Restrict SSH login to only the public key method in Ubuntu
nano /etc/ssh/sshd_config
PermitRootLogin prohibit-password PasswordAuthentication no PubkeyAuthentication yes
systemctl restart sshd
nano /etc/ssh/sshd_config
PermitRootLogin prohibit-password PasswordAuthentication no PubkeyAuthentication yes
systemctl restart sshd
Add your public key to the authorized keys file on remote server. To add you keys to the file, you can use the following command:
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
If you do not have the folder ~/.ssh/authorized_keys
, you can create this with the following commands:
mkdir -p ~/.ssh touch ~/.ssh/authorized_keys
References
https://medium.com/@williamkwao/how-to-add-ssh-keys-to-an-ubuntu-server-6a3a5b1bee26
sudo mkdir -p /var/www/html/wordpress
Navigate to /etc/nginx/sites-available. There, create a file with the name example.com. The name should be the same as your domain.
# Redirect HTTP -> HTTPS server { listen 80; server_name www.example.com example.com; return 301 https://example.com$request_uri; } # Redirect WWW -> NON-WWW server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; return 301 https://example.com$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.com; root /var/www/html/wordpress; index index.php; # SSL parameters ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_prefer_server_ciphers off; ssl_stapling on; ssl_stapling_verify on; resolver 1.1.1.1 1.0.0.1 valid=300s; resolver_timeout 30s; # log files access_log /var/log/nginx/example.com.access.log; error_log /var/log/nginx/example.com.error.log; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php8.1-fpm.sock; } location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { expires max; log_not_found off; } }
then create a symbolic link to the sites-enabled directory.
sudo ln -s /etc/nginx/sites-available/sample.com /etc/nginx/sites-enabled/sample.com
sudo nginx -t nginx -s reload
References
https://www.hostinger.com/tutorials/how-to-install-wordpress-with-nginx-on-ubuntu/
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/
https://wordpress.org/documentation/article/nginx/
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 30s; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff;
References
https://linuxize.com/post/secure-nginx-with-let-s-encrypt-on-ubuntu-20-04/
sudo apt install redis-server
sudo nano /etc/redis/redis.conf
Inside the file, find the supervised
directive. This directive allows you to declare an init system to manage Redis as a service, providing you with more control over its operation. The supervised
directive is set to no
by default. Since you are running Ubuntu, which uses the systemd init system, change this to systemd
. . . # If you run Redis from upstart or systemd, Redis can interact with your # supervision tree. Options: # supervised no - no supervision interaction # supervised upstart - signal upstart by putting Redis into SIGSTOP mode # supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET # supervised auto - detect upstart or systemd method based on # UPSTART_JOB or NOTIFY_SOCKET environment variables # Note: these supervision methods only signal "process is ready." # They do not enable continuous liveness pings back to your supervisor. supervised systemd . . .
sudo systemctl restart redis.service
References
https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-redis-on-ubuntu-22-04
sudo nano /etc/mongod.conf
Find the network interfaces
section, then the bindIp
value:
. . . # network interfaces net: port: 27017 bindIp: 127.0.0.1 . . .
Append a comma to this line followed by your MongoDB server’s public IP address:
. . . # network interfaces net: port: 27017 bindIp: 127.0.0.1,mongodb_server_ip . . .
Please note that this should be the IP address of the server on which you’ve installed MongoDB, not the IP address of your trusted remote machine.
sudo systemctl restart mongod
Remove the existing .NET packages from your distribution. You want to start over and ensure that you don’t install them from the wrong repository.
sudo apt remove 'dotnet*' 'aspnet*' 'netstandard*'
Configure your package manager to ignore the .NET packages from the distribution’s repository. It’s possible that you’ve installed .NET from both repositories, so you want to choose one or the other.
touch /etc/apt/preferences nano /etc/apt/preferences
Package: dotnet* aspnet* netstandard* Pin: origin "<your-package-source>" Pin-Priority: -10
Make sure to replace <your-package-source>
with your distribution’s package source, for example, on Ubuntu you may use archive.ubuntu.com
in the US.
Use the apt-cache policy
command to find the source:
apt-cache policy '~ndotnet.*' | grep -v microsoft | grep '/ubuntu' | cut -d"/" -f3 | sort -u
# Get Ubuntu version declare repo_version=$(if command -v lsb_release &> /dev/null; then lsb_release -r -s; else grep -oP '(?<=^VERSION_ID=).+' /etc/os-release | tr -d '"'; fi) # Download Microsoft signing key and repository wget https://packages.microsoft.com/config/ubuntu/$repo_version/packages-microsoft-prod.deb -O packages-microsoft-prod.deb # Install Microsoft signing key and repository sudo dpkg -i packages-microsoft-prod.deb # Clean up rm packages-microsoft-prod.deb # Update packages sudo apt update
sudo apt-get update && \ sudo apt-get install -y dotnet-sdk-8.0
References
https://learn.microsoft.com/en-us/dotnet/core/install/linux-ubuntu-2204
https://learn.microsoft.com/en-us/dotnet/core/install/linux-ubuntu
https://learn.microsoft.com/en-us/dotnet/core/install/linux-package-mixup?pivots=os-linux-redhat
sudo nano /etc/sysctl.conf
net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr
sudo sysctl -p
References
https://pupli.net/2017/12/boost-ubuntu-16-04-17-10-network-performance-by-enabling-tcp-bbr/
In the modern world of web development, Apache2 stands as one of the most robust, reliable, and widely used web servers. This blog post aims to guide you through the installation and configuration of Apache2 on an Ubuntu system, enabling a range of advanced features to maximize its capabilities.
Open your terminal and run the following command to install Apache2:
apt-get -y install apache2
The -y
flag automatically confirms the installation, saving you from having to do so manually.
Apache2 is highly modular, allowing you to enable or disable various features according to your needs. To enable a range of advanced modules, execute the following commands:
sudo a2enmod proxy sudo a2enmod ssl sudo a2enmod proxy_http sudo a2enmod proxy_ajp sudo a2enmod rewrite sudo a2enmod deflate sudo a2enmod headers sudo a2enmod proxy_balancer sudo a2enmod proxy_connect sudo a2enmod proxy_html sudo a2enmod remoteip sudo a2enmod proxy_fcgi sudo a2enmod proxy_wstunnel sudo a2enmod expires
Important: Remember to restart the Apache server after installing new modules for the changes to take effect
To apply custom configurations to Apache2, you’ll need to edit its main configuration file. Use the nano
editor to open it:
nano /etc/apache2/apache2.conf
Here you can add or modify directives according to your specific needs. After making the desired changes, save and exit the file.
After making all the changes, it’s important to restart the Apache2 service for the new configurations to take effect:
sudo systemctl restart apache2
Additionally, you can stop or start Apache2 using the following commands:
sudo systemctl stop apache2
sudo systemctl start apache2
You’ve successfully installed Apache2 and enabled a host of advanced features, setting a solid foundation for whatever web-based projects you plan to host. This flexible, modular setup ensures you have all the tools you need to build a robust, high-performance web server.
Removed all .NET packages
sudo apt remove 'dotnet*' sudo apt remove 'aspnetcore*'
Deleted PMC repository from APT, by deleting the repo .list file
sudo rm /etc/apt/sources.list.d/microsoft-prod.list
Install .NET 7 SDK
sudo apt update
apt-get install -y dotnet-sdk-7.0