How-To-Secure-A-Linux-Server
watchtower
Our great sponsors
How-To-Secure-A-Linux-Server | watchtower | |
---|---|---|
48 | 215 | |
16,701 | 16,821 | |
- | 3.2% | |
4.6 | 8.4 | |
15 days ago | about 1 month ago | |
Go | ||
Creative Commons Attribution Share Alike 4.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
How-To-Secure-A-Linux-Server
- An evolving how-to guide for securing a Linux server
- How to Secure a Linux Server
-
Should I set up my own server?
- own server costs about $5/month. I recommend using docker to deploy hbbr and hbbs. Back up the key in case you need to re-deploy. You do need to secure your Linux server, and this community-driven Github guide has some good tips to get started.
- How-To-Secure-A-Linux-Server: An evolving how-to guide for securing a Linux server.
-
Automating the security hardening of a Linux server
I have been using the How To Secure A Linux Server guide for quite a while and wanted to learn Ansible, so I created two playbooks to automate most of the guides content. The playbooks are still a work in progress.
-
Connecting to docker containers rarely work, including via Caddy (non docker) reverse proxy
If it works, I will then follow the hardening guide I did before (https://github.com/imthenachoman/How-To-Secure-A-Linux-Server) and test after every step
-
Resources to learn backend security from scratch
Maybe these two repos can help you, I've used them both from time to time to look up stuff I have no idea about as a frontend main: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server https://github.com/decalage2/awesome-security-hardening
- Time to start security hardening - been lucky for too long
-
Ask HN: How can a total beginner start with self-hosting
> In short it’s all about control, privacy, and security, in that order.
I am going to strongly urge you to consider changing that order and move *security* to the first priority. I have long run my own servers, it is much easier to setup a server with strong security foundation, than to clean up afterwards.
As a beginner, you should stick to a well known and documented Linux server distribution such as Ubuntu Server LTS or Fedora. Only install the programs you need. Do not install a windowing system on it. Do everything for the server from the command line.
Here are a few blog posts I have bookmarked over the years that I think are geared to beginners:
"My First 5 Minutes On A Server; Or, Essential Security for Linux Servers": An quick walk through of how to do basic server security manually [1]. There was a good Hacker News discussion about this article, most of the response suggests using tools to automate these types of security tasks [2], however the short tutorial will teach you a great deal, and automation mostly only makes sense when you are deploying a number of similar servers. I definitely take a more manual hands-on approach to managing my personal servers compared to the ones I professionally deploy.
"How To Secure A Linux Server": An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. [3]
Both Linode[4] and Digital Ocean[5] have created good sets of Tutorials and documentation that are generally trustworthy and kept up-to-date
Good luck and have fun
[1]: https://sollove.com/2013/03/03/my-first-5-minutes-on-a-serve...
[2]: https://news.ycombinator.com/item?id=5316093
[3]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
[4]: https://www.linode.com/docs/guides/
[5]: https://www.digitalocean.com/community/tutorials
-
Selfhosting Security for Cloud Providers like Hetzner
I suggest these resources: - Some fundamentals: https://www.cyberciti.biz/tips/linux-security.html - One of the best imho ( exhaustive list ): https://github.com/imthenachoman/How-To-Secure-A-Linux-Server - Ansible playbook to harden security by Jeff Geerling: https://github.com/geerlingguy/ansible-role-security - OAWSP Check list ( targeted for web apps... and honestly a bit overkill ): https://github.com/0xRadi/OWASP-Web-Checklist
watchtower
-
My deployment platform is a shell script
Related: https://github.com/containrrr/watchtower
- PSA - Run "docker image prune" once in a while.
-
Roundcube Open-Source Webmail Software Merges with Nextcloud
> if you're using the docker image, upgrades are a breeze. Just bump the tag on the image, redeploy, and you're done.
Or you could just run Watchtower beside it and it will automatically update your docker containers. https://github.com/containrrr/watchtower If you are OK with automated updates.
-
The Curse of Docker
So i primarily use containers on my local machine walled off from the internet, so it's not a big concern for me. Watchtower [1] is popular among home server users too which automatically updates containers to the latest image.
For production uses I think companies generally build their own containers. They would have a common base linux container and build the other containers based off that with a typical CI/CD pipeline. So if glibc is patched, it's probably patched in the base container and the others are then rebuilt. You don't have to patch each container individually, just the base. Production also minimizes the scope of containers with nothing installed except what's necessary so they have few dependencies.
[1] https://github.com/containrrr/watchtower
-
Ask HN: If you were to build a web app today what tech stack would you choose?
You can use Watchtower (https://containrrr.dev/watchtower/) that solves problem of manual pulling on VPS.
-
Running watchtower weekly or whenever new image is available
I checked https://containrrr.dev/watchtower/ and Arguments, but I don't understand where to attach that using portainer.
-
Long Term Ownership of an Event-Driven System
Again, there are options to automate some of the burden here by using tools such as Watchtower.
-
Updating Docker Apps automagically with Watchtower✨🐳
Have you ever deployed a Docker app on a server, but everytime you push a new version of your image to a Docker registry you need to manually restart your app? If you want to automate this restarting, this blog post is for you! I am now going to show you how you can do this with literally 1 simple command using Watchtower!
- Plex Docker Saved me
- Watchtower updates
What are some alternatives?
authelia - The Single Sign-On Multi-Factor portal for web apps
ouroboros - Automatically update running docker containers with newest available image
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
Diun - Receive notifications when an image is updated on a Docker registry
docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
Portainer - Making Docker and Kubernetes management easy.
PowerDNS - PowerDNS Authoritative, PowerDNS Recursor, dnsdist
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
whats-up-docker - What's up Docker ( aka WUD ) gets you notified when a new version of your Docker Container is available.
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
shepherd - Docker swarm service for automatically updating your services whenever their image is refreshed