Homepage Utilities List Chat Place Idearticle Minigames About rrndnightcontent
This tutorial will guide you on how to setup your VPS: *OS will be based on Ubuntu and WebServer will be Nginx Create User Generate SSH Key Test SSH Login Set Firewall Install Nginx Add File Nginx Install Certificate Setup Available Site Website Traffic Welcome to the guide for setup your VPS. In case you haven't realize, VPS is pretty much an empty server with the default OS. So if you feel that what you're doing is 90% of what you thought it should have already, that's because it is. Ubuntu is a Linux-based operating system (OS) providing the base infrastructure. It manages hardware resources Nginx is high-performance software that runs on an OS to serve web content, act as a reverse proxy, and balance load. It manages web traffic. If you want a video tutorial, you can watch the Hostinger VPS Set Up Commands Guide (by Caleb) https://www.youtube.com/watch?v=oDzkmotLgks Tips: Right-Click to paste in Powershell, exit to quit ssh and go back to powershell ______________________ Tutorial Step starts here: Open the Bash Ubuntu Terminal (you can access it from the provider's website, you will access it as root) Paste the command below: apt update && apt upgrade -y Paste the command below: adduser username *"username" is just an example name and can change, no sudo needed since you're root It will prompt you for password after that Enter it and hit enter (it will not show anything when you typed so be very careful, for safety it will aks you to type again) After confirmed you'll be asked to enter the biodata like name but you can skip all by typing Enter and hit Y for confirm. Next, give new user the sudo permission (this means the said user can execute command with root privilege): usermod -aG sudo username *Verify the New User’s Groups id username *Switch to New User Account, enter the password as usual su - username This Powershell command will generate SSH Key Pair (Windows: Use Powershell / Mac: Use Terminal), E.g location: C:\Users\username/.ssh/id_ed25519.pub ssh-keygen -t ed25519 -C "My Personal SSH Key" -when asked for file location put blank for now, same goes for the passphrase as well *This is important because if you use ssh by default it will ask password everytime, if you're okay with that you can skip this step Login as the new user again.. su - username Create a folder named ".ssh" mkdir -p ~/.ssh nano ~/.ssh/authorized_keys After you're in the Nano Text Editor, paste the key , CTRL + O and Enter To get the key, go to your PC "User\.ssh\id_ed25519.pub" open the .pub file as txt, copy the texts (DO NOT SHARE THIS WITH ANYONE) *The command and action above opens authorized_keys file in Nano, paste the .pub keys and hit CTRL + O and Enter (this will save the text in 1st line with your laptop's key) Set permission chmod 700 ~/.ssh Set authorized_keys Permissions chmod 600 ~/.ssh/authorized_keys Login to your user with ssh ssh username@[Your_IP] Restart SSH Service on VPS Browser Terminal sudo systemctl restart ssh Creating Firewall: Check UFW Firewall Status sudo ufw status Allow SSH Through Firewall sudo ufw allow OpenSSH Allow HTTP Traffic (Port 80) sudo ufw allow 80/tcp Allow HTTPS Traffic (Port 443) sudo ufw allow 443/tcp Enable Firewall sudo ufw enable Confirm Firewall Rules (optional) sudo ufw status Your table should looked like this: To Action From ---- --------- -------- OpenSSH ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere Nginx Full ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) Nginx Full (v6) ALLOW Anywhere (v6) Next, reboot VPS sudo reboot You're good to go after this ________________ To make the website able to retrieve the file in your VPS, you need a web server, its a proxy that get the file from your VPS and display it Note: Paste by Right-Click sudo apt install nginx -y && sudo systemctl start nginx && sudo systemctl enable nginx Open Firewall for Nginx sudo ufw allow 'Nginx Full' && sudo ufw reload To check your VPS server website worked or not, you can go to the link: https://[your IPv4 address] *If its shows 404 Not Found Nginx, it means Nginx is successfully installed and the website can run This is the Nginx default directory cd /var/www/html/ And this is where your html will be at: /var/www/html/index.html There's 2 options to create the file: [Option 1] Use Powershell's scp command to copy from your PC and paste to the Nginx server, only recommended if you are pasting a Folder or Image Note: This is Powershell, NOT SSH (use the ssh exit command if you login): scp "C:\Users\You\Desktop\index.html" root@203.0.113.10:/tmp/ This command is SSH, NOT POWERSHELL sudo mv /tmp/index.html /var/www/html/index.html && sudo chmod 644 /var/www/html/index.html [Option 2] Direct insert the html contents to the file in the Nano Text Editor, highly recommended because you don't need to go back and forth with scp sudo nano /var/www/html/index.html OR sudo nano index.html if your current directory is in the /var/www/html/ already Set ownership (this is important because Nginx might be unable to display it on the website if no permission) sudo chown -R www-data:www-data /var/www/html Reload the https://[YourIP] and it should be there! *It doesn't have to be index.html Certificate is important for user's assurance. Without it, they will see the unsafe to enter warning when tried to access your website. The easiest way is to install the certbot sudo certbot certificates To renew: sudo certbot renew Test renewal system sudo certbot renew --dry-run For better security, it is recommended to add a few rule about site that is available to access or not They are stored in a file, you can access via this command: sudo nano /etc/nginx/sites-available/default This will redirect user from http:// to https://, put this in a new server { } server { #when user accessed http, Nginx will refer to this server { } listen 80; server_name websitename.com www.websitename.com; # redirect user from http:// to https:// return 301 https://$host$request_uri; } #Enable php backend to execute, put this inside your original server { } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; } Deny Access #block anyone from accessing URL path that contains files starting with .ht (like .htaccess, .htpasswd, etc.). #Its generally OK since Nginx don't use those file. But better to put in case you change to Apache (Web server) later location ~ /\.ht { deny all; } #Deny access to specific file, the snippet below means block all from accessing filename password.php (\. is to tell Regex treat it as dot, because . is wildcard) location ~* /folder1/(password\.php) { deny all; } Make user sees the 404 if they try to access a directory that didn't exist location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } Put this in your server { }, the original, not the port 80 from above #Tells Nginx to listen on port 443 (the standard port for HTTPS) listen 443 ssl; #Defines which domain names this config applies to and also handles both the root domain and the www version server_name example.com www.example.com; #Points to your SSL certificate file; fullchain.pem includes: your domain certificate / intermediate certificates (needed for browser trust) ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; #Points to the private key for the certificate, this must match the certificate above and stay secret ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; Add the default file list that user will see when accesing the "folder" E.g: Your URL stated example.com, but what you see is actually from example.com/index.html # Add index.php to the list if you are using PHP, each variant is separated by a space index index.php index.html index.htm index.nginx-debian.html; If you aimed to make your website as a business platform, you should consider analyzing website traffic. There are a few way to do so: Hardest Way is by reading through access.log file directly sudo nano /var/log/nginx/access.log Easy way, GoAccess (this actually just take data from your access.log file, so its better than above method and user friendly since it doesn't have cookies) 1) Install Goaccess sudo apt update && sudo apt install goaccess -y 2) Go to goaccess's config file to add the format sudo nano /etc/goaccess/goaccess.conf 3) Put these 3 lines in the file log-format COMBINED date-format %d/%b/%Y time-format %T 4) Activate goaccess and analyze the log sudo goaccess /var/log/nginx/access.log *How to read GoAccess statistics: hits = number of url request by users (including when user refresh) vis = true unique visitors h% = percentage of hits for a particular url (stated in data) v% = percentage of unique visitor for a specific url (stated in data) mtd = method Tx. Amount = Total bandwidth served for this URL data = The actual requested path → your root URL (homepage) / *For weird binary / HTTP2 / TLS junk, they are not request, more like tls handshake. Ways to identifying threat (bot) 1) Check the data they are accessing, they mostly target the backend stuff -info.php (do not make it accessible to public if possible) -wordpress files (somethimes wp and so on) 2) Check the user-agent, this is the log's last array where there is like: Mozilla, curl, python-requests, Googlebot Beware: curl, wget, python-requests are the suspicious one *Remember, bots are not targeting you specifically, they scan the whole internet. So don't feel scared if you see this everyday Verify "good bots" (important) The harmless bot here are .googlebot.com To find an IP origin, use this CMD Command nslookup [IPv4 address] If something like this appear: crawl-66-249-66-1.googlebot.com < This means its a harmless bot And finally, the Google Way You can register the Google Analytic by... Create an account at google.com/analytics Set up a property for your website/app And install the tracking code to begin collecting data. *Key actions include monitoring traffic sources in reports, tracking user engagement, and using the "Explore" tab to build custom reports. Note: Google Analytic uses cookies (lesser privacy), in which bolstered the accuracy for analyzing the users Which one should you choose? If your website is just for education, use GoAccess If your website is a business platform, use Google Analytics