• Activity
  • Votes
  • Comments
  • New
  • All activity
  • Showing only topics with the tag "hosting". Back to normal view
    1. How do country-based "Access Denied" pages work?

      I'm currently abroad in Asia and cannot access certain websites from European or US companies. While I often cannot access websites because the country I am visiting blocks them, some of the...

      I'm currently abroad in Asia and cannot access certain websites from European or US companies.

      While I often cannot access websites because the country I am visiting blocks them, some of the websites are blocked by the country of origin.

      For example, if I try to access homedepot.com, I am greeted with a white screen and the following error message:

      Access Denied

      You don't have permission to access "http://www.homedepot.com/" on this server.

      Reference #18.b2d3e17.1711331240.4d2ee5d0

      https://errors.edgesuite.net/18.b2d3e17.1711331240.4d2ee5d0

      Another example would be toyota.de, which produces:

      Access Denied
      You don't have permission to access "http://de.toyota.ch/contact" on this server.

      Reference #18.16a33017.1711331317.93e27b61

      How do these websites "ensure" that I cannot access them? It seem that some sort of configuration was purposely made to reject access from certain countries. Accessing them with a VPN solves the problem. But I'm wondering why and how the geo blocking exists to begin with.

      I'm also asking this question because it made me wonder if certain hosting providers actively block certain countries from accessing the hosted content. There was a thread about hosting quality of various providers yesterday and that got me thinking. When we used Wix for our website in the past, although content was accessible abroad, the speed seemed very slow. Worse would be if it were entirely blocked.

      Edit: by the way, changing the address request from http to https does not make any difference.

      21 votes
    2. Self-hosted DnD 5e Charsheets

      I’ve been looking for a good system for my friends and I to share TTRPG character sheets (primarily DnD) with one another. We’re not interested in a full-digital VTT, but the ecosystem is pretty...

      I’ve been looking for a good system for my friends and I to share TTRPG character sheets (primarily DnD) with one another.

      We’re not interested in a full-digital VTT, but the ecosystem is pretty fragmented for charsheet-only apps (many immature and abandoned projects). Self-hosted webapp makes the most sense for our needs, but I’m open to suggestions for some other sync method that’s not PDF-based.

      This seems like a viable candidate:

      https://github.com/Orcpub/orcpub

      …but I’d love to hear better options if anyone’s found em.

      16 votes
    3. Hosting a company website on our own?

      Edit: I appreciate everyone's suggestions and recommendations! After speaking with my co-worker, I think we'll got with a Managed WordPress solution. Still have a lot more to discuss and figure...

      Edit: I appreciate everyone's suggestions and recommendations! After speaking with my co-worker, I think we'll got with a Managed WordPress solution. Still have a lot more to discuss and figure out, but I suspect that'll at least put us on the right footing. Thanks!


      Hello Tilderinos. I need your knowledge and advice.

      The organization I work for wants to build a new website. Traditionally, we've used an AMS, which is an Association Management System. These are typically used by non-profits, which is what we are, a voluntary regulatory non-profit. It combines a CMS with a CRM in a proprietary package. It's also entirely hosted and managed by the AMS developer, which is typical for these platforms. Basically a turnkey solution.

      We have a web designer/developer-yet-doesn't-want-wear-the-developer-mantle and me, who's really more of a desktop support/low level sysadmin for our small organization. I'm jack of all many trades, master of none.

      Our web designer is really interested in either self-hosting WordPress or even looking into a headless CMS. He wants more creative and functional control over our website than what we currently with our AMS. We are very limited to what we can do right now, since we're playing in the AMS' sandbox with only some HTML/CSS and light JS use. Anyway, from there, we'd use API calls to query the new CRM that's currently being built out (it's a proprietary one, akin to Salesforce) to generate dynamic content.

      I could go out and get webhosting at like a GoDaddy (I wouldn't use GoDaddy) or somewhere like that. I've done that before for some smaller auxiliary sites. Sites that, if they go down for a day or two, it's kinda NBD, while I try to figure out what's going on and reach out to the webhost for assistance. I literally just did that earlier this week on one of those sites.

      But this would be our main website. And we have a global customer and stakeholder base. People are always on our website 24/7. I'm hesitant to commit to doing it this way because I feel like there's so much that would drop into our laps that we don't know how to handle. What happens when the site goes down for some reason? Is there a failover? How do I even set that up? How do we do backups and rollbacks? How about security issues? How do I harden the site and system? What happens if we do get hacked? We've discussed the issues with WordPress, which are many. How do we deal with all those issues on our own? I don't know the answer to any of these.

      Like I said above, we don't have to deal with any of those questions right now. Our AMS provider deals with all that. I'm sure they have a team in a NOC or similar that watches the infrastructure 24/7. Part of what we pay them is so they can handle all that. No way in hell my co-worker and I are willing or able to do all that. And it's not that I'm not willing to learn how to do all this stuff, but to me, this seems like the wrong venue and time to be learning on the fly.

      Idk. Are my concerns overblown? Is it really just as easy as getting some webhosting space somewhere and installing WP or some headless CMS and letting my web dev go to town? I know my co-worker could build the site out. I'm just not sure if I could support it all during and afterwards.

      Any advice or suggestion would be appreciated. Because right now, him and I are going around in circles trying to figure this out, ha. Thanks.

      17 votes
    4. Wordpress hosting

      My girlfriend has started a small business and is looking into a blogging platform. What she has tried so far hasn't been great. She has decided to go the WordPress route and this is where I am...

      My girlfriend has started a small business and is looking into a blogging platform. What she has tried so far hasn't been great. She has decided to go the WordPress route and this is where I am involved.

      Any suggestions for hosting providers? What features should I be considering or anything else I should be aware of when it comes to picking a provider?
      Right now I am looking at Bluehost vs Hostinger. Bluehost just seem to be the most advertised. Hostinger seemed to offer more for the same cost.

      12 votes
    5. What home network equipment do you use?

      Hey all, I'm interested in going down the rabbit hole with Ubiquiti equipment or other manufacturers, more specifically with access points, routers, and a switch. I want to ween off my...

      Hey all, I'm interested in going down the rabbit hole with Ubiquiti equipment or other manufacturers, more specifically with access points, routers, and a switch. I want to ween off my ISP-supplied all-in-one equipment as their newer hardware limits basic features such as port forwarding, and I'm interested in re-enabling my self-hosted software. Wi-Fi standards have been moving pretty quickly, as have hardware. What setups do you have established in your homes?

      I don't really have a budget in mind, and have a 2.5GbE port I'd like to utilize for media consumption over LAN.

      29 votes
    6. I've been looking into self-hosting, what's the best cost-efficient option?

      I host a couple of very small websites for personal stuff and a Foundry server for my weekly RPG. Not exactly resource-intensive. And I've been paying for webhosting for a while for it, and it...

      I host a couple of very small websites for personal stuff and a Foundry server for my weekly RPG. Not exactly resource-intensive. And I've been paying for webhosting for a while for it, and it just feels unnecessary.

      I always figured when I finally decided to do it, I'd just grab a Raspberry Pi and go to town. But they're... weirdly expensive. The Zero 2 W is sold out everywhere, they have insane resale prices, and you still need to essentially buy the 'kit' first time to have most of the stuff to set one up. So is it worth it?

      I've been toying between that or just grabbing an old server off craigslist or Facebook Marketplace for $25-$30 and just going to town from there. What do you guys recommend?

      31 votes
    7. Recommendations for self-hosted spreadsheet software (such as Grist or Ethercalc)

      two promising options I found from some quick googling were Grist and EtherCalc of the two, Grist looks more compelling (I like the tech stack of Python+SQLite more than JS+Redis) but I'm open to...

      two promising options I found from some quick googling were Grist and EtherCalc

      of the two, Grist looks more compelling (I like the tech stack of Python+SQLite more than JS+Redis) but I'm open to any other suggestions as well.

      the specific use case I have in mind to start out with is planning ratios for a Factorio megabase (sort of a local, homegrown version of tools like the Kirk McDonald calculator). if that works out well I'd also like to play around with doing household budgeting and finances with it.

      if it matters: I'd be running this on Linux (NixOS); on an x86 box with plenty of headroom so I don't have any particular resource constraints; and I have an existing Postgres database server if that's an option for the backend

      12 votes
    8. Where is everyone hosting their email these days?

      This is more focused towards those that use custom domains for their email. My current plan is up at Zoho for my team in a month, and even though I've used them for the past few years its been...

      This is more focused towards those that use custom domains for their email. My current plan is up at Zoho for my team in a month, and even though I've used them for the past few years its been hit-or-miss (especially when using third-party apps or programs).

      Who do you use? Who do you not trust? Who would you never go back to?

      Sidenote: I hope this might eventually kick off a ~privacy group, one day.

      72 votes
    9. Cloud Servers for the Broke

      Just wanted to put this out there as a little PSA in case it's helpful: if you want a cloud server but don't wanna pay anything, Oracle's Free Tier is a life saver. Discovered it a year ago and...

      Just wanted to put this out there as a little PSA in case it's helpful: if you want a cloud server but don't wanna pay anything, Oracle's Free Tier is a life saver. Discovered it a year ago and couldn't be happier I did, since I'd never pay for cloud computing otherwise 😭.

      Quick Specs:

      For free you get:

      • 24/7 uptime
      • 200gb of storage space
      • 24GB of RAM
      • 4 OCPUs
      • 4 Gbps Bandwidth

      That's been more than enough for me and honestly feels too good to be true. Some things I've done with this:

      If anyone has any other ideas for cool projects I could self host, please do tell I'm curious what else I could do :)

      48 votes
    10. When did VPS hosting get so expensive?

      I recently looked around at VPS pricing on DigitialOcean, Linode and Vultr. Everything seems much higher than I'd expect - way over the inflation rate. It looks like a 2 core 8GB VPS is being...

      I recently looked around at VPS pricing on DigitialOcean, Linode and Vultr. Everything seems much higher than I'd expect - way over the inflation rate. It looks like a 2 core 8GB VPS is being priced between $45 and $60 per month. Maybe I don't remember correctly but I recall being able to get 2 core VMs around $20 a few years ago!

      31 votes
    11. How do I get started in self hosting?

      I'm curious on how to get started in self hosting. I have computer experience, being an Android Developer, but I hardly have experience in Linux and backend/networking work. I've been wanting to...

      I'm curious on how to get started in self hosting. I have computer experience, being an Android Developer, but I hardly have experience in Linux and backend/networking work.

      I've been wanting to start up a Plex/Jellyfin server for a while, and I have an old system sitting around with a Ryzen 1700 with a graphics card in there as well that's been begging for attention, and maybe I can throw on a Minecraft server in there as well. Since I travel a bunch, it would be nice too to be able to access my media for when I'm traveling, or to let my parents or friends access some shows if they so desire!

      What I'm worried about is exposing my network to the internet basically. I used to run a Minecraft server with port forwarding and such on a personal computer but now I'm realizing that that's probably a bit unsafe lol.

      Basically, are there any guides that I can look at, or any of your own experiences that could potentially help me or anyone who's interested?

      28 votes
    12. How safe am I? (self hosting)

      I have a server running Unraid at home. I have ~20 docker containers running at the moment with almost all of them only available within my local network. I just stood up an instance of Seafile on...

      I have a server running Unraid at home. I have ~20 docker containers running at the moment with almost all of them only available within my local network. I just stood up an instance of Seafile on the server to act as a google drive replacement. Still in the early test phase before I commit to throwing important stuff on there. I have my domain proxied through Cloudflare so none of my local ports are exposed to the internet. Seafille has complicated passwords set for admin and user accounts (generated with Bitwarden, hot damn I love that app). I also enabled 2FA on each account. I know that I can further clamp it down using some of Cloudflare's extra access controls but in my admittedly limited experience, those all cause issues getting an app to authenticate with the service. Web apps don't have this issue of course.

      So am I ok with this setup? I can encrypt the data before uploading easily as it's a built in feature of Seafile. Or would it be better to just run with local only and run a VPN to access when I'm outside?

      I figure just about any effort along these lines I trust more than Google with my data. But I may be overconfident in that perhaps. I'm still learning the ropes with Linux and self-hosting in general.

      17 votes
    13. Book writing self-hosted solutions?

      I'm big into self-hosting and recently getting back into writing as an additional hobby, cuz one can never have too many, right? Anyway, I am looking for a writing organization tool like...

      I'm big into self-hosting and recently getting back into writing as an additional hobby, cuz one can never have too many, right? Anyway, I am looking for a writing organization tool like Manuskript, Dabble, or Scrivener that is both open source and self-hosted.

      Essentially, I would just like something that I can organize my thoughts and occasionally write in, but be able to access it from all my devices - desktops, laptops, phones, tablets, etc. It seems like most of the solutions I've looked at are limited to a single device or cloud functionality is locked behind a paywall. Of course, I could just use a self-hosted wiki site for cloud editing/organization, but I'd like something more oriented toward writing if anybody has any ideas. Thanks!

      26 votes
    14. What happens if Deimos can't host the site anymore?

      I'm sorry if this was already answered in the docs somewhere but similarly to the question "What happens to my Steam games when Valve goes out of business?" I was wondering what happens to Tildes...

      I'm sorry if this was already answered in the docs somewhere but similarly to the question "What happens to my Steam games when Valve goes out of business?" I was wondering what happens to Tildes if Deimos can't sustain it anymore for whatever reason (e.g. death, prison, going off the grid and starting from scratch in Ecuador...)?

      Is there some kind of backup plan in place?

      79 votes
    15. What webhost and software do you use for your personal website?

      In the 2000s, I had Blogger or a subdomain on some random free host. I even tried Ning at some point. Since 2012, I’ve had a personal site at a custom domain, on Squarespace, then WordPress who...

      In the 2000s, I had Blogger or a subdomain on some random free host. I even tried Ning at some point.

      Since 2012, I’ve had a personal site at a custom domain, on Squarespace, then WordPress who knows where, then Tumblr, then WordPress on Linode, now a combo Bear Blog and GitHub Pages.

      I dislike WordPress for how clunky it is, Squarespace for how expensive it is, Tumblr for how obviously Tumblr it is (I could say the same about Squarespace and many WordPress sites), GitHub Pages for making me use git to post. Basically, I’m not happy with anything.

      So I thought I’d ask los Tildeños—do you have a personal site? What web host and tech stack are you using for it? What do you like/dislike about it? What else have you tried?

      47 votes
    16. Best way to share / integrate photos on Tildes

      Hey gang, I’m a rather novice / hedonist tildes user and have just been posting links to uploaded images by hosting them on ibb and then sharing https://ibb.co/PF5nFf9 https://ibb.co/10pV1wB...

      Hey gang, I’m a rather novice / hedonist tildes user and have just been posting links to uploaded images by hosting them on ibb and then sharing

      https://ibb.co/PF5nFf9
      https://ibb.co/10pV1wB
      https://ibb.co/1GgyWCT

      Is there a better place to host and better way to post images?

      Thanks in advance. Sorry for any eye rolls I may have caused!

      14 votes
    17. Self-hosters! Share your reasons for self-hosting and favorite apps!

      Self-hosting has been a rabbit hole of wonder that I've explored and delved into over these past few months. I'm curious to hear what others use it for, what apps they love, and their rationale...

      Self-hosting has been a rabbit hole of wonder that I've explored and delved into over these past few months. I'm curious to hear what others use it for, what apps they love, and their rationale for doing so?

      I'll go first.

      First, in terms of rationale, this is a wonderful article that I think is worth checking out that encapsulates much my of ethos about pursuing self-hosting.

      https://kylechayka.substack.com/p/essay-the-digital-death-of-collecting

      The TL;DR is that we no longer have control over the things that we 'own' digitally for these massive cloud companies. For instance the songs / artists you listen to on Spotify may suddenly and unexpectedly become unavailable, certain things (most recently podcasts) may be forced upon you in unpleasant ways. Having complete control of your digital data is a very liberating feeling.


      In terms of apps:

      Hyperbackup - I use a synology NAS, so hyperbackup has been wonderful and use both external HD's and a cloud interface to create encrypted backups of everything which gives me peace of mind.

      Plex - One of my most used apps, being able to stream anything remotely has been a dream. Plexamp has given me back control of my music library in a way I never thought I would have.

      Tautulli - Great for more informatics on my plex usage

      Calibre / Calibreweb - Phenomenal for keeping track of my book collections

      PiHole - Ads be gone!

      *Arr apps - Specifically Sonarr/Prowlarr/Radarr, really like Overseerr for an interface tying everything together

      Daily Notes - A clean interface for keeping regular notes


      Some things that I'm not currently self-hosting but would love to hear if others are using alternatives...

      Instapaper - I know there are a few similar FOSS apps out there but haven't found one as convenient and well laid out

      TickTick - To do app, but similarly haven't found a FOSS alternative that was as robust and nice to use

      OneNote

      86 votes
    18. NordVPN changes to username and password encryption cause Auth_FAIL in OpenVPN/Gluetun

      Recently NordVPN rolled out an update which forced users to use an encrypted username and password combination when connecting through OpenVPN. I haven't seen any posts on this here, and it took...

      Recently NordVPN rolled out an update which forced users to use an encrypted username and password combination when connecting through OpenVPN. I haven't seen any posts on this here, and it took me way longer than I want to admit troubleshooting this issue because I knew my original credentials were correct.

      If you use a gluetun container for routing any of other containers traffic, you might have recently noticed a 500 Internal Service Error in your Health Status and when you check your logs you will find a AUTH_FAILED message.

      Solution below:

      1. Go to NordVPN website and log in (using your normal credentials)
      2. Under accounts, services, click NordVPN
      3. Click "Set up NordVPN Manually" at the bottom of the page
      4. You will receive an email verification code, using whatever email you have set up for your NordVPN services. Type this code into the popup window.
      5. Copy your new encrypted credentials for your Open VPN client settings.

      This is my first post, please add tags as required.

      24 votes
    19. What do you use to journal with?

      The recent PKM thread had me thinking about what folks are using as journaling app/portal. I do use Obsidian for my second brain right now and genuinely love it. But I find the mobile app on...

      The recent PKM thread had me thinking about what folks are using as journaling app/portal. I do use Obsidian for my second brain right now and genuinely love it. But I find the mobile app on Android to be a bit clunky, if I'm honest. Seems slow to open even with very few plugins. For jounaling I've used DayOne for years. I started back when it was iOS/MacOS only, but then switched phone to Android and haven't been back. But now they have an app and web app for that. What I don't like is the somewhat goofy format it saves in and it's on their servers. They used to allow you to at least leverage your own Dropbox, but no longer.

      For the past several months I've tried several FOSS options. Main criteria is that I could host it myself, supports offline entries stored in an open file format (preferably MarkDown), and had either multi platform app or a decent web app. That lead me to try these:

      Memos
      Pros:

      • Great persistent web app
      • Slick UI that is light and snappy
      • markdown support
        Cons:
      • Stuffs the .md inside a database file so can be a bit cumbersome to export data
      • No offline support. There is a 3rd party app that hopes to implement it

      Flatnotes
      Pros:

      • Incredibly simple
      • Another easily deployed app
      • Flat Markdown files
        Cons:
      • Web app on mobile is almost unusable as in it doesn't scale well to smaller screens
      • Very early development, but very likely to stay as minimalistic as it is now.
      • No offline and very unlikely to ever have it

      Joplin
      Pros:

      • Multi platform apps that perform well
      • End-to-end encryption supported
      • Could replace both DayOne and my To-do solution (Google Keep)
      • Offline support
        Cons:
      • More database stuff instead of flat markdown files

      One solution I've been testing lately is using IAWriter to write to a 'Journal' folder within my Obsidian vault on Google drive Obsidian Vault > Journal > 2023.... for example. This works surprisingly well. Of course IAWriter is a bit spendy at $29 for Android and then more $ for other platforms as they're sold separately.

      So I'm curious what other people are using for just simple daily journaling, random thoughts, etc. If there's an approach I've missed I'd love to hear it. Joplin is so dang close but not having the structure of plaintext files is a no go for me as I don't want to be trapped by any one product should something happen to the development down the road. Doesn't have to be free, but I want control of the entries either on my own server or cloud storage.

      46 votes
    20. Looking for recommendations for ad-free video hosting

      I’m creating a special video for my parents’ anniversary and want to share it privately. I don’t want anyone to see ads before, during or right after it. I’m not monetizing it and don’t care about...

      I’m creating a special video for my parents’ anniversary and want to share it privately. I don’t want anyone to see ads before, during or right after it. I’m not monetizing it and don’t care about viewer metrics.

      Right now I’m trying to decide between subscribing to Vimeo or just placing the file in my Google Drive and sharing out the link.

      The file won’t exceed 5GB.

      Would paying for a service like Vimeo really be worth it when I could just share out the file for free?

      Would appreciate any suggestions or recommendations from content creators.

      9 votes
    21. What's a simple, cheap way to run a database-backed website as a hobbyist?

      I use Github and Netlify to run some simple websites for free. It works well. However, I've been thinking of experimenting with a database-backed website for fun and Netlify doesn't have any...

      I use Github and Netlify to run some simple websites for free. It works well. However, I've been thinking of experimenting with a database-backed website for fun and Netlify doesn't have any persistence.

      What's a good way to do this that scales to zero when nobody's using it? I want to be able to forget about it entirely for months or years at a time. When someone visits, it should start up and run on demand without costing me $20 a month on standby.

      Back in the day, I used Google App Engine for this. I learned a lot of datastore tricks to get around its poor latency, but I'm lazy and don't want to do that anymore. I'm pretty sure I want a SQL database and full text search. Either sqlite or Postgres would do, but I doubt there's a cheap enough way to run Postgres.

      Litestream looks interesting and so does LiteFS, except that it's pre-1.0 and I don't know what changes fly.io will make that I have to keep up with. If I used Litestream, I'd have to figure out how to run it and where to store the replication logs.

      Edit: one nice-to-have is being able to easily dump the database and run it locally or on another cloud provider. (I don't anticipate it getting so big that it's impractical.)

      47 votes
    22. Self-hosting Tildes?

      Any how to that explains how to selfhost Tildes? I checked gitlab page, but it doesn't explain how? I would love to start a local community in my native language based on Tildes.

      26 votes
    23. What operating system do you run your home servers on?

      I'm going to set up my first home server with an Intel NUC, but I can't decide what OS to use. Ubuntu seems popular but I like Pop!_OS and am not sure if that would be a good option. Then there's...

      I'm going to set up my first home server with an Intel NUC, but I can't decide what OS to use. Ubuntu seems popular but I like Pop!_OS and am not sure if that would be a good option. Then there's TrueNas and Unraid, but as a newbie, what's the best choice?

      I'm also just curious what everyone else is using :)

      Edit: Thank you for your great responses!

      49 votes
    24. What are some fun games you can self-host?

      I have a windows server with some spare capacity that I use to host some games for the community I'm a part of. Currently I host a couple TF2 servers and a wreckfest server. What other games can I...

      I have a windows server with some spare capacity that I use to host some games for the community I'm a part of. Currently I host a couple TF2 servers and a wreckfest server. What other games can I host?

      24 votes
    25. What are you self-hosting currently?

      I recently discovered Paperless-ngx and have immediately fell in love. I must now decide whether to host it on my VPS (risky with personal documents), on a Pi at home or finally invest in a proper...

      I recently discovered Paperless-ngx and have immediately fell in love. I must now decide whether to host it on my VPS (risky with personal documents), on a Pi at home or finally invest in a proper home server (something cheap but with a bit more power than a Pi4). It can totally be run a Pi, but performance may not be as good.

      Does Tildes have a big self-hosted community? What are you self-hosting currently, and what do you enjoy about it?

      52 votes
    26. In which a foolish developer tries DevOps: critique my VPS provisioning script!

      I'm attempting to provision two mirror staging and production environments for a future SaaS application that we're close to launching as a company, and I'd like to get some feedback on the...

      I'm attempting to provision two mirror staging and production environments for a future SaaS application that we're close to launching as a company, and I'd like to get some feedback on the provisioning script I've created that takes a default VPS from our hosting provider, DigitalOcean, and readies it for being a secure hosting environment for our application instance (which runs inside Docker, and persists data to an unrelated managed database).

      I'm sticking with a simple infrastructure architecture at the moment: A single VPS which runs both nginx and the application instance inside a containerised docker service as mentioned earlier. There's no load balancers or server duplication at this point. @Emerald_Knight very kindly provided me in the Tildes Discord with some overall guidance about what to aim for when configuring a server (limit damage as best as possible, limit access when an attack occurs)—so I've tried to be thoughtful and integrate that paradigm where possible (disabling root login, etc).

      I’m not a DevOps or sysadmin-oriented person by trade—I stick to programming most of the time—but this role falls to me as the technical person in this business; so the last few days has been a lot of reading and readying. I’ll run through the provisioning flow step by step. Oh, and for reference, Ubuntu 20.04 LTS.

      First step is self-explanatory.

      #!/bin/sh
      
      # Name of the user to create and grant privileges to.
      USERNAME_OF_ACCOUNT=
      
      sudo apt-get -qq update
      sudo apt install -qq --yes nginx
      sudo systemctl restart nginx
      

      Next, create my sudo user, add them to the groups needed, require a password change on first login, then copy across any provided authorised keys from the root user which you can configure to be seeded to the VPS in the DigitalOcean management console.

      useradd --create-home --shell "/bin/bash" --groups sudo,www-data "${USERNAME_OF_ACCOUNT}"
      passwd --delete $USERNAME_OF_ACCOUNT
      chage --lastday 0 $USERNAME_OF_ACCOUNT
      
      HOME_DIR="$(eval echo ~${USERNAME_OF_ACCOUNT})"
      mkdir --parents "${HOME_DIR}/.ssh"
      cp /root/.ssh/authorized_keys "${HOME_DIR}/.ssh"
      
      chmod 700 ~/.ssh
      chmod 600 ~/.ssh/authorized_keys
      chown --recursive "${USERNAME_OF_ACCOUNT}":"${USERNAME_OF_ACCOUNT}" "${HOME_DIR}/.ssh"

sudo chmod 775 -R /var/www
      sudo chown -R $USERNAME_OF_ACCOUNT /var/www
      rm -rf /var/www/html
      

      Installation of docker, and run it as a service, ensure the created user is added to the docker group.

      sudo apt-get install -qq --yes \
          apt-transport-https \
          ca-certificates \
          curl \
          gnupg-agent \
          software-properties-common
      
      curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
      sudo apt-key fingerprint 0EBFCD88
      
      sudo add-apt-repository --yes \
         "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
         $(lsb_release -cs) \
         stable"
      
      sudo apt-get -qq update
      sudo apt install -qq --yes docker-ce docker-ce-cli containerd.io
      
      # Only add a group if it does not exist
      sudo getent group docker || sudo groupadd docker
      sudo usermod -aG docker $USERNAME_OF_ACCOUNT
      
      # Enable docker
      sudo systemctl enable docker
      
      sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
      sudo chmod +x /usr/local/bin/docker-compose
      sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
      docker-compose --version
      

      Disable root logins and any form of password-based authentication by altering sshd_config.

      sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
      sed -i '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config
      sed -i '/^ChallengeResponseAuthentication/s/yes/no/' /etc/ssh/sshd_config
      

      Configure the firewall and fail2ban.

      sudo ufw default deny incoming
      sudo ufw default allow outgoing
      sudo ufw allow ssh
      sudo ufw allow http
      sudo ufw allow https
      sudo ufw reload
      sudo ufw --force enable && sudo ufw status verbose
      
      sudo apt-get -qq install --yes fail2ban
      sudo systemctl enable fail2ban
      sudo systemctl start fail2ban
      

      Swapfiles.

      sudo fallocate -l 1G /swapfile && ls -lh /swapfile
      sudo chmod 0600 /swapfile && ls -lh /swapfile
      sudo mkswap /swapfile
      sudo swapon /swapfile && sudo swapon --show
      echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
      

      Unattended updates, and restart the ssh daemon.

      sudo apt install -qq unattended-upgrades
      sudo systemctl restart ssh
      

      Some questions

      You can assume these questions are cost-benefit focused, i.e. is it worth my time to investigate this, versus something else that may have better gains given my limited time.

      1. Obviously, any critiques of the above provisioning process are appreciated—both on the micro level of criticising particular lines, or zooming out and saying “well why don’t you do this instead…”. I can’t know what I don’t know.

      2. Is it worth investigating tools such as ss or lynis (https://github.com/CISOfy/lynis) to perform server auditing? I don’t have to meet any compliance requirements at this point.

      3. Do I get any meaningful increase in security by implementing 2FA on login here using google authenticator? As far as I can see, as long as I'm using best practices to actually ssh into our boxes, then the likeliest risk profile for unwanted access probably isn’t via the authentication mechanism I use personally to access my servers.

      4. Am I missing anything here? Beyond the provisioning script itself, I adhere to best practices around storing and generating passwords and ssh keys.

      Some notes and comments

      1. Eventually I'll use the hosting provider's API to spin up and spin down VPS's on the fly via a custom management application, which gives me an opportunity to programmatically execute the provisioning script above and run some over pre- and post-provisioning things, like deployment of the application and so forth.

      2. Usage alerts and monitoring is configured within DigitalOcean's console, and alerts are sent to our business' Slack for me to action as needed. Currently, I’m settling on the following alerts:
        1. Server CPU utilisation greater than 80% for 5 minutes.
        2. Server memory usage greater than 80% for 5 minutes.
        3. I’m also looking at setting up daily fail2ban status alerts if needed.
      9 votes