It’s an article to note some problems when building my VPS. It has been a long time since the last time I use similar tools. But now I am home - So .. for a more convenient working env!
Since I have a special affection for Ubuntu. So I created a Ubuntu system as my server. When I tried to yam there I got a not found. Turn out that yam is only belong to CentOS. (It can be installed in Ubuntu but a little complex) This is the first time I know this.😇
And I got 3035 failed login attempt during my dinner.. whatt happend!! I think I need to configure a SSH to make it more secure. Beacuse this is so scary…
I referred to the Digital Ocean’s tutorial[1] to config one!
Basically first make it only allow login with specific username in specific port number.
When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for 2 reasons: 1) it prevents the user from making any system-destroying mistakes 2) it stores all the commands run with sudo to the file ‘/var/log/secure’ which can be reviewed later if needed.
After setting a new port, I got a ‘Connection timed out’ when ssh to my server with ssh -p [PORT] [USERNAME]@[IP_ADDRESS]. AND! Also with ssh [USERNAME]@[IP_ADDRESS]! Which means the default port also becomes unconnectable.
The problem is: edit the configuration file is not enough. We also need to update the iptables! And also remember to save and restart it!
This Operation: flush make me confuse for a little more while.
Flush when complete the sshd_config update.
sudo vi /etc/ssh/sshd_config
# Edit the config file
service sshd reload
Then also need to flush after saving your iptables.
# iptables -A INPUT -p tcp --dport 2333 -j ACCEPT
sudo iptables-save > /etc/sysconfig/iptables
service iptables restart
Even when you see your updates in iptables -L -n - it doesn’t means the port can now be accessd.
To automate the restore at reboot CentOS offers a system service by the same name, iptables. However, it does not come in the default configuration and needs to be installed manually. So when I try to service iptables save, only to find ‘The service command supports only basic LSB actions’ before I install that cuz some tutorial use it without consciousness. Thanks to UpCloud’s article[2] for telling me this.
Some cmd needed:
Show iptables:
iptables -L -n
Add firewall rules:
iptables -A INPUT -p tcp --dport 2333 -j ACCEPT
Saving iptables:
sudo iptables-save > /etc/sysconfig/iptables
Then I can finally use my port to ssh my server.
Using Trojan have to open HTTP port 80 & HTTPS 443.
Similarly, RHEL/CentOS version 6.x or above can:
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
BTW, after service iptables restart the iptables -L -n will show nothing. But things will still be saved in config file.
Iptables rules will no longer be implemented by default, so a reboot will result in them disappearing. You can then simply restore the saved rules by reading the file you saved.
# Overwrite the current rules
sudo iptables-restore < /etc/sysconfig/iptables
# Add the new rules keeping the current ones
sudo iptables-restore -n < /etc/sysconfig/iptables
# I saved them in /etc/my-iptables-rules
iptables-save > /etc/my-iptables-rules
So a regular rule can be add into /etc/rc.local:
iptables-restore -n < /etc/my-iptables-rules
that prevent me from restore it every time reboot the server.
Point domain to my VPS have several options[3], I chose to add 2 A records (@ & www) pointing to my VPS IP.
When running an install shell script, I found Trojan can not read its config.json…
After checking the log, I simply chmod the permissions of the whole folder since I am the only user of my server.
sudo chmod -R 777 foldername
-R means recursively. So everything inside can be accessed.
Also need to do this one day.
[1] Initial Server Setup with CentOS 6 - https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-6
[2] How to configure iptables on CentOS - https://upcloud.com/resources/tutorials/configure-iptables-centos
[3] https://support.hostinger.com/en/articles/1583227-how-can-i-point-domain-to-my-vps