public:computers:vps_tips_tricks
This is an old revision of the document!
Table of Contents
VPS Notes
GM4SLV.ORG.UK VPS : New VPS created 6th March 2025
- To separate my personal wiki site from yaddnet.org server
- Wiki backed-up and moved from yaddnet.org to new gm4slv.org.uk VPS
- SSL Certificate replaced to enable HTTPS
GM4SLV.ORG.UK VPS : CANCELLED AND DELETED 9th October 2024
- Wiki functionality easily provided by yaddnet.org VPS
- wiki pages & data transferred to yaddnet.org
- Fasthosts deleted VPS following telephone confirmation
- deletion/cancellation not possible via Control Panel
- telephone call-back needed to confirm
Old information below is for historical information
OS : Debian 10 (Buster) RAM : 0.5GB Network : 400MB SSD : 10GB IP Address : 213.171.209.127 Hostname : gm4slv.org.uk Open Ports : ssh, http, https Domain Name : gm4slv.org.uk Renewal date : 3/4/2024
Access via FastHosts
- browse to https://admin.fasthosts.co.uk/Servers/VPS/1116040162 and login with credentials (email : g…@..p…..)
Installing SSL for HTTPS
Create Certificates
Configure APACHE
Confirm proper security
Browse to https://gm4slv.org.uk
20/04/23 Renew SSL Certificate
- new Signed and CA (intermediate) certificates obtained and installed in /usr/local/ssl
Hardware Upgrade 20/4/23
- Original configuration VPS XS : 500MB RAM and 10GB SSD @ £1 per month (plus VAT)
- Upgrade to VPS S : 1GB RAM and 20GB SSD @ £3 per month (plus VAT)
- VPS rebooted for upgrade
- RAM seems to have increased to 1GB but reported 'df -h' still shows 7.5GB total for / and 1.9GB for Swap. This is only 10GB.
- Perhaps more time is needed for VM to catch up and expand the Virtual Hard Drive?
- Gotcha…. the Virtual Drive was increased to 20GB, but not the partition or the filesystem… the only way to get a full 20GB was to “rebuild” the VPS….
- took a backup of the dokuwiki files (rsync mirrored them to shack PC). Hit “Rebuild” and built a new VPS. Applied for replacement SSL keys (had to make a new CSR/KEY first)…
- Used rsync to send back the dokuwiki files (from the shack PC mirror)
- set up Apache2 to use the new SSL certificates…
- VPS is now rebuilt and all wiki files restored & Apache2 uses HTTPS.
Debian Upgrade 15/2/24
- Upgraded from Buster (10) → Bullseye (11)
- Upgraded Dokuwiki (this needed PHP7.4 from Buster, which is why the Debian upgrade was necessary) to the newest version (Release 2024-02-06a “Kaos”)
- Upgraded from Bullseye (11) → Bookwork (12) - might as well get to
STABLE
Debian Upgrade 16/2/24
- Upgraded to Trixie (testing)
gm4slv@gm4slv:~$ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux trixie/sid Release: n/a Codename: trixie
deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian trixie main contrib non-free non-free-firmware #deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware #deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb http://deb.debian.org/debian-security trixie-security main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
- Dokuwiki still working correctly with latest versions of Apache and PHP
gm4slv@gm4slv:~$ php --version PHP 8.2.12 (cli) (built: Jan 8 2024 06:21:20) (NTS) Copyright (c) The PHP Group Zend Engine v4.2.12, Copyright (c) Zend Technologies with Zend OPcache v8.2.12, Copyright (c), by Zend Technologies
2024 gm4slv.org.uk domain renewed
- 03/04/24 Domain Name auto-renewed for 2 years until April 2026
- 04/04/24 SSL Certificate auto-renewed for 1 year until May 2025
04/04/24 : Install Renewed SSL Certificate
- SSL Certificates Auto Renewed by Fasthosts
- download new certificates from Fasthosts control panel:
- New “Certificate” downloaded and renamed “signed.crt”
- New “Intermediate Certificate” downloaded and renamed “ca.pem”
- copied both → VPS $HOME dir via SCP
- On VPS →
- copied current /usr/local/ssl/ca.pem → ca_old.pem
- copied current /usr/local/ssl/signed.crt → signed_old.crt
- copied new ca.pem from $HOME to /usr/local/ssl/ca.pem
- copied new signed.crt from $HOME to /usr/local/ssl/signed.crt
- restarted apache
sudo service apache2 restart
- check new valid certificate now in use in web browser
- Validity Issued on & Expires on dates now show new certificate is in use
06/04/25 : Renew SSL certificate
- Same procedure as above
- Download “Certificate” →
signed.crt - Download “Intermediate Certificate” → ca.pem
* Upload via WinSCP to VPS * Copy old/usr/local/ssl/signed.crt→signed.crt.old* Copy old/usr/local/ssl/ca.pem→ca.pem.old* Copy new files into/usr/local/ssl* Restart Apache * There were 2 “Intermediate Certificate” for download from Fast Hosts… * I downloaded both, but it appears I've already download one of them (when I created the new VPS last month) * I used the “new” Intermediate Certificate (the one that hadn't been previously downloaded) ===== New VPS : March 2025 ===== * New VPS 1 obtained at Fasthosts <code> Type:Virtual Machine Size:vps 1 2 60 Cpu:1 vCore RAM:2 GB Disk:60 GB NVMe SSD </code> <code> Distributor ID: Ubuntu Description: Ubuntu 24.04.1 LTS Release: 24.04 Codename: noble </code> * Installed PHP and Apache2 <code bash> gm4slv@gm4slv:~ $ php –version PHP 8.3.6 (cli) (built: Dec 2 2024 12:36:18) (NTS) Copyright © The PHP Group Zend Engine v4.3.6, Copyright © Zend Technologies with Zend OPcache v8.3.6, Copyright ©, by Zend Technologies </code> * configured SSL per previous method SSL Install on VPS * changed SSH port from default 22 to a new port, changed VPS firewall to suit new SSH port * Ubunto OS brought up to date:sudo apt-get updateandsudo apt-get upgradeandsudo apt-get dist-upgrade===== Dokuwiki Security ===== * previous installations used .htaccess to prevent web access to data/conf/lib/bin etc. directories * this time I decided not to use .htaccess but to follow the alternative instructions in https://www.dokuwiki.org/security to use LocationMatch ==== LocationMatch method ==== Apache is told which directories (data, conf, bin, inc, vendor) to make private. The downside is that this configuration might need altering if new directories are added duringdokuwikiupgrades. add to/etc/apache2/apache2.conf<code apache> <LocationMatch “/(data|conf|bin|inc|vendor)/”> Order allow,deny Deny from all Satisfy All </LocationMatch> </code>sudo service apache2 restart==== .htaccess method ==== the secured directories indokuwikihave suitable .htaccess files already. Apache needs to betold to allow them to alter behaviour <code apache>AllowOverride All</code> add to/etc/apache2/apache2.conf<code apache> <Directory /var/www/html> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> </code>sudo service apache2 restart===== SSH Security ===== * Configuredsshdto disallow password-logins and only accept public-key authentication * be careful to check the files in/etc/ssh/sshd_conf.dfor hidden config options! * uploaded public keys from * Puttygen for putty on laptop * ConnectBot app on phone * saved both in~/.ssh/authorized_keys'' * now only logins with a valid public key will succeed. * In the event of a loss of the public keys it's still possible to gain access via Fasthosts account dashboard * → then reconfigure sshd to accept password logins again until new keys can be uploaded. Page Updated : 06/04/25 06:53 BST
public/computers/vps_tips_tricks.1743918820.txt.gz · Last modified: by john