Linux Archives - 益沃斯

Enable automatic updates in Linux

Evoxt — Wed, 05 Jan 2022 10:34:25 +0000

It is almost impossible to log in to your server to check and update it every day. However, failing to keep servers up to date can be a potential threat.

There is a better solution to this, automatic updates. Here is how to enable automatic updates in Linux:

Ubuntu/ Debian based servers

Install unattended-upgrades

apt install unattended-upgrades

Edit the unattended upgrade configuration

vi /etc/apt/apt.conf.d/50unattended-upgrades

// Automatically upgrade packages from these (origin:archive) pairs
//
// Note that in Ubuntu security updates may pull in new dependencies
// from non-security sources (e.g. chromium). By allowing the release
// pocket these get automatically pulled in.
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
//"${distro_id}:${distro_codename}-security";
// Extended Security Maintenance; doesn't necessarily exist for
// every release and this system may not have it installed, but if
// available, the policy for updates is such that unattended-upgrades
// should also install from here by default.
"${distro_id}ESMApps:${distro_codename}-apps-security";
"${distro_id}ESM:${distro_codename}-infra-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

In this case we will enable the security updates only to avoid potentially messing up the running programs.
To enable security updates, remove the comment on this line "${distro_id}:${distro_codename}-security";

//"${distro_id}:${distro_codename}";

"${distro_id}:${distro_codename}-security";

// Extended Security Maintenance; doesn't necessarily exist for
// every release and this system may not have it installed, but if
// available, the policy for updates is such that unattended-upgrades
// should also install from here by default.
"${distro_id}ESMApps:${distro_codename}-apps-security";
"${distro_id}ESM:${distro_codename}-infra-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

After this, we will have to enable automatic upgrade. Use this command to enable automatic upgrade.

echo 'APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "3";
APT::Periodic::Unattended-Upgrade "1";' > /etc/apt/apt.conf.d/20auto-upgrades

CentOS/ Fedora based servers

Install dnf-automatic

dnf install dnf-automatic

We will have to make changes to the configuration files before enabling automatic update. Go to the configuration file by using this command

vi /etc/dnf/automatic.conf

[commands]
# What kind of upgrade to perform:
# default = all available upgrades
# security = only the security upgrades
upgrade_type = default
random_sleep = 0

# Maximum time in seconds to wait until the system is on-line and able to
# connect to remote repositories.
network_online_timeout = 60

# To just receive updates use dnf-automatic-notifyonly.timer

# Whether updates should be downloaded when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
download_updates = yes

# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
apply_updates = no

In this case we will enable the security updates only to avoid potentially messing up the running programs.

Enabled security updates

Set apply updates to yes to automatic applying the update once downloaded

[commands]
# What kind of upgrade to perform:
# default = all available upgrades

security = only the security upgrades

upgrade_type = default
random_sleep = 0

# Maximum time in seconds to wait until the system is on-line and able to
# connect to remote repositories.
network_online_timeout = 60

# To just receive updates use dnf-automatic-notifyonly.timer

# Whether updates should be downloaded when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
download_updates = yes

# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.

apply_updates = yes

Once this is done, start dnf-automatic.timer service

systemctl start dnf-automatic.timer

Enable dnf-automatic.timer service to automatic start on reboot

systemctl enable dnf-automatic.timer

[root@evoxt ~]# systemctl enable dnf-automatic.timer
Created symlink /etc/systemd/system/timers.target.wants/dnf-automatic.timer → /usr/lib/systemd/system/dnf-automatic.timer.
[root@evoxt ~]#

By following this guide, automatic security update is now enabled on your Linux system.

Your server will now automatically install the latest security updates, protecting your server.

Deploy a server with Evoxt now!
Deploy

The post Enable automatic updates in Linux appeared first on 益沃斯.

Securing a Linux server

Evoxt — Mon, 03 Jan 2022 13:48:36 +0000

Is your Linux server safe from hackers? Can they get hacked? Freak out about getting your server compromised and getting your data leaked? Take a look at some of the tips you can take to secure and protect your Linux server.

1. SSH security

SSH is like a path to connect you to your Linux server. Of course, you will have to secure the passage. Hackers can access your server the same way you access your server.

SSH Port

Everyone knows that SSH uses the default port 22 to connect to your server. To avoid letting people know that your SSH is open to connection, change the port so hackers that scan port 22 will not know that your server's SSH is active. The best practice is to change your SSH ports to a different port between 10000 and 32767.

To change your SSH ports, edit SSH config

vi /etc/ssh/sshd_config

Find this line

#Port 22

change port value

Port

Don't forget to restart your ssh server to apply the settings.

systemctl restart sshd

2. SSH Keys

Password can easily get bruteforced, trying keying in your Password in https://www.security.org/how-secure-is-my-password/ and find out how long does it take for a hacker to crack your password. Scary isn't it?

Now, how about cracking a 4096 bits SSH key? Good luck with that, Mr. Hackers.

To set up an SSH key, use the code to generate a rsa 4096 bit key pair

ssh-keygen -t rsa -b 4096

On Windows machine (cmd), this will be

C:\Users\evoxt>ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\evoxt/.ssh/id_rsa):
Created directory 'C:\Users\evoxt/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\evoxt/.ssh/id_rsa.
Your public key has been saved in C:\Users\evoxt/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RSM1LY13KzUzgSziCz1gLKfTSLs3YtgKBtHdQGdX2SQ evoxt@DESKTOP-DU15VE5
The key's randomart image is:
+—[RSA 4096]—-+
| . oo+o ooEO…. |
|. . +o*..o=+B * |
| . . O + ..+ o = |
|. = o +. . . |
|. o o .So . |
|… = o . |
|.. o o . |
| . |
| |
+—-[SHA256]—–+
C:\Users\evoxt>

Then, you will have to manually copy the ssh public key to your server ( ~/.ssh/authorized_keys )

The formatting will be

ssh-rsa

Example:

[root@evoxt .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsDZ5LPRriU4wDjZVzSVdqVzWNlaon2WdOm9v1AsAp+9R0u+dyy0YiXcxhF9rjK4bnLc840pw2AiCiQIEwfXS03jVA3b1q1yqCqyiO3WVf+SGuL9m+GXq9hNsRCHznGhhsoi9VbbED5ECMFYoU6SeVucXntEtfR32C8Hnb1eBCICU5GXrZpIqEgqZrnDEVKzMUS/T4HjGGnT4puQDEg++e33HE3z0vr7PXbDW2RR1kIsRdNS0/BfdlPCXf1lA8aAkKWq49rGO5T5PT4+bCDh7aVCS5ouTfL0qJNpyijBudRvHy4DUuzdqNJLEcR4DYZRSXEQsYc+oK+5mjvcGFNQXbx8bQNYyGtERBfAVuWSTsk8oVwRwbo9YIzkMYKyf1GwJvoggKHCsx+s0gHcAo0LSU7BFXVJMS5NY6Zvw6Cv+z/UUokVkTZ/CkTiTJHhVJjzLkeqmFPWbxEWSWED5RUuCnWTmHcV6Fkc3sbUAwp+qRdQgVcGPYigpa8/dsyLWFTbdK1fe5UUeY5C3UbBqr6bItn42tJCNPcu6YpxtfdxDtq/IDWGRsZltM15FEFCrvBGX8JD1z1H3S+j3GjFJtA1iW1cODOV5l+s0sUS64OnY+o0hpsqs2Mie4Xy/zzKg5C071wHIORML1tZq40ZETmwCUXlwmv4shay5cJJm/Ss3qQ==
[root@evoxt ~]#

On a Linux machine, this will be

[root@evoxt ~]# ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:eIS1I1I0YXgvjR9igqAipDp0j3D+CYpyqjuJQ02ugZ8 root@evoxt
The key's randomart image is:
+—[RSA 4096]—-+
| o*.. |
|.. .o.+ . |
|+. …o++ |
|=o.+..=++. |
|* O oo.+S. |
|+o * . .. |
|+++.o . |
|BoE o |
|** |
+—-[SHA256]—–+
[root@evoxt ~]#

Then, you can use ssh-copy-id command to install the ssh public key.

ssh-copy-id user@your_server_ip

[root@evoxt ~]# ssh-copy-id root@xx.xx.xx.xx
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'xx.xx.xx.xx (xx.xx.xx.xx)' can't be established.
ECDSA key fingerprint is SHA256:umf+E/a0OQe8eRmPdYyCM5kE+ZG/FCC2MEEn2G81dGA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
root@xx.xx.xx.xx's password:

Number of key(s) added: 1

Now try logging into the machine, with "ssh 'root@xx.xx.xx.xx'"
and check to make sure that only the key(s) you wanted were added.

[root@evoxt ~]#

SSH from Specific IP

To allow specific IP to access your server through SSH, configure the firewall only to allow a single IP address to go through the firewall to your SSH port.

Make sure you have a static IP before doing this. Else you can get locked out of your server.

Disable Password Authentication

Once SSH key authentication has been set up, disable password authentication.

sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config

Then restart SSH service

systemctl restart sshd

3. Automatic updates

Zero-day exploits are attacks that you can't react to. The best thing next is to protect yourself from N-day attacks once the zero-day exploit has been discovered. To protect yourself from N-day attacks, enable automatic updates. Keep in mind that automatic updates can potentially mess things up. To reduce the chances, enable automatic security only.

To enable automatic security updates, use this guide.

4. Default password

Change your server's default password. Most default passwords are stored in databases and your email inbox. Change them!

To change your server's password,

passwd

[root@TEST ~]# passwd root
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@TEST ~]#

5. Private Networks and VPNs

Set up a server and connect to your servers through a private network. Private network uses private IP to communicate with each other isolating your servers from the public without any exposure to the public.

To set up a private network or a VPN. Take a look at Pritunl. They offer many advanced features such as organization management to separate between Private networks, and it also comes with GUI to easily configure the server.

6. Firewall

Set up a firewall to block unnecessary open ports.

Most Linux distributions includes Iptables by default.

To control your Iptables:

CentOS/ Fedora uses FirewallD

Ubuntu/ Debian uses UFW.

To take a look for running programs that are currently using specific ports, use netstat

netstat -tulpn

Also, block ICMP Ping if not required.

With ICMP blocked, hackers have a harder time knowing your server is currently up and running.

7. Users

Root access is scary! With root access, the hacker can do almost anything to your servers.

Because root access is so powerful, hackers tend to try to crack and brute force root accounts. Hackers will usually stay away from other user accounts if you disable root user access due to the lack of permissions.

The most common practice is to block root access through SSH.

To disable root access through SSH

vi /etc/ssh/sshd_config

Change PermitRootLogin from yes to no and remove the # comment if there is any

#PermitRootLogin yes

PermitRootLogin no

Or use this simple command to disable root login.

sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config

Don't forget to restart your ssh service to apply the settings.

systemctl restart sshd

Note: Please make sure you have other users account created with sufficient permission to avoid getting locked out of your server.

8. Backup

This is not quite related to server security. However, I believe this is super important to be included.

It is crucial to have a server backup just in case something goes wrong.

When a server is hacked, backup files will be your savior.

Store your backup offsite, so the hacker cannot modify or alter your backup files.

Luckily for you, all servers under Evoxt will be backup weekly on an offsite server. If you are not using Evoxt yet, consider upgrading!

The post Securing a Linux server appeared first on 益沃斯.

Setup SSL/ HTTPS on NGINX on CentOS 8/ AlmaLinux 8/ RockyLinux 8

Evoxt — Sun, 02 Jan 2022 20:36:07 +0000

Installing SSL can usually be a very tedious process. Luckily for us, Certbot has an automated script to easily help us to get SSL/ HTTPS set up with a few command lines. To start, install Certbot

sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo dnf install certbot python3-certbot-nginx

Once Certbot is installed, automatically generate an SSL certificate by running this command. You will be prompted with several inputs to fill in.

certbot –nginx

[root@nginx ~]# certbot –nginx
[root@nginx ~]# certbot –nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): test@test.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): yourdomain.com
Requesting a certificate for yourdomain.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/yourdomain.com/privkey.pem
This certificate expires on 2022-04-02.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for yourdomain.com to /etc/nginx/conf.d/nginx.conf
Congratulations! You have successfully enabled HTTPS on yourdomain.evoxt.com
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
[root@nginx ~]#

With these set up, your domain's SSL setup should be complete.

Note: Your browser might still cache the old self-signed certificate, or the certificate will not update, hence still showing insecure SSL. To fix this, try clearing your browser's cache or try accessing your website with a different browser.

To check SSL status, try using this SSL Checker from Geocerts.

The post Setup SSL/ HTTPS on NGINX on CentOS 8/ AlmaLinux 8/ RockyLinux 8 appeared first on 益沃斯.

How to install phpMyAdmin on CentOS 8 / AlmaLinux 8 / RockyLinux 8

Evoxt — Tue, 14 Sep 2021 20:49:49 +0000

phpMyAdmin is a web-based free and open-source tool that is written in PHP to help users to manage their database easily. With phpMyAdmin, users can easily create and manage databases, import and export data and even executing SQL queries, such as creating, deleting, editing, inserting and more, providing easy to use web-based interface to easily perform SQL queries without any command line.

As of today, phpMyAdmin has become one of the most widely used MySQL administration tools.

Requirements:

A server with network connection running CentOS 8 , AlmaLinux 8 or RockyLinux 8.
MySQL / MariaDB Installed
PHP Installed
Web Server Installed ( In this tutorial, we are working with Apache )

If you don't have any MySQL / MariaDB, PHP, Web Server Installed, you can use the command line below to install your LAMP stack.

dnf install wget httpd php php-pdo php-xml php-pecl-zip php-json php-common php-fpm php-mbstring php-cli php-mysqlnd php-json php-mbstring mariadb-server -y

Once you are done with the installation, start and enable the services.

systemctl enable httpd
systemctl start httpd
systemctl enable mariadb
systemctl start mariadb

Once the dependencies are installed and started,
Start by configuring your MySQL / MariaDB by running this command, which is a secure MySQL / MariaDB script

mysql_secure_installation

[root@EvoxtGuide ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
… Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
… Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
… Success!

Cleaning up…

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
[root@EvoxtGuide ~]#

Now let's get started with phpMyAdmin installation!

Unfortunately, phpMyAdmin is not included in CentOS 8 / AlmaLinux 8 / RockyLinux 8's repo.
You will have to download the files, extract and move the files to successfully install phpMyAdmin.

To download, go to here, choose the latest phpMyAdmin and copy the URL to download the latest phpMyAdmin.

For this tutorial, the latest phpMyAdmin version is phpMyAdmin 5.1.1. So in this tutorial, we will be using phpMyAdmin 5.1.1 as an example.

Download phpMyAdmin on your server by running this command,
if you are installing a different version of phpMyAdmin,
remember to change the version number on the URL or use the URL you copied from the above step.

wget https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.zip

[root@EvoxtGuide ~]# wget https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.zip
–2021-09-14 17:30:31– https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.zip
Resolving files.phpmyadmin.net (files.phpmyadmin.net)… 89.187.187.20, 2a02:6ea0:c800::8
Connecting to files.phpmyadmin.net (files.phpmyadmin.net)|89.187.187.20|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 14801905 (14M) [application/zip]
Saving to: ‘phpMyAdmin-5.1.1-all-languages.zip’

phpMyAdmin-5.1.1-al 100%[===================>] 14.12M 82.6MB/s in 0.2s

2021-09-14 17:30:32 (82.6 MB/s) – ‘phpMyAdmin-5.1.1-all-languages.zip’ saved [14801905/14801905]

[root@EvoxtGuide ~]#

Once this is downloaded, unzip the file using this command:

unzip phpMyAdmin-*.zip

Remove the zip file

rm -f phpMyAdmin-*.zip

Once this is done, move the extracted folder to /usr/share directory as that is the default directory for phpMyAdmin

mv phpMyAdmin-* /usr/share/phpmyadmin

Next, change directory to /usr/share/phpmyadmin and rename config.sample.inc.php to config.inc.php

cd /usr/share/phpmyadmin
mv config.sample.inc.php config.inc.php

Then, edit config.inc.php and find this line $cfg['blowfish_secret'] = "; and add a secret key for cookie auth. Remember to make sure the secret key is at least 32 characters.

vi config.inc.php
$cfg['blowfish_secret'] = 'your-secret-key-here-32-characters';

After that, import create_tables.sql with the following command.

mysql < /usr/share/phpmyadmin/sql/create_tables.sql -u root -p

Key in your MySQL / MariaDB root password when prompted. ( This is from the mysql_secure_installation part )

[root@EvoxtGuide phpmyadmin]# mysql < /usr/share/phpmyadmin/sql/create_tables.sql -u root -p
Enter password:
[root@EvoxtGuide phpmyadmin]#

Next, create a temporary directory for phpmyadmin and change permission. If you are using other web server, remember to change apache:apache to the webserver that you use.

mkdir /usr/share/phpmyadmin/tmp
chown -R apache:apache /usr/share/phpmyadmin
chmod 777 /usr/share/phpmyadmin/tmp

phpMyAdmin installation is now complete.
To make phpmyadmin accessible through public, you will need to configure your webserver to include phpmyadmin's directory.
If you are using Apache, just copy and paste this on your command line

echo 'Alias /phpmyadmin /usr/share/phpmyadmin

AddDefaultCharset UTF-8

# Apache 2.4

Require all granted

# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1

# Apache 2.4

Require all granted

# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1

' > /etc/httpd/conf.d/phpmyadmin.conf

Restart webserver

systemctl restart httpd

If there are no errors, you are done.

If there is any error, this should be some configuration error with your configuration files. You can troubleshoot using this command line to check the status.

systemctl status httpd

Congratulations! you have successfully installed phpMyAdmin on CentOS 8/ AlmaLinux 8/ RockyLinux 8 server.

The post How to install phpMyAdmin on CentOS 8 / AlmaLinux 8 / RockyLinux 8 appeared first on 益沃斯.

How to point a Domain to your VM

Evoxt — Wed, 23 Jun 2021 17:33:39 +0000

This is a guide on how to point a domain to your VM to serve content with your VM as the host.

You require a DNS server to be set up for you. Usually, most domain provider has that already set up, and you can start pointing. But for this guide, we will be using Cloudflare. Cloudflare offers free DNS service and Wildcard SSL.

Signup / Login to your Cloudflare account

Head to Cloudflare to login to your account or signup here: https://dash.cloudflare.com/sign-up if you haven't already.

Click add site on the top right of your Cloudflare account

Add your domain and click add site

Choose the free plan

Set your DNS records

Cloudflare will check your existing DNS record and will request you to check and update your DNS record

You have to add A record to tell Cloudflare to point the domain name to your VM IP

Type : A
Name : Your domain name or @
IPv4 address : Your_VM_IP

Remember to enable the proxy setting, which helps you hide your VM IP to prevent exposing your VM IP, leading to potential DDoS.
Also don't forget to clear any existing duplicate A record and CNAME you have to prevent any potential issues.

Example config:

Remember to also add a Cname record to make sure www.yourdomainname.com will resolve

Type : Cname
Name : www
Target : Your domain name or @

Click save and Continue

Set your Nameserver records

Now you have to change your domain's nameserver record to Cloudflare's nameserver.

Note: Nameserver record differs depending on the provider, contact your domain provider if you have any questions, here are some guides on some popular domain providers.

GoDaddy
NameCheap
Google Domains
Domain.com
eNom

When you are done, click Done, check the nameservers, and you are done pointing your domain to your VM.

Now try visiting your domain on your browser, and the domain will resolve!

Note: It might take a while for the DNS and nameserver to propagate, usually it is instant, but it might take up to 24 hours to propagate, contact your domain provider if it hasn't propagated after 24 hours.

Bonus:

SSL

Configuring SSL usually takes a lot of work and quite complicated.
With cloudflare, simply go to SSL/TLS tab and click on Flexible

With this your website will have a padlock beside the URL and it will be secured, to check, head to https://yourdomainname

Don't forget to enable Automatic HTTPS Rewrites after that so all HTTP traffic will be forwarded to HTTPS traffic.
You can do that by going to Cloudflare > SSL/TLS > Edge Certificates > Automatic HTTPS Rewrites > On

Haven't deployed a VM with Evoxt yet? Deploy a VM now!
Deploy

The post How to point a Domain to your VM appeared first on 益沃斯.

How to connect to a Linux VPS / Linux VM

Evoxt — Sun, 13 Jun 2021 11:09:45 +0000

Introduction

Secure Shell (SSH) is a UNIX-based command interface and protocol to securely connect and access a remote computer. Typical applications include remote command-line, login, and remote command execution. SSH commands are secure as both ends of the client/ server connection are connected using a cryptographic network that operates securely over an unsecured network.

Retriving your Evoxt VM details:

Get your VM's IP, Username and Password from Email. Check your email for your VM details. Your VM details are sent to your email inbox.
Check your junk/ spam mail just in case.
Did not receive it? Contact us.

How to connect via to your Linux VPS/ VM via SSH

Windows

If you are using Windows, Open CMD and type:

ssh USERNAME@Your-VM-IP

Accept authenticity by typing 'yes'
and key in your VM password.

ssh root@192.168.0.1 The authenticity of host '192.168.0.1 (192.168.0.1)' can't be established.
RSA key fingerprint is SHA256:GY4yCL+HfYQXaKXePGlJvGcgKdvQR8OGTbmwbpiQbDE.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Alternatively, you can connect to your Linux VPS / VM using programs such as PuTTy:
You can download putty here: https://www.putty.org/

To connect through PuTTy, simply key in your VM IP, Default Port (22) and click Open
Accept authenticity by typing 'yes' and key in the VM username and VM password to login.

Linux

If you are using Linux based machine, Open Terminal and type:

ssh USERNAME@Your-VM-IP

Want to set up a website but don't know how?
Deploy a WordPress website with just a single click!

The post How to connect to a Linux VPS / Linux VM appeared first on 益沃斯.