How to set up a webserver: Unterschied zwischen den Versionen

Aus hyperdramatik
Zur Navigation springen Zur Suche springen
Zeile 198: Zeile 198:


==install mosquitto MQTT on your Linode and secure it==
==install mosquitto MQTT on your Linode and secure it==
Sometimes it could be quite handy to have a MQTT broker on the internet and not local. But it is important to secure it.
To install the MQTT Broker on your linode go in to your SSH session and type:
sudo apt-get install mosquitto

Version vom 9. Februar 2021, 10:01 Uhr

What do you need?

  • an account at Linode
  • a credit card to pay for linode - it is about 7 Euro a month not for free
  • the freeware mobaXterm if you are on windows, cyberduck if mac
  • a bit of pactience

first easy steps

1. make a linode account

2. download mobaXterm/cyperduck and install

rent the linode and set up a environment to interact with it

Login in to your Linode account and hit the create button

For testing purposes start with the Nanode for 5$ - if you need something more beefy feel free to rent a more expensive linode.

Choose Debian 10 as operating system and as Region Frankfurt or the region that makes sense for you.

Give it a name and go through the process, remember your password.

Congrats, you are renting a tiny bit of a computer in Frankfurt.

So now we have to learn to make it secure and communicate with our rented beauty.

You need the IP-Address of your Linode. If you click in the browser on Linodes and than on its name you should see an overview. If you choose Frankfurt as a region the IP should start with 172.

So open mobaXterm it is the tool we will access our server with.

Create a new session and hit the SSH button.

Enter your IP as Remote Host and root as username and then ok.

And now enter your root password.

You are logged in to the console of your linode.

First things first update and upgrade your server, type:

sudo apt-get update

And hit Enter, then:

sudo apt-get upgrade


Then create a new user by typing this command

adduser bernadette

for this example I will call the new user bernadette just replace her for your favorite name could be yours:

And hit enter

Choose a password and enter it twice. You don´t need to give your user any more informations just hit enter four times

Now we make Bernadette to a superuser with all rights to interact with this command.

adduser bernadette sudo


Ok now you could close the session and make a new SSH Session this time you use the same IP for Remote host but for user you use bernadette and than your newly created password.

So now things get a bit more complicated but mobaXterm is your friend.

We have to create a key for login. So that just we from our computer could access our linode.

In mobaXTerm go to tools and then SSH Key Generator. Hit Generate and then give it a key passphrase(basically a password). Save the private key to a location on your pc. It is important if this file gets lost after this setup you have to set up your linode again from the beginning.

DON’T close the key generator window after you saved your private key.

Go back to the session window and type this command.

mkdir ~/.ssh; nano ~/.ssh/authorized_keys

Then you are in a file named “authorized_keys” where you could copie the long public key into. With Copy and paste. If paste is not working try to left click with your mouse. Make sure the key is in one long line. Press CTRL+X, then Y, then Enter to save the file.

Type this command to set the right boundaries for your newly created file:

sudo chmod -R 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys


Now open up a new SSH Session with your IP as Remote Server. Bernadette or your name as User but don't hit ok just yet. Click on advanced SSH and load the private key file in.

Hit ok and type your passphrase. Now you should be at the beginning but much more complicated.

So after we established this complicated connection we have to close the easy ones to make our Server a fortress so if the last step failed try it again it has to be possible otherwise you might not be able to log into your server.

Type this command and you will open up your sshd config file where you could close any other connection besides the one with your key.

sudo nano /etc/ssh/sshd_config

If you are in that file please change this line

PermitRootLogin yes

to

PermitRootLogin no

And this:

#PasswordAuthentication yes 

to

PasswordAuthentication no

The last line should change its color because we uncommented it by erasing the hashtag

Then we have to restart our SSH program by entering this command:

sudo systemctl restart sshd

If you have a mac just follow the video tutorial on this website.

Install a Firewall on your Linode

Login in to your Linode and type this command:

sudo apt-get install ufw

Then run this two commands:

sudo ufw default allow outgoing
sudo ufw default deny incoming

So we deny all incoming connections to login to our Linode. We need the port 22 for SSH and 21 for FTP and 1883 for MQTT and 7777 and 77778 for Unity Multiuser.

So lets add rules by entering these commands:

sudo ufw allow 21
sudo ufw allow 22
sudo ufw allow 1883
sudo ufw allow 7777
sudo ufw allow 7778

And type:

sudo ufw status

If this shows you inactive you have to enter:

sudo ufw enable


Ok your firewall is ready and your server is secure.

transfer and run your unity server build

First step is to install tmux

sudo apt-get install tmux

Then we will have another session on mobaXterm not a ssh. This time we will upload our unity server build to our Linode server so we need a secure file transfer protocol session sftp

Remote host u guest it your Linodes IP and as user bernadette or your name and then advanced sftp here you could choose your private key file again and hit ok.

You should see a folder structure.

Left side is your home computer right the Linode you should see some gray files on your Linode that you can ignore.

Here you can upload your linux server build from unity.

Afterwards go back to your ssh session and maneuver into your build file with

cd ./bernadetteUnityServerBuild

Then type and hit enter:

ls

Now you could see all files in your file and there should be a myproject.x86_64 file. If so we need to make it executable via:

sudo chmod +x myproject.x86_64

Now we could run our program via tmux

Just type:

sudo tmux

Than you are in the tmux environment and you have to start the program

sudo myproject.x86_64 -nographics

So something should happen and your unity server is now up and running.

If you log out of your linode the program doesn´t stop.

If you want to upload a new server build you have to stop your server by closing all tmux session on your linode with:

sudo tmux kill-server

And upload your new build and make it executable and start tmux and start it.

install mosquitto MQTT on your Linode and secure it

Sometimes it could be quite handy to have a MQTT broker on the internet and not local. But it is important to secure it.

To install the MQTT Broker on your linode go in to your SSH session and type:

sudo apt-get install mosquitto