The Why:
While a dedicated home lab provides an excellent environment for consistent and controlled testing, there are inherent limitations that often necessitate moving experiments into a more realistic, "real-world" operating condition. This requirement for external, live-environment testing prompted me to explore options for online Linux servers.My search for a reliable platform led me to YouTube, specifically to the highly informative channel, https://www.learnlinux.tv/. This channel, known for its practical advice on open-source technologies, provided a strong recommendation for Linode (https://www.linode.com/) as a premier cloud hosting provider.
After reviewing their offerings and the positive community feedback, I made the decision to sign up. A significant factor in this choice was their generous promotional offer: a $100.00 credit. This credit is substantial, as it effectively covers the cost of a basic server plan for approximately four months. This allowance provides ample time to conduct extensive testing, familiarize myself with the cloud environment, and execute the real-world condition simulations that my home lab setup simply couldn't replicate. The move to Linode represents a valuable step in expanding the scope and of my technical skills.
- 2 CPU Cores (Shared CPU)
- 80 GB Storage
- 4 GB RAM
- Network (4 GB available pool)
- Firewall
- Ubuntu Server
Starting the build:
My initial steps in setting up the new Linode server were heavily focused on establishing a robust security posture and an efficient storage architecture. The foundational security measure I implemented was full-disk encryption, utilizing the available Linode tools to encrypt the entire 80GB block storage device. This was a critical step to ensure data security at rest, protecting all sensitive information and project files even if the physical media were compromised.
Following the encryption, I addressed the storage layout. The 80GB drive was logically partitioned into two distinct volumes. One partition was specifically designated for active project files and the core operating system, while the second partition was reserved exclusively for automated backups and archival data. This segregation is vital for maintaining data integrity and simplifying recovery procedures. Linode's straightforward interface and comprehensive documentation made the setup and configuration of this block device partitioning process remarkably smooth.
Note: Keeping your system updated is critical to ensure that security issues are patched. I would recommend it, especially on a headless server running auto updates.
Run:
sudo apt-get install unattended-upgrades
sudo apt-get install unattended-upgrades
The final phase of this initial configuration involved a comprehensive overhaul of the system's network-facing services and firewall rules. Recognizing that default settings are often the first target for attackers, I significantly hardened the system:
Port Obfuscation: The default ports for all remote management services, such as SSH, were changed to non-standard ports. This simple measure dramatically reduces the noise from automated port scanning bots.
Principle of Least Privilege: I meticulously adjusted the firewall rules to adopt a "deny all by default" posture. Only the necessary ports for active services were explicitly opened, and even those were often restricted by source IP address where possible.
Service Deactivation: Furthermore, remote tools and administrative services that are not in constant use are configured to be disabled by default. They are only temporarily enabled on an as-needed basis, significantly minimizing the system's attack surface during periods of inactivity.
Doing the thing:
Now that all the prerequisites are in place, I can proceed with the build, AKA the fun part.
I began setting up a web server by configuring Apache, registering the domain, and linking DNS services via Cloudflare. Establishing a robust and dependable server environment from the outset is vital for ensuring accessibility, reliability, and effective management.
To kick off, I carefully set up Apache HTTP Server, chosen because of its long-standing reputation as a dependable, versatile, and open-source web server platform. This involved configuring virtual hosts, tweaking performance settings, and ensuring all the necessary modules were enabled for the app I planned to run.
To establish an online presence alongside the web server, I took two key steps:
Domain Registration: The unique domain name was successfully registered, securing the server's primary web address and brand identity.
DNS Integration with Cloudflare: The Domain Name System (DNS) was integrated via Cloudflare to manage name server records and enhance performance and security. Cloudflare's benefits include:
Performance: A global Content Delivery Network (CDN) caches static assets, reducing latency.
Security: Provides protection against threats like DDoS attacks and offers a Web Application Firewall (WAF).
Management: Centralizes DNS control for traffic routing and subdomains.
The initial combination of Apache and Cloudflare's networking and security has established a strong, scalable foundation for the entire project. Even in these early stages, unwelcome visitors attempted to gain access. The quick, eye-opening insights from the reporting tools prompted me to immediately strengthen security. By implementing country blocking and other protective measures, I was able to keep everything safe and effectively repel the unauthorized attempts.
This was such a fun project! It really took me back to the early days of setting up a server and hosting your own site, which was always an exciting experience. I can’t wait to see where this journey will take me next.