Phrasing clarification

[kyl191]

Page 10 of the PDF on network interfaces:

You’ll usually see an internal network, useful servers within a local network such as a data center.

The 'useful servers' doesn't make much sense in the context.

Most server providers will connect servers to a public network as well. Servers use public networks to reach the outside world. The IP address of the public network are used to reach a remote server.

Not really... NAT allows outgoing access to remote servers without a public IP. Also, NATted VPSes are a thing in the ~last year.

Maybe 'Most server providers will assign a server a public IP address. Servers with a public IP address can usually be reached by users on the internet.'

[fideloper]

Thanks, appreciate the feedback! I'll check out about how to clear that up / add some detail there.

[kyl191]

Continuing with the security chapter: 1) page 15:

This means that someone likely knows the IP address of your server is used. Automated bots may come snooping to see what vulnerabilities might be open on your server the instant it’s created!

I'd suggest dropping the 'is used' portion of the highlighted portion. Changing it to 'in use' is also possible, but just dropping it is cleaner.

2) Also， page 16, you mention useradd vs adduser in an aside. Might want to add that it's Debian/Ubuntu only. On Fedora/CentOS, adduser is linked to useradd.

3) Page 18 and 19 have repeated mentions that

The use of % signifies a group name instead of a username

You could drop one of them.

4) Page 19, about NOPASSWD directive:

It makes your privileged user as dangerous as giving root access.

"as dangerous as root" works better, since you're comparing two accounts.

Also, the lack of passwords in production isn't equivalent to giving root access, it's allowing all commands to be run with sudo. So I'd also suggest dropping 'without passwords' as well.

5) Page 24,

This will expand out to the path /home/someusername/.ssh/authorized_keys.

Leanpub issue: it runs off the page in the PDF version. Also, ssh-copy-id is useful instead of manually copy and pasting.

6) Page 28, on the 3rd rule in iptables output

If you changed the default SSH port, this will show the used port number instead

As far as I know, this is only if you've changed the port in the iptables configuration. I don't think there's anything that automatically copies over a changed port from the SSHd configuration.

7) Page 40

A bannings is popular - many (most) servers on a public network will have multiple unsuccessful login attempts daily.

"Banning is common" instead?

8) Page 41, describing port = ssh in fail2ban conf file

It monitors services on the SSH port (whatever it happens to be set to, not necessarily port 22)

I don't think that's the case - the port associated with ssh is defined to be port 22 in /etc/services. (Like 6) above)

[kyl191]

Apt chapter, Page 47

This let’s us get software updates that wouldn’t normally be available on our server version.

Drop the ' in in let's us

Web Servers, Page 67

Pretty sure MaxCDN isn't a DNS provider

Page 98

workers. T> T> We’ll

Weird syntax-looking T> things

Page 110

We Proxy to the cluster named mycluster rather than than to the FastCGI process directly.

Spurious capitalization on Proxy Also, could there be something on the differences between the ProxyPass and ProxyPassReverse directives in the Apache conf?

Page 117

However this displays server information on generated error pages, such a 404 pages.

Either an extraneous 'a', or 'a 404 page' was intended - note the non-plural.

Page 118

What is the context for the image? I'm assuming it was captured with ServerSignature On given the data shown, but we were just talking about it being off...

Page 123

These compare directly the previous chapter on Apache.

Was Apache a section or a chapter? Also rather awkward phrasing - 'This is equivalent to what was covered in the section on Apache'

Page 150

By default, PHP-FPM listens on a Unix socket found at /var/run/php5-fpm.sock.

Leanpub PDF issue, file path runs off the margin of the page

Page 154

There are other log options you can set as well, such as the slow log the slow log threshold.

Is there supposed to be an 'and' between the two mentions of 'the slow log'? Also, the slow log is mentioned again on Page 156 in a reference about looking at other PHP-FPM options, could cut either one without an impact.

Page 167

I’ll also show you how to do it in a way that can be automated, eliminated the need for human interaction.

'eliminated' should be 'eliminating'

Page 170 & 171, line 20 of example-ssl.conf

BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

My first thought was that the '17' was a typo, but it's legit - https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/626728. Might want to put a warning or something.

Page 178

This, however, get’s slow when there are many files or high levels of traffic.

s/get's/gets/

[fideloper]

Thanks, integrated just about all of that! Very useful!

Good catch on the MSIE[17-9] :beer:

The /etc/services file was new to me, thanks for pointing that out!