User:PMay/Hetzner.de vServer Setup
This guide is about how to install Arch on a vServer hosted by hetzner.de. The guide is still in development and not complete.
btrfs
# dd if=/dev/zero of=~/part bs=1024 count=2000000 # mkfs.btrfs -L mybtrfs ~/part # mkdir /mnt/mybtrfs # mount /root/part /mnt/mybtrfs
Backup
# export FTP_PASSWORD=<my_password> # export PASSPHRASE=<my_passphrase> # duplicity --verbosity 9 --ssl-no-check-certificate . webdavs://<my_e-mail>@dav.box.com/dav/backup - - Errormessage: Import of duplicity.backends.dpbxbackend Failed: No module named dropbox
more packages to install
# pacman -S net-tools
network
- also see en:Network Configuration or en:Network Configuration#Static IP address
- proper values forIP adress and so on can be found from old debian installation at /etc/network/interfaces
- create and edit /etc/conf.d/network@ens3
- create and edit /etc/systemd/system/network@.service (without ens3 after @)
# systemctl enable network@ens3.service
- edit /etc/resolv.conf to setup name server (see same file from old debian installation for proper values)
sshd
- see also en:Secure Shell
- install openssh wih pacman
- enable it:
# systemctl enable sshd.service
activate swap partition
# mkswap /dev/sda1 # swapon /dev/sda1
File: /etc/fstab
/dev/sda1 none swap defaults 0 0
LAMP
# pacman -S apache php php-apache mariadb
Apache
Apache Security
- disable all auth modules but not mod_authz_host.so
- disable all proxy modules
- disable mod_autoindex.so
- disable mod_info.so
- removed Include conf/extra/httpd-autoindex.conf
MariaDB
- login to DB
# mysql -u root -p
CREATE USER 'wp'@'localhost' IDENTIFIED BY 'somepassword'; CREATE DATABASE wp_db; GRANT ALL PRIVILEGES ON wp_db.* TO 'wp'@'localhost';
Idears / ToDo
- use btrfs to make snapshots for recovery - but use ro now rw snapshots (tip from irc - whatever that means)
- port 5060 (sip) scheint offen zu sein
- remove these messages vom apache: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.1e DAV/2 PHP/5.5.6
- check if these settings are all right: php_admin_value open_basedir
- Zeitzone setzen
- Zeitserver client aufsetzen http://wiki.hetzner.de/index.php/Uhrzeit_synchronisieren_mit_NTP
- Forward-Secrecy: http://www.heise.de/newsticker/meldung/Auch-Twitter-steigt-auf-Forward-Secrecy-um-2053135.html
- FollowSymLinks bei apache aus
- edit /etc/httpd/conf/extra/httpd-default.conf
- edit open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/ in php.ini
- ich wuerde von dem verlinkten wiki abraten, die leute in #postfix waren ziemlich entsetzt als sie das gesehen haben, vor allem das 'relay_domains = *'
ownCloud
Notes
- see what daemons are listening on what ports
# netstat -tuple # ss -l
- show the state of a running deamon and its last log output
# systemctl status <deamon_name>