How-To-Secure-A-Linux-Server
wireguard-install
Our great sponsors
How-To-Secure-A-Linux-Server | wireguard-install | |
---|---|---|
48 | 60 | |
16,701 | 3,601 | |
- | - | |
4.6 | 3.4 | |
14 days ago | 2 days ago | |
Shell | ||
Creative Commons Attribution Share Alike 4.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
How-To-Secure-A-Linux-Server
- An evolving how-to guide for securing a Linux server
- How to Secure a Linux Server
-
Should I set up my own server?
- own server costs about $5/month. I recommend using docker to deploy hbbr and hbbs. Back up the key in case you need to re-deploy. You do need to secure your Linux server, and this community-driven Github guide has some good tips to get started.
- How-To-Secure-A-Linux-Server: An evolving how-to guide for securing a Linux server.
-
Automating the security hardening of a Linux server
I have been using the How To Secure A Linux Server guide for quite a while and wanted to learn Ansible, so I created two playbooks to automate most of the guides content. The playbooks are still a work in progress.
-
Connecting to docker containers rarely work, including via Caddy (non docker) reverse proxy
If it works, I will then follow the hardening guide I did before (https://github.com/imthenachoman/How-To-Secure-A-Linux-Server) and test after every step
-
Resources to learn backend security from scratch
Maybe these two repos can help you, I've used them both from time to time to look up stuff I have no idea about as a frontend main: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server https://github.com/decalage2/awesome-security-hardening
- Time to start security hardening - been lucky for too long
-
Ask HN: How can a total beginner start with self-hosting
> In short it’s all about control, privacy, and security, in that order.
I am going to strongly urge you to consider changing that order and move *security* to the first priority. I have long run my own servers, it is much easier to setup a server with strong security foundation, than to clean up afterwards.
As a beginner, you should stick to a well known and documented Linux server distribution such as Ubuntu Server LTS or Fedora. Only install the programs you need. Do not install a windowing system on it. Do everything for the server from the command line.
Here are a few blog posts I have bookmarked over the years that I think are geared to beginners:
"My First 5 Minutes On A Server; Or, Essential Security for Linux Servers": An quick walk through of how to do basic server security manually [1]. There was a good Hacker News discussion about this article, most of the response suggests using tools to automate these types of security tasks [2], however the short tutorial will teach you a great deal, and automation mostly only makes sense when you are deploying a number of similar servers. I definitely take a more manual hands-on approach to managing my personal servers compared to the ones I professionally deploy.
"How To Secure A Linux Server": An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. [3]
Both Linode[4] and Digital Ocean[5] have created good sets of Tutorials and documentation that are generally trustworthy and kept up-to-date
Good luck and have fun
[1]: https://sollove.com/2013/03/03/my-first-5-minutes-on-a-serve...
[2]: https://news.ycombinator.com/item?id=5316093
[3]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
[4]: https://www.linode.com/docs/guides/
[5]: https://www.digitalocean.com/community/tutorials
-
Selfhosting Security for Cloud Providers like Hetzner
I suggest these resources: - Some fundamentals: https://www.cyberciti.biz/tips/linux-security.html - One of the best imho ( exhaustive list ): https://github.com/imthenachoman/How-To-Secure-A-Linux-Server - Ansible playbook to harden security by Jeff Geerling: https://github.com/geerlingguy/ansible-role-security - OAWSP Check list ( targeted for web apps... and honestly a bit overkill ): https://github.com/0xRadi/OWASP-Web-Checklist
wireguard-install
-
VPNs are being blocked
after that u can simply run this script https://github.com/Nyr/wireguard-install that helps you automatically install wireguard and create a config ( to add more configs just run it again ). This script also generates QR code that you can simply scan by ur phone
- What would be the best way to VPN into my pihole from my mobile phone while I am out of the home?
- Best VPN choice for internet streaming?
-
Certain websites refuse to load
I currently have WG set up on a Linode Ubuntu server (installed from https://github.com/Nyr/wireguard-install) with Pihole setup in the background. I have everything working just fine, except for some websites showing as "Page cannot be displayed". I've looked up in the subreddit and some have recommended changing the MTU (which I've tried on server/client), but that doesn't resolve the issue. In Pihole, it shows that it responds correctly. I did enable IPv6, but this happened before adding IPv6. Running curl from SSH to access the affected site, it tells me 301 Site moved permanently. Here's the server config:
-
OpenVPN client issues still
https://github.com/Nyr/wireguard-install
- Building Your Personal Openvpn Server: A Step-by-step Guide Using A Quick Installation Script
-
Developer wanting to start learning about homelab
As for the VPN: I always use this installer on a raspy pi (you can do this on a virtual machine): https://github.com/Nyr/wireguard-install But that is only because I hate having to set up keys.
- Racknerd or ethernetservers
- (newb question)Want to connect to Linux pC at home using NoMachine and SSH over the internet- what's the safest way to set this up?
-
Any actually useful uses for Raspberry Pi and alternative sbc?
So I got a Libre AML-S905X-CC (Le Potato) to play around with but all the ideas I see online are about emulating games, running a nas, running ad blocker, vpn server, 3d printer, website hosting. All these just seem like these would be better to run on an actual server or the ideas are lame, basic, and overused. I just want some useful things that only these single board computers can do to justify their purpose. I like stuff like the PiKVM or wireless usb like VirtualHere. The Arduino has their spot for robotics and what not, but what do SBC have to offer besides being small and broad purpose? Stuff like can I make it auto start my car in the morning, attached it to a pcie port on my pc, make a cellular wifi hotspot modem thing, make a smart tv, make a robot with AI, bypass wifi router settings, make a smart door deadbolt or smart window blinds, AI caht bots, transmit landline calls to the internet, drones with facial recognition, spy balloons, kiss under the bicycle racks in walmart, watch the rat movie that cooks food, ratatoot toot, overthrow the government? Those types of ideas are stuff I see as useful but also I want to look up later if those are something that exists already.
What are some alternatives?
authelia - The Single Sign-On Multi-Factor portal for web apps
Nebula - A scalable overlay networking tool with a focus on performance, simplicity and security
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
openvpn-install - Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
setup-ipsec-vpn - Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
PowerDNS - PowerDNS Authoritative, PowerDNS Recursor, dnsdist
Netmaker - Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
LinuxGSM - The command-line tool for quick, simple deployment and management of Linux dedicated game servers.
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
PeerTube - ActivityPub-federated video streaming platform using P2P directly in your web browser