttpd git ntp zip

 #################
 ## user config ##
 # add user and sudo access (change 'shujito' into your user)
 adduser shujito
 adduser shujito sudo

 ## adding a ssh key ##
 # on client
 ssh-keygen -f .ssh/shujito.org.rsa
 # follow instructions...
 # I recommend using a passcode for the key
 # copy key
 # pbcopy is from osx, eases copying
 cat .ssh/shujito.org.rsa.pub | pbcopy

 # on server
 mkdir .ssh
 nano .ssh/authorized_keys
 # paste key there

 # on client, try to login with key
 ssh [email protected] -i .ssh/shujito.org.rsa

 ## disable ssh password and remote root login ##
 ## set up a ssh key first!!
 # edit this file
 sudo nano /etc/ssh/sshd_config

 # find and set these (uncomment if commented)
 PermitRootLogin no
 ChallengeResponseAuthentication no
 PasswordAuthentication no
 UsePAM no

 # restart sshd
 sudo service sshd restart

 ## ssl with let's encrypt ##
 # TODO
 # see here: https://letsencrypt.org/getting-started/
 # and here: http://certbot.eff.org/

 ## install java
 # TODO
 # see here: https://www.digitalocean.com/community/tutorials/how-to-manually-install-oracle-java-on-a-debian-or-ubuntu-vps
 # this works: http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html

 ###########################
 # reference links/sources #

 #>> https://www.thomas-krenn.com/en/wiki/Perl_warning_Setting_locale_failed_in_Debian
 #>> http://ubuntuforums.org/showthread.php?t=1346581 (generate locales)
 #>> https://members.cloudatcost.com/index.php?fuse=knowledgebase&controller=articles&view=article&articleId=2
 #>> http://askubuntu.com/questions/7477/how-can-i-add-a-new-user-as-sudoer-using-the-command-line
 #>> http://support.hostgator.com/articles/specialized-help/technical/how-to-disable-password-authentication-for-ssh
 #>> https://letsencrypt.org/getting-started/
 #>> https://www.digitalocean.com/community/tutorials/how-to-manually-install-oracle-java-on-a-debian-or-ubuntu-vps
 #>> http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html
 #>> https://certbot.eff.org/

 #!! these recommendations are nice:
 #!! https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers
 #!! http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/
diff --git a/installing-artifactory.sh b/installing-artifactory.sh
 ## main guide:
 # https://inthecheesefactory.com/blog/how-to-setup-private-maven-repository/en
 ## stop suffering, install java like this
 # http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html
 ## if your server has ssl:
 # https://stackoverflow.com/questions/22887829
 ## in the case you use lighttpd, disable 417
 # https://massivescale.blogspot.mx/2011/12/http-417-errors-in-lighttpd.html
diff --git a/iptables.txt b/iptables.txt
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 -A INPUT -i lo -j ACCEPT
 -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-port-unreachable
 -A FORWARD -j REJECT --reject-with icmp-port-unreachable
 -A OUTPUT -j ACCEPT
 COMMIT
diff --git a/lighttpd configurations.sh b/lighttpd configurations.sh
 ## configure reverse proxy (for nodejs/rails/java apps)
 # http://serverfault.com/questions/363654/run-a-node-js-app-with-lighttpd

 ## configure virtual hosts
 # TODO

 ## configure ssl
 # just use certbot
	# basic debian vps setup (configurations and security)

	#################
	## root config ##

	# change root password
	passwd
	# fix locales (e.g. "Setting locale failed" messages)
	locale-gen en_US.UTF-8
	dpkg-reconfigure locales
	# resize VPS partitions (use entire space, cloudatcost VPS templates are 10GB)
	vgextend localhost-vg /dev/sda3
	lvextend -l +100%FREE /dev/localhost-vg/root
	resize2fs /dev/localhost-vg/root
	# I'd reboot here, just in case
	reboot

	## update aptitude and then install screen
	# watch for prompts
	apt-get update
	apt-get install screen

	## getting into screen
	# howto:
	screen
	# detach screen with 'CTRL+A,D'
	# attach to detached screen
	screen -r

	## configure iptables ##
	wget https://gist.githubusercontent.com/Shujito/86f4134d4b6310716a21/raw/73d2780f0e73dc216664bc18047a9df1c7babc07/iptables.txt
	iptables-restore < iptables.txt

	# update and install basic stuff
	apt-get upgrade
	apt-get install iptables-persistent sudo lighttpd git ntp zip

	#################
	## user config ##
	# add user and sudo access (change 'shujito' into your user)
	adduser shujito
	adduser shujito sudo

	## adding a ssh key ##
	# on client
	ssh-keygen -f .ssh/shujito.org.rsa
	# follow instructions...
	# I recommend using a passcode for the key
	# copy key
	# pbcopy is from osx, eases copying
	cat .ssh/shujito.org.rsa.pub \| pbcopy

	# on server
	mkdir .ssh
	nano .ssh/authorized_keys
	# paste key there

	# on client, try to login with key
	ssh [email protected] -i .ssh/shujito.org.rsa

	## disable ssh password and remote root login ##
	## set up a ssh key first!!
	# edit this file
	sudo nano /etc/ssh/sshd_config

	# find and set these (uncomment if commented)
	PermitRootLogin no
	ChallengeResponseAuthentication no
	PasswordAuthentication no
	UsePAM no

	# restart sshd
	sudo service sshd restart

	## ssl with let's encrypt ##
	# TODO
	# see here: https://letsencrypt.org/getting-started/
	# and here: http://certbot.eff.org/

	## install java
	# TODO
	# see here: https://www.digitalocean.com/community/tutorials/how-to-manually-install-oracle-java-on-a-debian-or-ubuntu-vps
	# this works: http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html

	###########################
	# reference links/sources #

	#>> https://www.thomas-krenn.com/en/wiki/Perl_warning_Setting_locale_failed_in_Debian
	#>> http://ubuntuforums.org/showthread.php?t=1346581 (generate locales)
	#>> https://members.cloudatcost.com/index.php?fuse=knowledgebase&controller=articles&view=article&articleId=2
	#>> http://askubuntu.com/questions/7477/how-can-i-add-a-new-user-as-sudoer-using-the-command-line
	#>> http://support.hostgator.com/articles/specialized-help/technical/how-to-disable-password-authentication-for-ssh
	#>> https://letsencrypt.org/getting-started/
	#>> https://www.digitalocean.com/community/tutorials/how-to-manually-install-oracle-java-on-a-debian-or-ubuntu-vps
	#>> http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html
	#>> https://certbot.eff.org/

	#!! these recommendations are nice:
	#!! https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers
	#!! http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/
	## main guide:
	# https://inthecheesefactory.com/blog/how-to-setup-private-maven-repository/en
	## stop suffering, install java like this
	# http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html
	## if your server has ssl:
	# https://stackoverflow.com/questions/22887829
	## in the case you use lighttpd, disable 417
	# https://massivescale.blogspot.mx/2011/12/http-417-errors-in-lighttpd.html
	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	-A INPUT -i lo -j ACCEPT
	-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
	-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
	-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
	-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
	-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
	-A INPUT -j REJECT --reject-with icmp-port-unreachable
	-A FORWARD -j REJECT --reject-with icmp-port-unreachable
	-A OUTPUT -j ACCEPT
	COMMIT
	## configure reverse proxy (for nodejs/rails/java apps)
	# http://serverfault.com/questions/363654/run-a-node-js-app-with-lighttpd

	## configure virtual hosts
	# TODO

	## configure ssl
	# just use certbot