Setting up a VPS for website hosting - Part 5
(Optional) Automating Deployment
If you've reached this point in the tutorial, then you're done and you have a fully set up server. This page is a shortened and condensed way to run all of the previous steps. Linode is nice as well in how it has these StackScripts that can be deployed immediately after imaging a server. So if you create a new Linode and run this StackScript, everything will be setup for you. This is completely optional, but it's a faster and easier way without the explanation. Plus, this can be automated in case you find yourself re-imaging several servers repeatedly.
Linode StackScript Usage
Use the StackScript. That will generate a admin, install ufw, fail2ban, apache2, and certbot, configure ssh, and configure the apache configuration files to point to ~/www/html/WEBSITE_NAME instead of /var/www. The StackScript is also listed here:
#!/bin/bash
#<UDF name="ssuser" Label="New user" example="username" />
#<UDF name="sspassword" Label="New Password" example="password" />
#<UDF name="hostname" Label="Hostname" example="examplehost" />
#<UDF name="website" Label="Website" example="example.com" />
# Create local account
adduser $SSUSER --disabled-password --gecos "" && \
echo "$SSUSER:$SSPASSWORD" | chpasswd
adduser $SSUSER sudo
# rename hostname
hostnamectl set-hostname $HOSTNAME
# Setup the hostname
HOSTNAME=$(hostname)
FQDN=$(hostname -f)
IPV4=$(hostname -I | cut -d ' ' -f 1)
IPV6=$(hostname -I | cut -d ' ' -f 2)
hostnamectl set-hostname $HOSTNAME
echo "${IPV4} ${FQDN} ${HOSTNAME}" >> /etc/hosts
echo "${IPV6} ${FQDN} ${HOSTNAME}" >> /etc/hosts
# Setup time zone
timedatectl set-timezone 'America/New_York'
# Update the OS
apt update
apt upgrade -y
apt update
# Install UFW, Apache, Certbot, and Fail2Ban
apt install software-properties-common
add-apt-repository universe
apt install -y ufw apache2 certbot python3-certbot-apache fail2ban
apt update
apt upgrade -y
USER=$SSUSER
# Allowing empty ssh logins
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords yes/g' /etc/ssh/sshd_config
# Changing apache configuration files
sed -i "s|/var/www/|/home/$USER/www|g" /etc/apache2/apache2.conf
sed -i "s|/var/www/html|/home/$USER/www/html|g" /etc/apache2/sites-available/000-default.conf
sed -i "s|/var/www/html|/home/$USER/www/html|g" /etc/apache2/sites-enabled/000-default.conf
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/$WEBSITE.conf
systemctl start apache2
systemctl enable apache2
# Making html folder
mkdir -p /home/$SSUSER/www/html/$WEBSITE
chown cindy /home/$SSUSER/www -R
# Another OS update for good measure
apt update
apt upgrade -y
#Configure UFW
ufw default allow outgoing
ufw default deny incoming
ufw allow ssh
ufw allow http
ufw allow https
systemctl start ufw
systemctl enable ufw ssh-keygen -f "/home/$USER/.ssh/known_hosts" -R "173.255.210.174"
# Cleanup
rm /root/StackScript
echo "Installation complete!"Copy your computer's ssh key to your server
ssh-copy-id cindy@cindybui.mesudo certbot --apachesudo visudocindy ALL=(ALL) NOPASSWD:ALLsudo passwd -d cindy