1. Secure connection to the remote server [0:49]
2. Prepare server for hosting [5:39]
3. Install Nginx, Configure DNS & FirewallD [13:57]
4. Set up https with Let’s Encrypt SSL Certificate [19:52]
5. Set up an FTP server for remote file upload [26:50]
6. Configure secure FTP server (SFTP) [33:50]
Before setting a Linux server, RSA key needs to be generated to secure connection from my local machine to the remote server. On Windows, PuttyGen is handy for this task. I am generating a new RSA key by continually moving my mouse until it’s complete. This RSA key is 2048 bits.
This key is required to secure connections. I manually save the generated key into an RSA key file. It seems to work better than the built-in save. After that, I add this key to DigitalOcean dashboard. Now, I can create a new droplet on the cloud platform. I choose CentOS Linux for this tutorial.
When the droplet is live, I can connect to the remote server. This tutorial uses Putty SSH client for demonstration. Now, CentOS server is running in its default configuration. There are a few things to do. First, I update this server and install some packages.
Next, I create a new user account. This user needs to be in the group “wheel” so that it has root access by using sudo or su command. Finally, root login is disabled from SSH clients. I am testing the login to see if permission is configured correctly.
To host a website, we need a web server running on this Linux instance. Even though there are more advanced ways to install and configure web servers, I am going to make this tutorial simple and easy to follow.
I am installing a prebuild nginx package from a stable version repository. The “nginx.repo” file needs to be created and supplied the correct settings.
The domain name needs to map to this server public IP address. In this video, I am showing how to manage DNS records with Namecheap and DigitalOcean dashboards.
In the Namecheap dashboard, I set up NS records to delegate DNS management to DigitalOcean dashboard. Then, I can create A record and CNAME record. A record is mapped to the public IPv4 address of the remote server on DigitalOcean cloud platform.
Note that updating DNS records can take up to 24 hours. In most cases, the changes take less than 1 hour. To see if everything is working well, I am testing the domain mapping with the browser. If the mapping is not yet updated, it displays an error message.
Now we have a working domain, but this website is not secure yet. I am going to show how to configure https with Letencrypt. On Letencrypt website, there are some instructions to integrate free SSL certificate into our Linux web hosting. There is a small tool called “certbot”, which can be used to automate SSL configuration from command line console.
I make manual adjustments to nginx config files. These changes not only help to redirect the website, but also make SSL work when you host multiple websites in a single server instance.
Until now, we have a working website with http2 protocol and SSL certificate on standard port 443. However, there is no secure FTP server for file transfer yet.
Let’s begin by installing an insecure FTP server. Then, we upgrade it to secure FTP server. Insecure FTP server runs on port 21, and the secure FTP server runs on port 22 by default.
After installing the vsftp package, there are some settings required to change manually. We need to configure firewall rules, directory permission and create a new FTP user account.
To see if the insecure FTP server works, I do quick testing with FileZilla FTP client. I also upload a file to the CentOS server. Let’s move on to SFTP configuration. I am going to use previous RSA key to set up. We need an FTP access group to authorize FTP users.
RSA key must be added to an authorized key file in “.ssh” directory of FTP user. The permission has to be set correctly to allow FTP clients to connect to this FTP server. On top of that, there are some settings to change in the sshd config file.
FTP clients need to supply the private key file when it connects to the FTP server. You should keep this key file in a safe location. Note that this key file is also needed to authorize other machines in the future.
I am testing SFTP with FileZilla and upload a file to see if my settings work correctly. Before finishing this video, I show you how to synchronize files between FTP folder and the website root directory.
** Links to background musics of this video
– Midnight Stroll by Ghostrifter Official
– We Are One by Vexento
– Electro-Light – Symbolism [NCS Release]
– JPB – High [NCS Release]
– Flying High by FREDJI
– Music promoted by Audio Library