Skip to content

Instantly share code, notes, and snippets.

@oko

oko/web_checklist.md

Last active August 29, 2015 14:11
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save oko/211f38837b45e1e659ce to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save oko/211f38837b45e1e659ce to your computer and use it in GitHub Desktop.
Download ZIP
Web server checklist
Raw
web_checklist.md

Domain & Web Server Checklist

Base System

  • Login via SSH keys only
  • apt-get update && apt-get upgrade
  • Create normal user for logins
  • Set up configuration management
  • Ensure IPv6 is up and running
  • Set up iptables rules and boot scripts

Domain

  • Set up NS records
  • Define A- and AAAA-records for @
  • Point CNAMES as necessary
  • Set up MX records
  • Set up SPF record

SSL

  • Generate 2048-bit key and CSR
  • Purchase SSL certificate with provided key and CSR
  • Install certificate under /etc/<webserver>/ssl or under /etc/ssl if multiple daemons
  • chmod 600 certificate and key
  • Set up cipher and protocol suites based on Mozilla SSL/TLS guidelines. Modern if possible, intermediate otherwise.
  • Test configuration against the Qualys SSL Labs test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment