Week 4 – Setting up a VPS with a domain

This post is part of Linux Servers -course ran by Tero Karvinen (http://terokarvinen.com)

This week we focused on mainly VPS related things, such as where to rent a VPS and how to set one up, as well as how and where one should buy a domain and how they can redirect it to point to their VPS.

In this article, I have covered:

  1. Getting a VPS from DigitalOcean and 50$ worth of balance
  2. Connecting to a server with ssh
  3. Setting up new Linux users
  4. Enabling firewall in Linux
  5. Enabling userdir in Apache2 (again)
  6. Changing Apache’s default page to a custom page with virtual hosts
  7. Searching Apache’s logs for breaching attempts and tracking their IP’s
  8. Using SCP to copy files from a computer to another
  9. Making a namecheap.com domain point to a server

Assignments

We had a total of 24 assignments of which 5 were mandatory (and many were very small). I am really on a tight schedule this month and decided not to even give in my 60%, and only do the required 5. But, minimum effort is the best amount of effort.

The task descriptions are freely translated from the course page, written in Finnish by Tero Karvinen

Task a) On your VPS, enable the possibility of making websites with regular user privileges.

Since reporting the procedure of getting the VPS wasn’t necessary, I’m not going to cover it in a very detailed manner. But I got my VPS from digitalocean as the Github education pack that I am entitled to contained 50$ worth of credits there. Basically, one has to enroll for the education pack with their school email or student card and they get a coupon code for digital ocean. Anyone can choose whatever plan they want, but I decided to go for the cheapest one which is 5$ a month and has 1 GB of RAM, 25 GB disk space and one vCore CPU, which according to lshw is part of Intel Xeon Gold 6140 CPU @ 2.30GHz.

First steps

First step was to connect with root account to my newly-created droplet with the IP of the server. This was done with:

ssh root@<ip address>

After this, the server prompted me to create a new password and I was set to go.

Adding a new user

After I had logged in as root, I created a new user and added it to groups adm and admin. This was done with

sudo adduser thomaxius 
sudo adduser thomaxius adm 
sudo adduser thomaxius admin 

Enabling firewall

As I wrote last week, to enable the firewall one must first allow the ssh 22 port and then enable the firewall. This is done with the following commands:

sudo ufw allow 22/tcp 
sudo ufw enable  

Doing the actual task

The task was about allowing all users to create new websites. I assumed this meant just that Apache must be configured to search for public_html folders from user folders, for example, if user Torvalds has a public_html folder in their home directory, he can browse to it via http://www.website.com/~torvalds

This was also covered in last week’s blog post. So it still was just a matter of enabling Apache’s userdir module via:

sudo a2enmod userdir

And then restarting Apache2 service with:

sudo systemctl restart apache2.service

Testing that it works

I wanted to make sure it didn’t work just on my sudo account, so I created a new account per the instructions above and a new public_html folder in that users home folder, where I then created a new index.html file.


And everything worked just fine.

Task s) Change Apache to show a user website as Apache’s default page

Creating a virtual host

This task was basically about defining a new virtual host. I covered last week where Apache’s configuration files are located. So for this task, I had to browse to /etc/apache2/sites-enabled/ and then make copy the 000-default.conf file that resided there with:

sudo cp 000-default.conf santamaa.conf

The name can be anything one desires. I then edited the file to match the following:

<VirtualHost *:80>
        ServerName santamaa.com
        serverAlias santamaa.com
        ServerAdmin webmaster@localhost
        DocumentRoot /home/thomaxius/public_html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

And configured Apache to use the newly-created config with:

sudo a2ensite test.com.conf

And then restarted Apache2 service. The Result Will Shock You:

Task y) Search Apache’s logs for possible breaching attempts. You can get details of IP addresses with
tools such as ipcalc, geoiplookup and whois.

My server has been running a sample PHP page for a week now, so chances were that there has been some visitors. I opened Apache’s access.log with sudo cat /var/log/apache2/access.log and was presented with a wall of text:

Some (bot, most likely) has tried searching for common site names such as phpmyadmin, /mysql/index.php, /phpinfo.php/, etc. All of these requests have returned 404, however as I don’t have any of those set up.

Getting info of the user by using their IP

I proceeded to install whois and geoiplookup and upon running them, found out that the requests came from China.

Task b) Make websites on your local computer and then copy them to your VPS with scp
&&
Task c) Insert some sample php page to your server.

I had already made some basic sample Mariadb-using PHP pages last week, so I just proceeded to copy them to the server with scp (secure copy protocol).

Using scp

I hadn’t used scp before, so I googled for instructions and found this simple instructions page that got me started. The command for transferring a file from local to remote in my case was:

scp index.php torvalds@santamaa.com:/home/torvalds/public_html

Which then prompted me to type the users password, after which the file was transferred.

I then deleted the previously created index.html file from torvalds’ public_html directory and browsed to his user address.

And it worked.

x) Make a public domain to point to your server.

As a bonus, I’ll quickly cover how I pointed my domain to my VPS.

I bought a domain from namecheap.com after our teacher recommended this particular host, and also cause I was lucky to have a domain with my lastname.com available.

Pointing a domain to a server with namecheap

I first logged in to my namecheap account, chose ‘domain list‘ from the left of the dashboard and then clicked on ‘manage‘. From this screen, I proceeded to click on ‘Advanced DNS’ Then I replaced the default records to listed on the records-table to match the following:

Where the IP is the IP of the server or place where one wants to point the IP.

Also, if somebody wants a VPS with 100$ in credits (some terms apply), use this referral link to Digital Ocean:

https://m.do.co/c/c209e88e231a

References:

Tero Karvinen – Course page:
http://terokarvinen.com/2018/aikataulu-linux-palvelimet-ict4tn021-3004-ti-alkukevat-2019-5-op

Tero Karvinen – First steps on a new virtual private server:
http://terokarvinen.com/2017/first-steps-on-a-new-virtual-private-server-an-example-on-digitalocean

DigitalOcean – How to set up virtual hosts with Ubuntu & Apache:
https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts

Hyperxr.org – Linux scp usage:
http://www.hypexr.org/linux_scp_help.php

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close