Setting up a server on public web

This week on the Linux server course we learned about creating a virtual private server on a hosting service provider's platform and running an Apache server on the virtual machine.

The websites created during this exercise will be available for some time on:

• http://167.71.39.80
• http://167.71.39.80/~juuso/

Creating the droplet

I created a droplet that runs a Debian 10 x64 distro and selected the cheapest plan for it.

For authentication I will be using ssh keys and to generate a key I ran the following command and chose a name and passphrase for the key-pair and copy-pasted the public key to DigitalOceans droplet creator.

I then pressed Create Droplet at the bottom of the page. To test that the connection and ssh key work I try and connect from my Windows desktop's powershell cli using OpenSSH. It worked so now onto creating a user.

To create a user I used the command adduser and made the username juuso. Then I added the user to the groups sudo and adm with adduser juuso sudo, adduser juuso adm. I then needed to create a new ssh key for this new user so i could connect to it. So I created it again with ssh-keygen. I created the .ssh directory for user juuso and copied the new public ssh key from my workstation with scp -i {private key for root} {public key for juuso} [email protected]:/home/juuso/.ssh/ and renamed it on the root user with mv {public key file} authorized keys.

I then checked that I could connect with the user and disabled root login with sudoedit /etc/ssh/sshd_config and changing PermitRootLogin to "no", then restarting ssh with sudo service ssh restart.

Setting up a firewall

To set up the firewall I downloaded it and set rules to allow for ssh connections:

• sudo apt-get update
• sudo apt-get install ufw
• sudo ufw allow 22/tcp
• sudo ufw enable
• sudo ufw status

Setting up Apache and user home pages

Refer to Apache blog post for a more in-depth walk-through for this setup. Here I'll just list the commands to get it done with some pictures.

• sudo apt-get install apache2
• sudo systemctl status apache2

• sudo ufw allow 80/tcp
• sudo a2enmod userdir
• sudo systemctl restart apache2
• mkdir public_html
• echo "Hello everyone!" > public_html/index.html

Checking the logs for unauthorized access attempts

To check if there were any unauthorized access attempts I checked the auth.log from /var/log/auth.log. I saw that there were a lot of connection attempts from weird user names so I filtered it a bit with sudo cat /var/log/auth.log | grep "[I|i]nvalid" to see just the users more clearly.

It seems that there are some bots scanning the server even though it was just opened and some of them are using common user names like admin and pi.

Links

• Course page: https://terokarvinen.com/2021/linux-server-course-linux-palvelimet-ict4tn021-3016/