How to set up a webserver: Unterschied zwischen den Versionen

Aus hyperdramatik
Zur Navigation springen Zur Suche springen
Keine Bearbeitungszusammenfassung
 
(7 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 9: Zeile 9:


1. make a linode account
1. make a linode account
2. download mobaXterm/cyperduck and install
2. download mobaXterm/cyperduck and install


==rent the linode and set up a environment to interact with it==
==rent the linode and set up a environment to interact with it==
Login in to your Linode account and hit the create button
Login in to your Linode account and hit the create button
For testing purposes start with the Nanode for 5$ - if you need something more beefy feel free to rent a more expensive linode.
For testing purposes start with the Nanode for 5$ - if you need something more beefy feel free to rent a more expensive linode.
Choose Debian 10 as operating system and as Region Frankfurt or the region that makes sense for you.
Choose Debian 10 as operating system and as Region Frankfurt or the region that makes sense for you.
Give it a name and go through the process, remember your password.
Give it a name and go through the process, remember your password.
Congrats, you are renting a tiny bit of a computer in Frankfurt.
Congrats, you are renting a tiny bit of a computer in Frankfurt.
So now we have to learn to make it secure and communicate with our rented beauty.
So now we have to learn to make it secure and communicate with our rented beauty.
You need the IP-Address of your Linode. If you click in the browser on Linodes and than on its name you should see an overview. If you choose Frankfurt as a region the IP should start with 172.
You need the IP-Address of your Linode. If you click in the browser on Linodes and than on its name you should see an overview. If you choose Frankfurt as a region the IP should start with 172.
So open mobaXterm it is the tool we will access our server with.
So open mobaXterm it is the tool we will access our server with.
Create a new session and hit the SSH button.  
Create a new session and hit the SSH button.  
Enter your IP as Remote Host and root as username and then ok.
Enter your IP as Remote Host and root as username and then ok.
And now enter your root password.
And now enter your root password.
You are logged in to the console of your linode.
You are logged in to the console of your linode.
First things first update and upgrade your server, type:
sudo apt-get update
And hit Enter, then:
sudo apt-get upgrade


Then create a new user by typing this command  
Then create a new user by typing this command  
Zeile 32: Zeile 53:


And hit enter
And hit enter
Choose a password and enter it twice. You don´t need to give your user any more informations just hit enter four times
Choose a password and enter it twice. You don´t need to give your user any more informations just hit enter four times


Zeile 87: Zeile 109:


  sudo systemctl restart sshd
  sudo systemctl restart sshd
If you have a mac just follow the video tutorial on this [https://www.linode.com/docs/guides/securing-your-server/, website].
==Install a Firewall on your Linode==
Login in to your Linode and type this command:
sudo apt-get install ufw
Then run this two commands:
sudo ufw default allow outgoing
sudo ufw default deny incoming
So we deny all incoming connections to login to our Linode. We need the port 22 for SSH and 21 for FTP and 1883 for MQTT and 7777 and 77778 for Unity Multiuser.
So lets add rules by entering these commands:
sudo ufw allow 21
sudo ufw allow 22
sudo ufw allow 1883
sudo ufw allow 7777
sudo ufw allow 7778
And type:
sudo ufw status
If this shows you inactive you have to enter:
sudo ufw enable
Ok your firewall is ready and your server is secure.
==transfer and run your unity server build ==
First step is to install tmux
sudo apt-get install tmux
Then we will have another session on mobaXterm not a ssh. This time we will upload our unity server build to our Linode server so we need a secure file transfer protocol session sftp
Remote host u guest it your Linodes IP and as user bernadette or your name and then advanced sftp here you could choose your private key file again and hit ok.
You should see a folder structure.
Left side is your home computer right the Linode you should see some gray files on your Linode that you can ignore.
Here you can upload your linux server build from unity.
Afterwards go back to your ssh session and maneuver into your build file with
cd ./bernadetteUnityServerBuild
Then type and hit enter:
ls
Now you could see all files in your file and there should be a myproject.x86_64 file.
If so we need to make it executable via:
sudo chmod +x myproject.x86_64
Now we could run our program via tmux
Just type:
sudo tmux
Than you are in the tmux environment and you have to start the program
sudo myproject.x86_64 -nographics
So something should happen and your unity server is now up and running.
If you log out of your linode the program doesn´t stop.
If you want to upload a new server build you have to stop your server by closing all tmux session on your linode with:
sudo tmux kill-server
And upload your new build and make it executable and start tmux and start it.
==install mosquitto MQTT on your Linode and secure it==
Sometimes it could be quite handy to have a MQTT broker on the internet and not local. But it is important to secure it.
To install the MQTT Broker on your linode go in to your SSH session and type:
sudo apt-get install mosquitto
So now we secure our broker with a password and user, bernadette could be exchanged for your username
sudo mosquitto_passwd -c /etc/mosquitto/passwd bernadette
This command creates a password file now we have to create a file that points to this password file with this command:
sudo nano /etc/mosquitto/conf.d/default.conf
Now you are in textedit mode again and you should write this two lines in the file:
allow_anonymous false
password_file /etc/mosquitto/passwd
Ok now we have to restart our broker:
sudo systemctl restart mosquitto
Ok we are ready to test you could connect with a tool like [http://workswithweb.com/mqttbox.html, MQTTBox].

Aktuelle Version vom 9. Februar 2021, 10:11 Uhr

What do you need?

  • an account at Linode
  • a credit card to pay for linode - it is about 7 Euro a month not for free
  • the freeware mobaXterm if you are on windows, cyberduck if mac
  • a bit of pactience

first easy steps

1. make a linode account

2. download mobaXterm/cyperduck and install

rent the linode and set up a environment to interact with it

Login in to your Linode account and hit the create button

For testing purposes start with the Nanode for 5$ - if you need something more beefy feel free to rent a more expensive linode.

Choose Debian 10 as operating system and as Region Frankfurt or the region that makes sense for you.

Give it a name and go through the process, remember your password.

Congrats, you are renting a tiny bit of a computer in Frankfurt.

So now we have to learn to make it secure and communicate with our rented beauty.

You need the IP-Address of your Linode. If you click in the browser on Linodes and than on its name you should see an overview. If you choose Frankfurt as a region the IP should start with 172.

So open mobaXterm it is the tool we will access our server with.

Create a new session and hit the SSH button.

Enter your IP as Remote Host and root as username and then ok.

And now enter your root password.

You are logged in to the console of your linode.

First things first update and upgrade your server, type:

sudo apt-get update

And hit Enter, then:

sudo apt-get upgrade


Then create a new user by typing this command

adduser bernadette

for this example I will call the new user bernadette just replace her for your favorite name could be yours:

And hit enter

Choose a password and enter it twice. You don´t need to give your user any more informations just hit enter four times

Now we make Bernadette to a superuser with all rights to interact with this command.

adduser bernadette sudo


Ok now you could close the session and make a new SSH Session this time you use the same IP for Remote host but for user you use bernadette and than your newly created password.

So now things get a bit more complicated but mobaXterm is your friend.

We have to create a key for login. So that just we from our computer could access our linode.

In mobaXTerm go to tools and then SSH Key Generator. Hit Generate and then give it a key passphrase(basically a password). Save the private key to a location on your pc. It is important if this file gets lost after this setup you have to set up your linode again from the beginning.

DON’T close the key generator window after you saved your private key.

Go back to the session window and type this command.

mkdir ~/.ssh; nano ~/.ssh/authorized_keys

Then you are in a file named “authorized_keys” where you could copie the long public key into. With Copy and paste. If paste is not working try to left click with your mouse. Make sure the key is in one long line. Press CTRL+X, then Y, then Enter to save the file.

Type this command to set the right boundaries for your newly created file:

sudo chmod -R 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys


Now open up a new SSH Session with your IP as Remote Server. Bernadette or your name as User but don't hit ok just yet. Click on advanced SSH and load the private key file in.

Hit ok and type your passphrase. Now you should be at the beginning but much more complicated.

So after we established this complicated connection we have to close the easy ones to make our Server a fortress so if the last step failed try it again it has to be possible otherwise you might not be able to log into your server.

Type this command and you will open up your sshd config file where you could close any other connection besides the one with your key.

sudo nano /etc/ssh/sshd_config

If you are in that file please change this line

PermitRootLogin yes

to

PermitRootLogin no

And this:

#PasswordAuthentication yes 

to

PasswordAuthentication no

The last line should change its color because we uncommented it by erasing the hashtag

Then we have to restart our SSH program by entering this command:

sudo systemctl restart sshd

If you have a mac just follow the video tutorial on this website.

Install a Firewall on your Linode

Login in to your Linode and type this command:

sudo apt-get install ufw

Then run this two commands:

sudo ufw default allow outgoing
sudo ufw default deny incoming

So we deny all incoming connections to login to our Linode. We need the port 22 for SSH and 21 for FTP and 1883 for MQTT and 7777 and 77778 for Unity Multiuser.

So lets add rules by entering these commands:

sudo ufw allow 21
sudo ufw allow 22
sudo ufw allow 1883
sudo ufw allow 7777
sudo ufw allow 7778

And type:

sudo ufw status

If this shows you inactive you have to enter:

sudo ufw enable


Ok your firewall is ready and your server is secure.

transfer and run your unity server build

First step is to install tmux

sudo apt-get install tmux

Then we will have another session on mobaXterm not a ssh. This time we will upload our unity server build to our Linode server so we need a secure file transfer protocol session sftp

Remote host u guest it your Linodes IP and as user bernadette or your name and then advanced sftp here you could choose your private key file again and hit ok.

You should see a folder structure.

Left side is your home computer right the Linode you should see some gray files on your Linode that you can ignore.

Here you can upload your linux server build from unity.

Afterwards go back to your ssh session and maneuver into your build file with

cd ./bernadetteUnityServerBuild

Then type and hit enter:

ls

Now you could see all files in your file and there should be a myproject.x86_64 file. If so we need to make it executable via:

sudo chmod +x myproject.x86_64

Now we could run our program via tmux

Just type:

sudo tmux

Than you are in the tmux environment and you have to start the program

sudo myproject.x86_64 -nographics

So something should happen and your unity server is now up and running.

If you log out of your linode the program doesn´t stop.

If you want to upload a new server build you have to stop your server by closing all tmux session on your linode with:

sudo tmux kill-server

And upload your new build and make it executable and start tmux and start it.

install mosquitto MQTT on your Linode and secure it

Sometimes it could be quite handy to have a MQTT broker on the internet and not local. But it is important to secure it.

To install the MQTT Broker on your linode go in to your SSH session and type:

sudo apt-get install mosquitto

So now we secure our broker with a password and user, bernadette could be exchanged for your username

sudo mosquitto_passwd -c /etc/mosquitto/passwd bernadette

This command creates a password file now we have to create a file that points to this password file with this command:

sudo nano /etc/mosquitto/conf.d/default.conf

Now you are in textedit mode again and you should write this two lines in the file:

allow_anonymous false
password_file /etc/mosquitto/passwd

Ok now we have to restart our broker:

sudo systemctl restart mosquitto

Ok we are ready to test you could connect with a tool like MQTTBox.