Setting up VPC for deployment

In this tutorial, we will learn how to set up a VPC for deployment.

Server Selection

The first step is to choose a server provider. There are many cloud providers available, such as AWS, Google Cloud, Azure, DigitalOcean, Linode, etc. Choose the one that best suits your needs. The plan will determine the number of servers you can create, the amount of storage space available, and the price per month.

Server Configuration

1. Choose an operating system: Most cloud providers offer a variety of operating systems, such as Ubuntu, CentOS, Debian, etc. Choose the one that best suits your needs.
2. Choose a server size: The server size determines the amount of RAM, CPU, and storage space available. Choose the one that best suits your needs.
3. Configure the network settings:

   Set up the network settings, such as IP address, subnet mask, and gateway, to ensure that the server can communicate with other devices on the network.

4. Install any necessary software:

   Install any necessary software packages, such as web servers, database servers, or development tools, on the server.

Get an account on any cloud provider

We will use Linode as our cloud provider. Linode is a cloud hosting provider that offers a wide range of virtual private servers (VPS) with varying configurations and prices. It is a popular choice for hosting web applications and other types of software.

Once the account is created, you can choose the plan that best suits your needs. The plan will determine the number of servers you can create, the amount of storage space available, and the price per month.

Once the machine is created and up and running, you can connect to it using your terminal. In my case I am using wsl terminal. You can use ssh to connect to your machine and manage it remotely.

ssh root@<IP_Address>

Now we are inside our machine and we can start installing the necessary packages and software but before that let's upgrade our system.

apt update
apt upgrade
apt autoremove

Always run the apt upgrade command before apt autoremove to ensure that you have the latest packages available.

Change password (optional)

Although most cloud providers offer a way to change the password of your machine directly from the control panel but in case you want to do it manually, you can use the following command:

passwd

This will prompt you to enter your current password and then you will be prompted to enter a new password. Once you have entered the new password, you will be prompted to confirm it. After that, the password will be changed.

Add Non-Root user

To add a non-root user, you can use the following command:

useradd -m -s /bin/bash <username>

This will create a new user with the specified username and you can check the groups of the user using the groups command. After that, you can add the user to the sudoers group using the following command:

usermod -aG sudo <username>

This will add the user to the sudoers group, giving them the ability to run commands with sudo privileges. Now let's create a password for the user:

sudo passwd <username>

This will prompt you to enter a new password for the user. After that, you can log in as the user using the following command:

ssh <username>@<IP_Address>

Finally logged in as the user.

Connect to the server using SSH

Setting up SSH key on your machine is fairly easy and you need to do it once. You can generate it once as your ssh-keygen identification and then you can use it to connect to the server. Here is a link to the official documentation on how to generate SSH key for Linux and MacOS.

Here are some simple steps to follow:

ssh-keygen -t ed25519 -C "your_email@example.com"

To view the public key:

cat ~/.ssh/id_ed25519.pub

Once you have generated the SSH keys, you can add them to your server using the following command (assuming you have copied the public key to your clipboard):

On your server, run the following command to copy the public key to the server. Create a new directory called .ssh in your home directory if it doesn't already exist. Then create a new file called authorized_keys in the .ssh directory and paste the public key into the file.

cp ~/.ssh/id_ed25519.pub ~/.ssh/authorized_keys

To add it to the ssh utility:

ssh-add ~/.ssh/id_ed25519

Disable password login

After this, no one will be able to log in to your server using the username and password. Be careful with this.

sudo nano /etc/ssh/sshd_config

Open the file in nano editor and search for PasswordAuthentication and change it to no. Optionally, you can also change the PermitRootLogin to no to prevent root user from logging in.

Now, restart the ssh service using the following command:

sudo service ssh restart

Firewall Configuration

You can install firewall packages to protect your server from external attacks. In my case I will use ufw (Uncomplicated Firewall) that I can easily configure from the control panel. Some people prefer to use firewalld which is a simple and easy to use firewall.

To install ufw, run the following command:

sudo apt install ufw

Once the package is installed, you can configure the firewall using the following command:

sudo ufw status

This will show the current status of the firewall. To enable the firewall, run the following command:

sudo ufw enable

This will enable the firewall and allow all incoming and outgoing traffic. To allow incoming traffic on a specific port, run the following command:

sudo ufw allow <port>

For example, to allow incoming traffic on port 22, run the following command:

sudo ufw allow 22

To allow incoming traffic on multiple ports, run the following command:

sudo ufw allow <port1>/<protocol>,<port2>/<protocol>

For example, to allow incoming traffic on ports 22, 80, and 443, run the following command:

sudo ufw allow 22,80,443

Summary

In this tutorial, we have learned how to set up a server for hosting. We have covered topics such as server selection, server configuration, and server hardening.