Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to purchase and configure Linode VPS hosts". Many people will encounter such a dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Purchase

Because my main consideration is not the price, but the performance and stability of the host, and whether there is a backup mechanism, the stability of Linode is good, and you can back up the entire host with a fee of 25%, so I chose Linode's VPS. The following is my record of the process of registering and purchasing VPS in Linode.

STEP 1

First, go to the official website of Linode and fill in your E-mail, account name and password of your choice.

After filling in and sending it out, Linode will first send a confirmation letter to his E-mail mailbox.

STEP 2

Check your E-mail mailbox and click the confirmation link above.

STEP 3

After clicking the confirmation link in E-mail, the registration information filling page will be opened.

In addition to filling in the basic information here, you also need to enter the pre-stored value of the credit card. As for the discount code, you can search for "linode promo code" on the Internet.

STEP 4

After the registration is completed, you can immediately set up the VPS host. There are various levels of solutions on Linode. At the beginning, you can choose the most basic "Linode 1024". The monthly fee is US $10.

Linode has several data centers around the world, you can choose the location you want, if it is a general Chinese website, the service is mainly in East Asia, you can choose the Singapore data Center, which was just established in April this year.

The data center in Tokyo, Japan, is currently unable to provide new hosts because the mainframe is sold out. Linode is building a second Japanese data center. Interested people can follow Linode's blog.

STEP 5

After you have established a virtual host, click it to enter the management interface.

STEP 6

Click "Deploy an Image" to install the system.

STEP 7

Select the Linux distribution and specify the configuration of the hard disk space and the password of the root manager.

STEP 8

After installation, click "Boot" to boot.

STEP 9

From the "Remote Access" tab, you can see the IP information of the server, as well as a variety of remote login methods.

You can log in using traditional SSH, or use the Console Access feature provided by Linode. I feel that its "Lish via Ajaxterm" is very easy to use, as long as you click "Launch Lish Ajax Console" from the web page, there will be such a console, there is no need to install anything at all.

This way of logging in from console is completely different from SSH login (although it looks very similar). The best thing about it is that it does not come out through the host network, so it will not be affected by the host firewall. This is very useful when changing firewall settings, and managers do not have to worry about setting the wrong firewall rules to keep themselves out.

Linode also provides simple statistical charts of CPU usage, network traffic and hard disk IO, which are automatically generated by Linode and do not affect the operation of the host, and certainly do not need to be installed.

Basic settings of Ubuntu

Here are some basic security settings that Linode VPS needs to make immediately after installing the Ubuntu Linux system.

After buying a Linux VPS virtual dedicated host, it takes only a few mouse clicks and a few seconds to install a Ubuntu Linux system, but there are a lot of security settings that have to be handled on your own. here are the steps to teach you how to set them.

1. Update system Suite

After installing Ubuntu Linux, the first thing to do is to update the system suite:

The code is as follows:

Sudo apt-get update

Sudo apt-get upgrade

two。 Host name and FQDN

Host name (hostname) can be taken at will, it has no direct relationship with the URL and E-mail address, the names of each host can not be repeated, some people like to use the names of planets, animals or great people, you can think of a favorite name, but please avoid using names such as www that are too general.

Ubuntu Linux can change the host name by the following instructions:

The code is as follows:

Echo "einstein" > / etc/hostname

Hostname-F / etc/hostname

This sets the host name to einstein.

Then edit / etc/hosts and set FQDN (fully qualified domain name). Assuming that our host name is einstein, the network function variable name (domain name) is gtwang.org,FQDN, and the external IP address of the host is 12.34.56.78, set / etc/hosts to:

The code is as follows:

127.0.0.1 localhost.localdomain localhost

12.34.56.78 einstein.gtwang.org einstein

If you use IPv6, add it along with the address of IPv6:

The code is as follows:

127.0.0.1 localhost.localdomain localhost

12.34.56.78 einstein.gtwang.org einstein

2600:3c01::a123:b456:c789:d012 einstein.gtwang.org einstein

The correspondence between the IP address and FQDN set here must be consistent with the A record of DNS. If IPv6 is used, there must also be a corresponding AAAA record on the DNS server.

3. Time zone

Adjusting the time zone (timezone) to your own time zone makes the time stamp on the system log look more intuitive.

The Linux time zone preset for Linode uses Greenwich mean time (UTC). We can use the following instructions to change the time zone setting:

The code is as follows:

Dpkg-reconfigure tzdata

After the change is complete, confirm it with date:

The code is as follows:

Date

See if the output time is correct.

4. New users

The Ubuntu Linux just installed on Linode is logged in directly with root, and there is no general user account, but if all actions are operated using root, it will bring great risk to the system. Usually, we will log in with a general account and switch to root permission if necessary, so as to avoid accidents such as giving wrong instructions.

Add a new user under Ubuntu Linux:

The code is as follows:

Adduser myuser

Add the user myuser to the sudo group:

The code is as follows:

Usermod-a-G sudo myuser

Once this is set up, log in with this account as SSH:

The code is as follows:

Ssh myuser@12.34.56.78

Then test to see if you can use sudo:

The code is as follows:

Sudo su

If you can get root permission, it means no problem.

5.SSH key authentication login

SSH public key authentication can greatly increase the security of the server. We can use ssh-keygen to generate the key in our computer, and then put the public key into the server:

The code is as follows:

Ssh-keygen

Scp ~ / .ssh/id_rsa.pub myuser@12.34.56.78:

Then go to the server, create a .ssh directory, and place the public key in .ssh / authorized_keys:

The code is as follows:

Mkdir .ssh

Mv id_rsa.pub .ssh / authorized_keys

Set file permissions:

The code is as follows:

Chown-R myuser:myuser .ssh

Chmod 700 .ssh

Chmod 600 .ssh / authorized_keys

Once set up, remember to test whether the user myuser can log in to SSH without a password.

6. Disable SSH password login

Edit / etc/ssh/sshd_config and turn off the password login function:

The code is as follows:

PasswordAuthentication no

Also disable root login:

The code is as follows:

PermitRootLogin no

Restart the SSH server:

The code is as follows:

Sudo service ssh restart

7. Firewalls

I am used to using ufw to set the firewall:

The code is as follows:

Sudo ufw enable

Sudo ufw allow ssh

Sudo ufw allow http/tcp

Sudo ufw allow https/tcp

Ufw allow from 12.34.0.0/16

The ports of SSH, HTTP and HTTPS are opened here, and all connections are opened to the 12.34.0.0Universe 16 subdomain for development and testing.

8.Fail2Ban

Fail2Ban can be used to block some malicious attacks from the network. When it detects that an IP from the network is constantly trying to invade the system, it will establish a temporary firewall rule to block the attacker's IP. Fail2Ban can be installed with the following instructions:

The code is as follows:

Sudo apt-get install fail2ban

After installation, the Fail2Ban default will only monitor the SSH. If you want to change the settings, you can write your own settings in the / etc/fail2ban/jail.local configuration file. In this file, we can also set the time to block IP (maxretry) after several login failures are detected, and the length of time (bantime) to block IP each time. After changing the settings, remember to restart Fail2Ban:

Service fail2ban restart

This is the end of "how to purchase and configure Linode VPS hosts". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.