Configure VPS with details & LAMP

By /
  • Essentials: setup new user & ufw
  • Install LetsEncrypt Free SSL:  LE on ubuntu 24 
    for apache
    for-nginx 
    – (if different ports needed: here or here)
  • Fail2bansudo apt-get install fail2ban
  • Disable journal logs:
    Sometimes, if your VPS has problems, journal logs could occupy whole disk space (95%+).
    journalctl --vacuum-size=100M
    sudo sed -i 's/#SystemMaxUse=/SystemMaxUse=100M/' /etc/systemd/journald.conf
    [ To clear existing cache: (sudo find /var/log/journal -name "*.journal" | xargs sudo rm) && (sudo systemctl restart systemd-journald); others: se.com/how-to-clear-journalctl ]
  • Change default SSH port:
    It’s not requirement, but good thing to change from default 22 to your desired, i.e. 12345:
    – desired_ssh_port=12345
    sudo ufw allow $desired_ssh_port/tcp
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
    sed -i "s/#Port 22/Port $desired_ssh_port/" /etc/ssh/sshd_config
    sudo systemctl disable ssh.socket && sudo systemctl stop ssh.socket && sudo systemctl restart ssh && sudo systemctl enable ssh.socket
    sudo ufw reload  
    ( in rare cases, you might also need to amend: /etc/apache/sites-enabled && /etc/apache2/ports.conf )
  • Docker:
    install docker or here (only if you know docker and want to use it)
  • NodeJS:
    wget -q -O- https://raw.githubusercontent.com/nvm-sh/nvm/master/install.sh | bash
    . ~/.bashrc
    nvm install node
  • PM2: npm install pm2 -g && pm2 update
  • Misc:
    – set start dir: echo "cd /var/www/mydir/" >> ~/.bashrc
    – aliases: echo "alias dcd='docker compose down'" >> ~/.bash_aliases && echo "alias dcu='docker compose up'" >> ~/.bash_aliases && source ~/.bashrc
  • Firewall:
    firewall-on-ubuntu
    configure-firewall-and-change-ssh-port.md
    firewalld instead of ufw (when you use docker!)
  • Simple Disk usage:
    sudo apt install ncdu and anytime just run ncdu
  • Set correct permissions for multiple users
    – to rewrite privileges after uploading files automatically: 
    */10 * * * * sudo chown -R www-data:www-data /var/www
  • Increase timeout for SSH client (instead of default 10):
    nano /etc/ssh/sshd_config –>set  ClientAliveInterval 60   and ClientAliveCountMax 5
  • Find file: find . -type f -name "*John*"
  • Add user through SSh
  • Auto- Restart stopped-service : Github repo 
  • Restrict port to specific IP:
    sudo iptables -A INPUT -p tcp -s YOURRRRRRR_IPPPPPPPPPPP -j ACCEPT
    sudo ufw allow from 123.123.123.123 to any port 22 proto tcp
  • Monitor files/folders changes : 
    inotify-hookable -w path_to_plugin -c "COMMAND_TO_EXECUTE" (i.e. "docker container restart CONTAINER_NAME") 
  • Download & unpack file: 
    wget --no-check-certificate --content-disposition https://codeload.github.com/USER/REPONAME/zip/refs/heads/master -O temp.zip && unzip -o temp.zip -d /var/www/path/folder

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top