Thor's VPS thread

[Thor]

Sometimes 72 hours to propagate to the TLD"s

I thought one can speed that up by changing the TTL

 

[Thor]

OMG Holy shiat.

My first virtual block in nginx works!!!!!!!

ERPnext.co.za
I did add www.erpnext.co.za as well however it doesn't appear to work.

I'll look into the virtual block file again quickly

 

[Hamster]

I need someone to SSH in and report back here what I need to do and why.

I've read all over the place but since I don't grasp Linux as whole yet I'm lost most of the time when reading about the security.

Did you read this? https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04
And this: https://www.digitalocean.com/commun...ecommended-steps-for-new-ubuntu-14-04-servers

You may also want to check out this guide to learn how to enable fail2ban to reduce the effectiveness of brute force attacks.

After that you have SSH access setup, a firewall and an extra guard against attacks. Fsck it, I'll paste that link for you as well just in case: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04

No make sure you code your apps securely. Nothing on that server is going to help you if you use filepaths in your URLs or not check header tokens etc.

What more do you want?!

 

[Thor]

Did you read this? https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04
And this: https://www.digitalocean.com/commun...ecommended-steps-for-new-ubuntu-14-04-servers



After that you have SSH access setup, a firewall and an extra guard against attacks. Fsck it, I'll paste that link for you as well just in case: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04

No make sure you code your apps securely. Nothing on that server is going to help you if you use filepaths in your URLs or not check header tokens etc.

What more do you want?!

Yea it's outdated, but the SSH part I did and the fail2ban I did. Actually all of that I did.

Then semaphore said don't bother that's when in git confused cause why am I taking these precautions if it doesn't matter.

So I. Made that scenario and want him to show me then what he would do which I haven't done.

 

[Thor]

But the rest works now!!!

 

[Thor]

Chapter two

Scripts / Automation/?

How does one go about to deploy websites fast.

Ie it took quite a few steps to create a account with a virtual block.

Surely there must be an easier way so that I can just do:

SSH

$ create account mydomain.co.za

Then it will end up as / var /www /mydomain/ html

if that makes sense?

I'd like all accounts to be 8 characters

 

[Thor]

cloud-fare blocks me if I have the dashes next to the words so excuse the k@k formatting

 

[semaphore]

Chapter two

Scripts / Automation/?

How does one go about to deploy websites fast.

Ie it took quite a few steps to create a account with a virtual block.

Surely there must be an easier way so that I can just do:

SSH

$ create account mydomain.co.za

Then it will end up as / var /www /mydomain/ html

if that makes sense?

I'd like all accounts to be 8 characters

Ansible

 

[Thor]

Ansible

For people that screams CLI every time I post something I have gotten an overly influx of GUI cpanel alternatives in this thread ey.

Also ansible is paid for so why use that over WHM.

 

[semaphore]

Also ansible is paid for so why use that over WHM.

Because maybe you should do your research and see what Ansible actually offers you. Instead of making asinine statements. You asked for an automated way, I provided you a tool. Furthermore there is an OSS version of Ansible. Or you could use chef.

 

[Thor]

Because maybe you should do your research and see what Ansible actually offers you. Instead of making asinine statements. You asked for an automated way, I provided you a tool. Furthermore there is an OSS version of Ansible. Or you could use chef.

Read my OP

 

[Drifter]

Greek

 

[rward]

bash

ansible
chef
puppet?

Start with a bash script ..

 

[Thor]

bash

ansible
chef
puppet?

Start with a bash script ..

That's the word!!

I've heard/used/read somewhere bash rings a bell.

 

[Thor]

How can I debug wget

When I try to wget something it resolves and then times out after saying connecting.

I have no clue where to start.

 

[Thor]

I can't get wget to work

 

[Thor]

If dns-nameservers X.X.X.X does not exist in the file can I add it?

I am starting to feel this might be due to some funny DNS issue so would like to use google's

 /etc/network/interfaces

 

[koeksGHT]

If dns-nameservers X.X.X.X does not exist in the file can I add it?

I am starting to feel this might be due to some funny DNS issue so would like to use google's

 /etc/network/interfaces

yep

 

[Thor]

thor@vps:~$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ufw-before-logging-input  all  --  anywhere             anywhere
ufw-before-input  all  --  anywhere             anywhere
ufw-after-input  all  --  anywhere             anywhere
ufw-after-logging-input  all  --  anywhere             anywhere
ufw-reject-input  all  --  anywhere             anywhere
ufw-track-input  all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ufw-before-logging-forward  all  --  anywhere             anywhere
ufw-before-forward  all  --  anywhere             anywhere
ufw-after-forward  all  --  anywhere             anywhere
ufw-after-logging-forward  all  --  anywhere             anywhere
ufw-reject-forward  all  --  anywhere             anywhere
ufw-track-forward  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-output  all  --  anywhere             anywhere
ufw-before-output  all  --  anywhere             anywhere
ufw-after-output  all  --  anywhere             anywhere
ufw-after-logging-output  all  --  anywhere             anywhere
ufw-reject-output  all  --  anywhere             anywhere
ufw-track-output  all  --  anywhere             anywhere

Chain ufw-after-forward (1 references)
target     prot opt source               destination

Chain ufw-after-input (1 references)
target     prot opt source               destination
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination

Chain ufw-after-output (1 references)
target     prot opt source               destination

Chain ufw-before-forward (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ufw-user-forward  all  --  anywhere             anywhere

Chain ufw-before-input (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ufw-not-local  all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns
ACCEPT     udp  --  anywhere             239.255.255.250      udp dpt:1900
ufw-user-input  all  --  anywhere             anywhere

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination

Chain ufw-before-output (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  anywhere             anywhere

Chain ufw-logging-allow (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  anywhere             anywhere             limit: avg 3/min burst 10
DROP       all  --  anywhere             anywhere

Chain ufw-reject-forward (1 references)
target     prot opt source               destination

Chain ufw-reject-input (1 references)
target     prot opt source               destination

Chain ufw-reject-output (1 references)
target     prot opt source               destination

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain ufw-track-forward (1 references)
target     prot opt source               destination

Chain ufw-track-input (1 references)
target     prot opt source               destination

Chain ufw-track-output (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination

Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http /* 'dapp_Nginx%20HTTP' */

Chain ufw-user-limit (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination

Chain ufw-user-output (1 references)
target     prot opt source               destination
thor@vps:~$

 

[Thor]

If that helps