1. Recommended Evoxt VPS Plan

• Consistent VPS performance
• Sufficient memory for AI workloads
• Stable environment for long‑running services

2. System Preparation

Update your system

# AlmaLinux / Rocky Linux
sudo dnf update -y

# Ubuntu
sudo apt update && sudo apt upgrade -y

Install required system packages

sudo dnf install -y libatomic tar python3 cmake # RHEL-based (AlmaLinux / Rocky / RHEL)
sudo dnf groupinstall -y "Development Tools" # RHEL-based (AlmaLinux / Rocky / RHEL)
sudo apt install -y libatomic1 build-essential tar python3 cmake #Debian/Ubuntu

3. Install OpenClaw on Evoxt VPS

curl -fsSL https://openclaw.ai/install.sh | bash

4. OpenClaw Onboarding Process

a) Onboarding Mode

• Quick Start (Recommended for beginners)
• Manual Configuration (Advanced users)

b) Select the AI Model

1. Visit Google AI Studio
2. Generate a Gemini API key
3. Paste the key into the terminal when prompted

c) Select the Chat Interface Channel

• Telegram
• WhatsApp
• Discord

d) Setting Up Skills

• Select Yes to enable skills
• Choose npm as the preferred Node manager

• Press the spacebar to select Skip for now
• Press Enter to continue

e) Configure Additional API Keys

f) Enable Hooks

• boot-md (Run Boot.md at startup)
• command-logger (Centralized command logging)
• session-memory (Session context saving)

5. How to Run OpenClaw

Hatch Mode (Recommended)

• Use the AI bot directly in a GUI‑style interface, or
• Launch the OpenClaw Web UI for browser‑based interaction

6. Access OpenClaw Web GUI via SSH Tunnel

ssh -N -L 18789:127.0.0.1:18789 root@YOUR_SERVER_IP

7. OpenClaw Commands & Documentation

openclaw help

• Complete CLI references
• Web UI guides
• API integration examples
• Advanced configuration options

Security Best Practices for OpenClaw on Evoxt VPS

• Create a dedicated non‑root user to run OpenClaw
• Avoid mixing sensitive system files with OpenClaw‑managed directories
• Grant minimal permissions to the AI agent
• Avoid connecting OpenClaw to public or unmoderated shared chat groups
• Keep your VPS updated regularly
• Secure SSH access (disable password login if possible)

Quick Commands

sudo dnf install -y libatomic tar python3 cmake # RHEL-based (AlmaLinux / Rocky / RHEL) 
sudo dnf groupinstall -y "Development Tools"# RHEL-based (AlmaLinux / Rocky / RHEL) 
sudo apt install -y libatomic1 build-essential tar python3 cmake #Debian/Ubuntu
curl -fsSL https://openclaw.ai/install.sh | bash

Conclusion

The post How to Install OpenClaw on Evoxt VPS appeared first on Evoxt.

Step 1: Create the Startup Script

sudo nano /usr/local/bin/startup.sh

#!/bin/bash
echo "Startup script executed at $(date)"
# Add your startup commands below

sudo chmod +x /usr/local/bin/startup.sh

• Always use the full path to your script (e.g. /usr/local/bin/startup.sh).
• Store your script in /usr/local/bin for easy access.
• Make sure the script is executable using chmod +x.

Step 2: Create a systemd Service

sudo nano /etc/systemd/system/startup.service

[Unit]
Description=Run startup script at boot
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/local/bin/startup.sh
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl enable --now startup.service

Step 3: Add a Shutdown Script (Optional)

[Service]
ExecStop=/usr/local/bin/stop.sh

Step 4: Monitor and Troubleshoot

# Check status
sudo systemctl status startup.service

# View logs
sudo journalctl -u startup.service -n 10

Use sudo systemd-analyze verify /etc/systemd/system/startup.service to check for syntax issues in your service file.

Conclusion

By following these steps, you can confidently manage startup, background, and shutdown behavior on your Evoxt Linux VPS with full control and stability.

The post How to Set Up Startup Scripts with systemd appeared first on Evoxt.

What is vnStat and Why Monitor Traffic on Your Linux VPS?

• Track monthly bandwidth usage per interface.
• Monitor data consumption over time for accurate billing and performance monitoring.
• Detect abnormal traffic or possible misuse.

Step 1: Install & enable vnStat

# Debian / Ubuntu
sudo apt install vnstat -y

# RHEL-based (AlmaLinux / Rocky / RHEL)
sudo dnf install vnstat -y

# Enable and check the service (daemon creates DB automatically)
sudo systemctl enable --now vnstat
sudo systemctl status vnstat

Step 2: View monthly usage

# Monthly summary
vnstat -m

#To select interface
vnstat -m -i eth0

# Daily / hourly if needed
vnstat -d
vnstat -h

Step 3: Set custom monthly rotation date (match billing cycle)

sudo nano /etc/vnstat.conf

MonthRotate 18

sudo systemctl restart vnstat

Optional: Reset or delete statistics

# remove DB for an interface (example: eth0)
sudo vnstat --remove --force -i eth0
sudo vnstat --add -i eth0

# OR delete DB file directly
sudo rm -f /var/lib/vnstat/vnstat.db

sudo systemctl restart vnstat

Quick Commands

# Install & enable

sudo apt install vnstat -y    #Debian / Ubuntu 
sudo dnf install vnstat -y    # RHEL-based (AlmaLinux / Rocky / RHEL) 
sudo systemctl enable --now vnstat

# Result
vnstat

# Change monthly rotate date
sudo nano /etc/vnstat.conf

MonthRotate 10

sudo systemctl restart vnstat

Conclusion

Using vnStat to monitor monthly internet traffic on your Linux VPS helps you understand bandwidth usage, avoid unexpected overages, and identify abnormal traffic.

If you see unexpected usage after enabling vnStat, check for open services, review firewall rules, or open a support ticket with Evoxt for assistance.

For more Evoxt VPS guides, visit Evoxt Tutorials.

The post How to Monitor Internet Traffic on Linux VPS appeared first on Evoxt.

Why this matters

• Allowing only required ports reduces exposure to attacks.
• Knowing how to remove or deny a port prevents unauthorized access.
• Understanding runtime vs permanent rules avoids unexpected behavior after reboot.

Quick safety checklist (always do this first)

• Allow your SSH port before enabling the firewall (or you may lock yourself out).
• Keep a separate console/VNC session or another working SSH session open while testing.
• Prefer testing with a non-root user if possible.

UFW (Ubuntu / Debian)

Install & enable

sudo apt update
sudo apt install ufw -y

# ensure SSH allowed first:
sudo ufw allow ssh

# enable firewall
sudo ufw enable

Allow a custom port (example: 12345)

sudo ufw allow 12345/tcp

sudo ufw allow 12345/udp

sudo ufw allow from 203.0.113.5 to any port 12345 proto tcp

Check rules and status

sudo ufw status numbered
sudo ufw status verbose

Remove or deny a rule

# see rule numbers
sudo ufw status numbered

# delete rule by number (example deletes rule #3)
sudo ufw delete 3

sudo ufw delete allow 12345/tcp

sudo ufw deny 12345/tcp

Notes about UFW

• UFW applies rules immediately. ufw enable persists across reboots.
• Use sudo ufw logging on to view blocked attempts in /var/log/ufw.log.

firewalld (AlmaLinux / Rocky / CentOS / RHEL)

Install & enable

sudo dnf install firewalld -y
sudo systemctl enable --now firewalld

Zone basics

# show default zone
sudo firewall-cmd --get-default-zone

# list active zones & settings
sudo firewall-cmd --list-all

Allow a custom port (example: 12345)

sudo firewall-cmd --permanent --add-port=12345/tcp
sudo firewall-cmd --reload

sudo firewall-cmd --add-port=12345/tcp

Allow HTTPS (example)

sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Check ports and services

sudo firewall-cmd --list-ports
sudo firewall-cmd --list-services
sudo firewall-cmd --list-all

Remove or deny a port

sudo firewall-cmd --permanent --remove-port=12345/tcp
sudo firewall-cmd --reload

sudo firewall-cmd --remove-port=12345/tcp

sudo firewall-cmd --permanent --remove-service=https
sudo firewall-cmd --reload

Notes about firewalld

• Use --permanent to persist across reboots; otherwise rules are runtime-only.
• Use zones to apply different policies to interfaces or networks.

Testing your port rules (from another machine)

# test port 12345
nc -zv YOUR-SERVER-IP 12345

Result meanings:

• Connection succeeded — port open & allowed
• Connection refused — service not listening on that port
• Connection timed out — port likely filtered/blocked by firewall or network-level filter

sudo ufw logging on
sudo tail -f /var/log/ufw.log

sudo firewall-cmd --set-log-denied=all
sudo journalctl -f -u firewalld

Quick commands

UFW

sudo apt install ufw -y
sudo ufw allow ssh
sudo ufw enable

# allow custom TCP/UDP port
sudo ufw allow 12345/tcp
sudo ufw allow 12345/udp

# allow from specific IP
sudo ufw allow from 203.0.113.5 to any port 12345 proto tcp

# remove by rule number
sudo ufw status numbered
sudo ufw delete [number]

# delete by rule
sudo ufw delete allow 12345/tcp

# explicitly deny
sudo ufw deny 12345/tcp

# status
sudo ufw status verbose

firewalld

sudo dnf install firewalld -y
sudo systemctl enable --now firewalld

# allow custom TCP port permanently
sudo firewall-cmd --permanent --add-port=12345/tcp
sudo firewall-cmd --reload

# allow runtime-only
sudo firewall-cmd --add-port=12345/tcp

# remove permanent port
sudo firewall-cmd --permanent --remove-port=12345/tcp
sudo firewall-cmd --reload

# allow a service (HTTPS)
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

# list rules
sudo firewall-cmd --list-ports
sudo firewall-cmd --list-services

Further reading & support

• More Evoxt VPS guides
• Open a support ticket if you need help

The post Linux VPS Firewall Setup Guide (UFW & firewalld) appeared first on Evoxt.

Why Enable SSH 2FA on Linux?

Step 1: Install Google Authenticator Module

# Debian/Ubuntu
sudo apt update
sudo apt install libpam-google-authenticator -y

# RHEL
sudo dnf install epel-release -y
sudo dnf install google-authenticator -y

Step 2: Set Up 2FA for Your User

google-authenticator

QR code not showing? Install qrencode (sudo apt install libqrencode3 or sudo dnf install qrencode).

Step 3: Configure PAM for SSH

sudo nano /etc/pam.d/sshd

auth required pam_google_authenticator.so

Step 4: Update SSH Configuration

#Ubuntu/Debian/RHEL
sudo nano /etc/ssh/sshd_config

#RHEL 9+ (AlmaLinux 9+, Rocky 9+)
sudo nano /etc/ssh/sshd_config.d/50-redhat.conf

ChallengeResponseAuthentication yes
UsePAM yes
KbdInteractiveAuthentication yes

Step 5: Restart SSH Service

# Debian/Ubuntu
sudo systemctl restart ssh

# RHEL
sudo systemctl restart sshd

Step 6: Test SSH 2FA Login

ssh USERNAME@IP

(Optional) Remove SSH 2FA on Linux

If you want to disable SSH Two-Factor Authentication (2FA) on your Linux VPS, follow these steps carefully. Keep a console or secondary SSH session open to avoid locking yourself out during the process.

Remove PAM Google Authenticator Line

sudo sed -i '/pam_google_authenticator.so/d' /etc/pam.d/sshd

Revert SSH Configuration

#Ubuntu/Debian/RHEL
sudo sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config

#RHEL 9+ (AlmaLinux 9+, Rocky 9+)
sudo sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config.d/50-redhat.conf
sudo sed -i 's/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config.d/50-redhat.conf

Test SSH Configuration and Restart

sudo sshd -t

sudo systemctl restart sshd

• Keep UsePAM enabled unless you are sure it’s not needed by other services.
• Always test logins in a separate SSH session before closing your active one.

Quick Commands

# Install required packages
# Ubuntu / Debian
sudo apt update
sudo apt install libpam-google-authenticator libqrencode3 -y

# RHEL-based (AlmaLinux, Rocky, CentOS)
sudo dnf install epel-release -y
sudo dnf install google-authenticator qrencode -y

# Run setup for your user (scan QR code)
google-authenticator

# Add PAM module
sudo sed -i '$a auth required pam_google_authenticator.so' /etc/pam.d/sshd

# Update SSH config (Ubuntu/Debian & CentOS 7)
sudo sed -i '/^#\?ChallengeResponseAuthentication.* /d' /etc/ssh/sshd_config
sudo sed -i '$a ChallengeResponseAuthentication yes' /etc/ssh/sshd_config
sudo sed -i 's/^#*UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config
sudo sed -i 's/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/' /etc/ssh/sshd_config
# AlmaLinux / Rocky / RHEL 9+ SSH config
sudo sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication yes/' /etc/ssh/sshd_config.d/50-redhat.conf
sudo sed -i 's/^#*UsePAM.*/UsePAM yes/' /etc/ssh/sshd_config.d/50-redhat.conf
sudo sed -i 's/^#*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/' /etc/ssh/sshd_config.d/50-redhat.conf
sudo grep -q '^KbdInteractiveAuthentication' /etc/ssh/sshd_config.d/50-redhat.conf || sudo sed -i '$a KbdInteractiveAuthentication yes' /etc/ssh/sshd_config.d/50-redhat.conf

# Restart SSH
# Ubuntu / Debian
sudo systemctl restart ssh
# RHEL-based
sudo systemctl restart sshd

Conclusion

By enabling SSH 2FA on Linux, you add a powerful security layer to your Evoxt VPS. Whether you're managing websites, Nextcloud, or critical infrastructure, this step greatly reduces the risk of unauthorized access.

For added security, you can also set up SSH keys in conjunction with 2FA.

Need help? Open a support ticket and Evoxt's support team will assist you.

The post How to Enable SSH 2FA on Linux appeared first on Evoxt.

What is Linux User Management?

• Create and control access for multiple users
• Improve server security by assigning limited permissions
• Enable team collaboration
• Isolate application environments

1. Create a New User

sudo adduser USERNAME

sudo useradd -m -s /bin/bash USERNAME
sudo passwd USERNAME

2. Grant or Remove Sudo (Admin) Privileges

#add to sudo group
sudo usermod -aG sudo USERNAME

# remove from sudo group
sudo deluser USERNAME sudo

# add to wheel group
sudo usermod -aG wheel USERNAME

# remove from wheel group
sudo gpasswd -d USERNAME wheel

3. Set or Change a User Password

sudo passwd USERNAME

4. Lock or Unlock a User

sudo passwd -l USERNAME

sudo passwd -u USERNAME

5. Delete a User

sudo userdel USERNAME

sudo userdel -r USERNAME

6. List Users & Groups

cut -d: -f1 /etc/passwd

groups USERNAME

Optional: Use SSH Key Authentication (Recommended)

Quick Commands Cheat Sheet

# Create (Debian/Ubuntu)
sudo adduser USERNAME

# Create (RHEL-family)
sudo useradd -m -s /bin/bash USERNAME
sudo passwd USERNAME

# Grant sudo (Debian/Ubuntu)
sudo usermod -aG sudo USERNAME

# Grant sudo (RHEL-family)
sudo usermod -aG wheel USERNAME

# Remove sudo (Debian/Ubuntu)
sudo deluser USERNAME sudo

# Remove sudo (RHEL-family)
sudo gpasswd -d USERNAME wheel

# Lock / Unlock
sudo passwd -l USERNAME
sudo passwd -u USERNAME

# Delete
sudo userdel USERNAME
sudo userdel -r USERNAME

# List users
cut -d: -f1 /etc/passwd

# List groups for a user
groups USERNAME

Best Practices & Notes

• Create a non-root admin account and disable direct root SSH login when possible.
• Prefer SSH keys over passwords for server access.
• Whitelist your admin IP to avoid accidental lockout when you apply restrictive controls.
• Regularly review group memberships and remove unused accounts.

Need Help?

The post How to Manage Users on Linux VPS appeared first on Evoxt.

What is Fail2Ban?

Why Use Fail2Ban on Evoxt VPS?

• Defend against brute-force SSH attacks
• Automatically block malicious IP addresses
• Reduce server load from constant login attempts
• Strengthen Evoxt’s performance with extra security

Step 1. Update Your System

# Debian/Ubuntu
sudo apt update -y

# AlmaLinux/Rocky Linux/RHEL
sudo yum update -y
sudo yum install epel-release -y

Step 2. Install Fail2Ban

# Debian/Ubuntu
sudo apt install fail2ban -y

# AlmaLinux/Rocky Linux/RHEL
sudo yum install fail2ban -y

Step 3. Enable and Start Fail2Ban

sudo systemctl enable fail2ban --now

Step 4. Configure SSH Protection

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo sed -i '/^\[sshd\]/a enabled = true' /etc/fail2ban/jail.local

Optional: Permanent Ban Logic

sudo nano /etc/fail2ban/jail.local

bantime = -1

sudo fail2ban-client set sshd unbanip YOUR_IP

Step 5. Restart Fail2Ban

sudo systemctl restart fail2ban

Step 6. Verify SSH Jail

sudo fail2ban-client status
sudo fail2ban-client status sshd

Step 7. Test Fail2Ban

Step 8. Manually Manage IPs

sudo fail2ban-client set sshd unbanip YOUR_IP

sudo fail2ban-client set sshd banip YOUR_IP

Optional: Monitor Logs

sudo tail -f /var/log/fail2ban.log

Quick Commands

sudo apt update -y
sudo apt install fail2ban -y
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo systemctl enable fail2ban --now
sudo sed -i '/^\[sshd\]/a enabled = true' /etc/fail2ban/jail.local
sudo systemctl restart fail2ban

sudo yum update -y
sudo yum install epel-release -y
sudo yum install fail2ban -y
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo systemctl enable fail2ban --now
sudo sed -i '/^\[sshd\]/a enabled = true' /etc/fail2ban/jail.local
sudo systemctl restart fail2ban

Conclusion

The post How to Use Fail2Ban SSH on Linux appeared first on Evoxt.

Why This Warning Appears

Step 1: Confirm the Server Was Reinstalled

Step 2: Remove the Old SSH Fingerprint

ssh-keygen -R your.server.ip

ssh-keygen -R 197.123.123.1

Step 3: Reconnect to the Evoxt Server

ssh root@your.server.ip

Step 4 (Optional): Verify the New Fingerprint

ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub

Security Note

Conclusion

The post Fix SSH Man-in-the-Middle Warning appeared first on Evoxt.

• • Private & Secure Cloud: Full control over your data.
  • High Performance: Fast and reliable cloud storage with Evoxt infrastructure.
  • Flexible Access: Connect via browser, mobile app, or desktop sync clients.

Step 1: Update AlmaLinux

sudo dnf update -y
sudo dnf install epel-release -y

Step 2: Install Apache, MariaDB, and PHP

Install Apache:

sudo dnf install httpd -y
sudo systemctl enable --now httpd

Install MariaDB:

sudo dnf install mariadb-server -y
sudo systemctl enable --now mariadb

Secure MariaDB:

sudo mysql_secure_installation

Or use this automated script:

sudo dnf install expect -y
mkdir -p /root/scripts
cat << 'EOF' > /root/scripts/secure_mysql.expect
#!/usr/bin/expect -f

set timeout 10
spawn mysql_secure_installation
expect "Enter password for user root:" { send "\r" }
expect "Switch to unix_socket authentication" { send "n\r" }
expect "Change the root password?" { send "n\r" }
expect "Remove anonymous users?" { send "y\r" }
expect "Disallow root login remotely?" { send "y\r" }
expect "Remove test database and access to it?" { send "y\r" }
expect "Reload privilege tables now?" { send "y\r" }
expect eof
EOF

chmod +x /root/scripts/secure_mysql.expect
/root/scripts/secure_mysql.expect

Install PHP 8.2 and Extensions:

sudo dnf module reset php -y
sudo dnf module enable php:8.2 -y
sudo dnf install php php-mysqlnd php-gd php-xml php-mbstring php-curl php-zip php-cli php-bcmath php-intl php-json php-common php-opcache -y
sudo systemctl restart httpd
php -v

Step 3: Create a Database for Nextcloud

sudo mysql -u root -p

CREATE DATABASE nextcloud;
CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'StrongPassword123';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Step 4: Download and Configure Nextcloud

cd /var/www/
sudo curl -O https://download.nextcloud.com/server/releases/nextcloud-31.0.4.zip
sudo unzip nextcloud-31.0.4.zip
sudo chown -R apache:apache nextcloud

Step 5: Configure Apache

sudo nano /etc/httpd/conf.d/nextcloud.conf

<VirtualHost *:80>
    ServerName yourdomain.com
    DocumentRoot /var/www/nextcloud/
    <Directory /var/www/html/nextcloud/>
        Require all granted
        AllowOverride All
        Options FollowSymLinks MultiViews
    </Directory>
    ErrorLog /var/log/httpd/nextcloud_error.log
    CustomLog /var/log/httpd/nextcloud_access.log combined
</VirtualHost>

sudo systemctl restart httpd

Step 6: Enable Firewall

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

sudo dnf install firewalld -y
sudo systemctl start firewalld
sudo systemctl enable firewalld

Step 7: Enable HTTPS (Optional but Recommended)

sudo dnf install certbot python3-certbot-apache -y
sudo certbot --apache -d yourdomain.com

Step 8: Finish Installation in Web Browser

• http://yourdomain.com
• http://your-server-ip/nextcloud

Quick Commands

sudo dnf update -y
sudo dnf install epel-release -y
sudo dnf install httpd -y
sudo systemctl enable --now httpd
sudo dnf install mariadb-server -y
sudo systemctl enable --now mariadb
sudo dnf install expect -y
mkdir -p /root/scripts
cat << 'EOF' > /root/scripts/secure_mysql.expect
#!/usr/bin/expect -f
set timeout 10
spawn mysql_secure_installation
expect "Enter password for user root:" { send "\r" }
expect "Switch to unix_socket authentication" { send "n\r" }
expect "Change the root password?" { send "n\r" }
expect "Remove anonymous users?" { send "y\r" }
expect "Disallow root login remotely?" { send "y\r" }
expect "Remove test database and access to it?" { send "y\r" }
expect "Reload privilege tables now?" { send "y\r" }
expect eof
EOF
chmod +x /root/scripts/secure_mysql.expect
/root/scripts/secure_mysql.expect


sudo mysql -u root -p
CREATE DATABASE nextcloud;

CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'StrongPassword123';

GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost';

FLUSH PRIVILEGES;

EXIT;
sudo dnf module reset php -y
sudo dnf module enable php:8.2 -y
sudo dnf install php php-mysqlnd php-gd php-xml php-mbstring php-curl php-zip php-cli php-bcmath php-intl php-json php-common php-opcache -y
cd /var/www/
sudo curl -O https://download.nextcloud.com/server/releases/nextcloud-31.0.4.zip
sudo unzip nextcloud-31.0.4.zip
sudo chown -R apache:apache nextcloud
sudo tee /etc/httpd/conf.d/nextcloud.conf > /dev/null <
    ServerName yourdomain.com
    DocumentRoot /var/www/nextcloud/

    
        Require all granted
        AllowOverride All
        Options FollowSymLinks MultiViews
    

    ErrorLog /var/log/httpd/nextcloud_error.log
    CustomLog /var/log/httpd/nextcloud_access.log combined

EOF

sudo dnf install firewalld -y
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
sudo systemctl restart httpd

Conclusion

The post How to install Nextcloud on AlmaLinux 9.4 appeared first on Evoxt.

Step 1: Generate an SSH Key Pair

ssh-keygen -t rsa -b 4096

• -t rsa specifies the RSA encryption type, ensuring strong security.
• -b 4096 generates a 4096-bit key, providing enhanced protection.

• Choose a file location (Press Enter to use the default ~/.ssh/id_rsa).
• Set a passphrase (Optional but recommended for added security).

  

Step 2: Log in to Your Linux Server

ssh user@your-server-ip

Step 3: Copy the Public Key to Your Linux Server

echo your-public-key >> ~/.ssh/authorized_keys

Example SSH Key Format

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA7nVdS7h9QhMhAaaOBFZtclWZtBQKdb...
zBQKdb6yGGHt5h7IY+bprOSoK+cBoZd+aQ8pfqL9iT+xxuUbfSTGVJw== user@hostname

Step 4: Set Correct Permissions

chmod 700 ~/.ssh  
chmod 600 ~/.ssh/authorized_keys  

Step 5: Test SSH Key Authentication

ssh user@your-server-ip

Step 6 (Optional): Disable Password Authentication for Extra Security

To prevent password-based logins, disable them in the SSH configuration file.

1) Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

2) Find and modify the following line:

PasswordAuthentication yes

PasswordAuthentication no

Save and exit by pressing: Ctrl + X → Y → Enter.

Optional Step: Add Your SSH Key During Server Deployment

Quick Commands Recap

ssh-keygen -t rsa -b 4096  
echo your-public-key >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh  
chmod 600 ~/.ssh/authorized_keys  

Why Use SSH Keys for Secure Authentication?

• Prevents brute-force attacks by eliminating password-based logins.
• Enables passwordless access, improving efficiency and automation.
• Enhances security through strong cryptographic encryption.

The post How to Set Up SSH Keys on Linux appeared first on Evoxt.