search

bikram-cloud / Kddi_work

some document
0 stars 0 forks source link

Log Server Setup #9

Open bikram-cloud opened 4 years ago

bikram-cloud commented 4 years ago

※ Updated 13/03/2020

Log Server Setup

IP: 150.95.147.249 Port: 50044 User: ktecadm URL: 201912/2503.xyz

URLアクセス情報:

System Update

sudo apt-get update 
sudo apt-get upgrade

Add user

sudo adduser ktecadm 

*pass : 5513toyosu3

Sudo

sudo gpasswd -a ktecadm sudo

ktecadm SSH cert

sudo mkdir /home/ktecadm/.ssh 
chown ktecadm:ktecadm /home/ktecadm/.ssh 
chmod 700 /home/ktecadm/.ssh 
cp /root/.ssh/authorized_keys /home/ktecadm/.ssh/ 
chown ktecadm:ktecadm /home/ktecadm/.ssh/authorized_keys 
chmod 600 /home/ktecadm/.ssh/authorized_keys

disable root login

sudo nano /etc/ssh/sshd_config

PermitRootLogin yes <- no 変更

sudo service ssh restart

install certbot

sudo apt -y install certbot

SSL Cert

sudo certbot certonly --standalone -d 2019122503.xyz

※ This certificate did not register for some reason. Redid this step, check further down for new procedure.

登録したメール:

smrr.kodama@gmail.com

SSL Cert auto renewal

sudo vi  /etc/crontab

Add:

00 4 * root /home/ktecadm/renew.sh > /home/ktecadm/renew.log

Create renew.sh:

sudo nano ./renew.sh
#!/bin/bash 
date 
sudo nginx -s stop 
sudo certbot renew --standalone 
sudo nginx

Install Apache

sudo apt-get install apache2
cd ~ 
mkdir www

backup apache2.conf

sudo cp apache2.conf apache2.conf_bk

install node.js

sudo curl -sL https://deb.nodesource.com/setup_10.x | sudo bash - 

sudo apt-get install nodejs

forever install

sudo npm i forever -g

Change SSH Port

sudo vi /etc/ssh/sshd_config

Add:

Port 50044

Reload ssh

sudo /etc/init.d/ssh restart

Firerwall

sudo ufw enable
sudo ufw allow 443
sudo ufw allow ssh
sudo ufw allow 50044

50044から問題なくSSHでログインしたらSSH22を削除する

sudo ufw remove ssh

Virtal Host

cd /etc/apache2/sites-available

sudo vi 000-default.conf

updated install cert bot since above did not work

sudo add-apt-repository ppa:certbot/certbot

sudo apt install python-certbot-apache

sudo ufw allow 'Apache Full'

Add SSL

sudo certbot --apache -d 2019122503.xyz

Selected 2

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.

basic認証

【参照】

https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-16-04

Install apache Utilities package

sudo apt-get update
sudo apt-get install apache2-utils

Create password file and user

sudo htpasswd -c /etc/apache2/.htpasswd ktech_user

Add directory to the Virtual Host

  <Directory "/var/www/html">
      AuthType Basic
      AuthName "Restricted Content"
      AuthUserFile /etc/apache2/.htpasswd
      Require valid-user
  </Directory>

Check apache2 conifg syntax and restart

sudo apache2ctl configtest

sudo systemctl restart apache2

sudo systemctl status apache2

========== 下記のNTP設定が必要かどうかを確認します。

NTP

※岩縦さんはtimezoneを設定しました。 NTP連携の設定だけします。

sudo su - 【参照】

https://blog.fenrir-inc.com/jp/2017/12/amazontimesyncserviceonubuntu.html


sudo vi /etc/systemd/timesyncd.conf 

----------------------------------
# NTP=
   ↓
NTP=169.254.169.123
----------------------------------

service systemd-timesyncd stop
service systemd-timesyncd start

systemctl status systemd-timesyncd.service
>