by: Linux/Unix Raspberry Pi Web

You can do all of these things with your VPS (Virtual Private Server) at the same time for just $5/month on Linode or DigitalOcean (1 CPU, 1GB RAM, 25GB HD, and 1TB Traffic). Consider reviewing this safety list for some popular services:

  • SSH
    • Since this service provides anyone full control to your server remove root access and make sure only your user can access it. When adding the rule in the firewall prefer to use “limit” instead of “allow” for SSH. Another important security feature is creating a Key for the SSH connections (will deny connections if an IP address attempts to initiate 6 or more connections within 30 seconds).
  • Firewall
    • As soon as you get into your new server enable the firewall but remember to add the rules to permit SSH, causing you to be locked out of your system.
      • UFW and Shorewall Cheat Sheet [Read It]
  • VPN
    • Instead of paying for a VPN service or rely on free services that can be slow or not safe for your secure transactions, you can create your VPN server. Be wise when deciding what type of VPN you are going to use, I recommend OpenVPN. Don’t forget to allow the VPN port in your firewall. Some services you can only allow in the firewall for the devices in the same VPN network, for example, NFS, Samba or FTP. Don’t leave them public unless it is necessary.
  • HTTP
    • Make your personal or professional website and share content about anything you want. How about a blog about your hobby? For beginners I recommend do install a LAMP which is a package of Apache+MySQL+PHP. But as soon as you open the port in your firewall make your webserver secure with SSL/TLS so you can be free to enter credentials from anywhere to authenticate in your websites. WordPress is an amazing platform for websites, blogs, etc.
  • Mail Server
    • It is essential to have set and running an SMTP server, at least to get notifications from your system, but also to make possible your web application, such as WordPress or FileRun able to sent you one e-mail to change passwords, for example.
  • FTP
    • Keep your files accessible from anywhere under authentication or just public. As FTP is not encrypted I strongly recommend the same SSL/TLS that you may have created for your HTTP server. Or for your only usage, keep it inside your VPN when creating the rule in the firewall.
  • Database
    • MySQL and MariaDB are high-performance database services that are essential for pretty much any decent web application. Remember to allow only the users to access from ‘localhost’ and create a different user and database for each application.
  • Webmin
    • A friendly web interface to manage your server. After installed nothing else has to do anything. You will see that it already encrypts the data by default. The inconvenience is the message saying that the browser did not found the certificate. To fix this issue upload the same certification that you created for your HTTP server.
  • FileRun
    • This web application makes you able to access your files, download, and upload from any browser. You should only this functionality only if you did the SSL/TLS for your web server and I recommend to do not use the same credentials for this access that you would use for SSH, for example.
  • Personal Cloud
    • NextCloud is similar to DropBox or Google Drive, but you have total control of your files and a lot of space. It also has support for Android and iOS and supports multiple users. NextCloud is a heavy application for 1CPU and 1GB of RAM. Work fine, but as you demand more from your server you may need more hardware for it. 
  • Run Scripts Periodically
    • Run in the background your scripts every so much time or in specific times. Prefer to run your scripts with a different user, not as root.
  • Configure the System Control
    • There are configurations you can do in your system control such as disabling ping responses and functionalities that only routers should do (if your server does not route traffic).
  • Prevent Hot-Links on Apache
    • It will prevent people from use images from your website on their pages, which could increase the CPU and Network usage on your server.
      • Prevent Hot-Links on Apache [Read It]
  • Flush Public DNS
    • Whenever you make changes to your DNS records it might take up to 24h to propagate to the whole internet, so a great tip is to request the major public DNS servers to flush/purge the cache of your domain or particular an A or MX record:
  • Free Email Forwarder (MX)
    • It is possible to redirect any email sent to you domain to a free domain account such as GMail or HotMail. Here are some companies that offer email forwarding for free: