# {Newbie} VPS security, software install, etc help



## piratemouse (May 20, 2015)

Hello everyone.

I have been around computers for many years, but I still find myself unable to figure out the simplist of things, it seems. I have recently purchased a VPS package ( Running CentOS6 ) and I would like to do the following :


Securely protect the VPS
Install LEMP or LAMP ( Dunno what would be better in the long run )
Connect my two domains, having one host a website ( Joomla )
Installing / Configuring an IRCd, mail service and MUD game ( https://code.google.com/p/evennia/wiki/GettingStarted ) 
Assistance with getting Joomla properly configured / customized ... or at least put me on the right track without borking the mess. *lol* ( There are a few mods I am interested in. I just am afraid of screwing up something so royally that I have to start from scratch again. )

I am a pretty quick study, and am not asking someone to DO the work for me, though it probably would go faster, but I am asking for a mentor, guide, teacher or guides to follow and someone to fall back on if I run into issues.

Thank you for allowing me to post.


----------



## sundaymouse (May 20, 2015)

These are the works you may have to pay others to do for you.

Otherwise, check existing tutorials.


----------



## telephone (May 20, 2015)

A good place to start is the DigitalOcean and Linode tutorials.

DigitalOcean: https://www.digitalocean.com/community/tutorials

Linode: https://www.linode.com/docs/


----------



## piratemouse (May 20, 2015)

sundaymouse said:


> These are the works you may have to pay others to do for you.
> 
> Otherwise, check existing tutorials.


I had a feeling about that. It was why I at least made the attempt to ask. I'd rather learn on my own, but sometimes ( as I have recently ) run into problems and don't know what the errors mean or even where to look them up. So I figured I'd take a chance and ask for help from experts out there.



telephone said:


> A good place to start is the DigitalOcean and Linode tutorials.
> 
> DigitalOcean: https://www.digitalocean.com/community/tutorials
> 
> Linode: https://www.linode.com/docs/


Thank you. Will give them a look. I'm sure I could figure it out as a lot of what I want to do has some good install guides, it just seems like I was always hitting some error somewhere and I tend to get frustrated with it too easily.


----------



## telephone (May 20, 2015)

piratemouse said:


> Thank you. Will give them a look. I'm sure I could figure it out as a lot of what I want to do has some good install guides, it just seems like I was always hitting some error somewhere and I tend to get frustrated with it too easily.


Check out the guides (and the comments) first, and if you're still stuck we'll do our best to help. Most people will be more willing to help with a specific problem, rather than instructing someone to setup a stack (especially if you've shown initiative).


----------



## MarkTurner (May 20, 2015)

Those most fundamental things:

1. Keep the system up-to-date with latest patches

2. Change the SSH port to something non-standard, its stops the neverending stream of brute force attacks

3. Disable root + password login and use SSH keys

4. Add something like Fail2Ban to block brute force attacks

5. Remove any unused daemons from the system, for example if you're not using the webserver, uninstall it


----------



## tonyg (May 20, 2015)

Some more tips:

learn shell scripting

learn to configure and run a FreeBSD server

don't launch a live production site until you feel comfortable in your abilities

use a local VM for initial testing before putting out in the wild

read, read, and more reading


----------



## piratemouse (May 20, 2015)

telephone said:


> Check out the guides (and the comments) first, and if you're still stuck we'll do our best to help. Most people will be more willing to help with a specific problem, rather than instructing someone to setup a stack (especially if you've shown initiative).


Thank you. I have been doing that. ( Reading, a lot actually. ) I think I realized today, with zero sleep in the last 24 or so hours, that I am / was trying to jump head first instead of taking one task at a time and learning it as I went.



tonyg said:


> Some more tips:
> 
> learn shell scripting
> 
> ...


*lol* I agree. I have a long way to go. I do plan, when the kids are gone for the summer here in a few short weeks, to pull and old computer out from the closet and see if I can't get a home server setup on it. Would give me a little to work on and learn. ( And not cost me anything )

Since I understand I should start slow. When it comes to control panels for this newbie ... what would one recommend? I found a list of some ( http://www.tecmint.com/web-control-panels-to-manage-linux-servers/) and I saw a few that looked interesting enough - but don't know the first thing on what I should be looking for.

As I mentioned earlier in my posts, my first goal, I guess, is to get a website ( Joomla ) and e-mail service up. The rest ( the IRC and gaming, etc ) can come as I take each one at a time. I was thinking either openPanel or Zpanel.

I have tried CentOS Web Panel, but it looked a bit complicated to me.


----------



## tonyg (May 21, 2015)

piratemouse said:


> As I mentioned earlier in my posts, my first goal, I guess, is to get a website ( Joomla ) and e-mail service up. The rest ( the IRC and gaming, etc ) can come as I take each one at a time. I was thinking either openPanel or Zpanel.
> 
> I have tried CentOS Web Panel, but it looked a bit complicated to me.


Forget using panels...learn to configure from the shell.

It's like learning to drive with an automatic transmission and never learning stick shift.


----------



## souen (May 21, 2015)

Securely protect the VPS

Setup the firewall or use an application like CSF. Combine with fail2ban or similar to help block brute-force connection attempts.

Install LEMP or LAMP

The DO and Linode articles should have you covered, but here's another older tutorial from LEB. mikho's LowEndGuide has some tips that may also be of interest. 

Connect my two domains, having one host a website ( Joomla )

If by connecting you mean having the domains hosted with the registrar and pointing it to your vps, check your registrar's help docs for instructions. After you've set up your web server's config file with your domain, you can create an A record and enter your vps IP address at your registrar's domain management panel. The domain record will look something like this: Namecheap article.

Never tried to set up the other services mentioned (only dabbled briefly with Joomla) so can't comment on them. Mail is another sizeable chunk to set up, but if you really want to give it a try, wlanboy has to get you going. I followed his guide and got a stack running (though skipping SpamAssassin/AV).

You could use a panel like Ajenti or VestaCP to manage running services (VestaCP in particular makes it easy to get a web server and basic mail accounts), but as others mentioned, learning to set it up manually first is helpful in the long run.

Welcome to the forum and have fun!


----------



## telephone (May 22, 2015)

piratemouse said:


> As I mentioned earlier in my posts, my first goal, I guess, is to get a website ( Joomla ) and e-mail service up. The rest ( the IRC and gaming, etc ) can come as I take each one at a time. I was thinking either openPanel or Zpanel.


Do *NOT* choose ZPanel!

@joepie91 can chime in with all the reasons not to  opcorn:


----------



## joepie91 (May 22, 2015)

telephone said:


> Do *NOT* choose ZPanel!
> 
> @joepie91 can chime in with all the reasons not to  opcorn:


Right. Avoid ZPanel and the Sentora fork. They're utterly broken from a security point of view. Have a look at my last interaction with them, or at how Rack911 gave up on Sentora...

Seriously, installing either of the two is practically a _guarantee_ that your server will be rooted.


----------



## HalfEatenPie (May 23, 2015)

Yeah... ZPanel/Sentora are definitely softwares I would never run on any of my servers. you use them, you will be rooted. Most of the time, their "reasoning" for all this is "we're doing for free, you should be happy you get something as 'polished' as this for free. You should help us be better then." Which... I totally get where they're coming from but... It's totally ridiculous. I'd be happy to contribute resources if it was for maybe a feature that would benefit not only myself but also the community, however basic code security should be given/expected. I'm not going to invest in resources supporting a team that is unable to code it right the first time around.


----------



## cloudcone (May 23, 2015)

I would +1 vestacp for a simpler control panel


----------

