Contents Introduction Features Configuration Instructions and Basic Setup Download To disable anonymous login and to enable local users login and give them write permissions: To chroot users To deny (or allow) just some users to login To allow just some users to login: TLS/SSL/FTPS Additional Options Apply new configuration settings Webmin Module Set pasv_min_port and pasv_max_port in /etc/vsftpd.conf and allow outbound connections in the ports you set in your firewall. Virtual users with TLS/SSL/FTPS and a common upload directory - Complicated VSFTPD The workshop Create The Virtual Users Database Sample output: Configure VSFTPD for virtual user Create a PAM File Which Uses Your New Database Append the following: Restart The FTP Server Test Your Setup Sample success output: Troubleshooting See Also

Author: By Etel Sverdlov About vsftpd The first two letters of vsftpd stand for "very secure" and the program was built to have strongest protection against possible FTP vulnerabilities. Step One—Install vsftpd You can quickly install vsftpd on your virtual private server in the command line: sudo apt-get install vsftpd Once the file finishes downloading, the VSFTP will be on your droplet. Generally speaking, it is already configured with a reasonable amount of security. However, it does provide access on your VPS to anonymous users.

Author: DigitalOcean Introduction One of the first lines of defense in securing your cloud server is a functioning firewall. In the past, this was often done through complicated and arcane utilities. There is a lot of functionality built into these utilities, iptables being the most popular nowadays, but they require a decent effort on behalf of the user to learn and understand them. Firewall rules are not something you want yourself second-guessing. To this end, UFW is a considerably easier-to-use alternative. What is UFW? UFW, or Uncomplicated Firewall, is a front-end to iptables. Its main goal is to make managing your firewall drop-dead simple and to provide an easy-to-use interface. It’s well-supported and popular in the Linux community—even installed by default in a lot of distros. As such, it’s a great way to get started securing your sever.

Author: LEB Have you ever wished you could monitor the performance of your server after the fact? Or did you ever want to get some statistics of your server, about it’s performance and the amount of resources used? Look no further: Munin is here! Munin is a resource monitoring tool that helps you monitor server performance and analyze problems after they happened. Munin uses RRDtools, a data logging and graphing system, for storing and displaying logged data. It’s plug and play and has over 500 plugins available. It’s open source and freely available. In addition to all that, it has networking capabilities so a monitoring master can hold the data for all nodes in a cluster (more on that next week). So, I’m going to show you how to set up and configure Munin on a single node and check those graphs. As usual, written for and tested on both CentOS and Ubuntu.

About LAMP LAMP stack is a group of open source software used to get web servers up and running. The acronym stands for Linux, Apache, MySQL, and PHP. Since the virtual private server is already running Ubuntu, the linux part is taken care of. Here is how to install the rest. Set Up The steps in this tutorial require the user to have root privileges on your VPS. You can see how to set that up in the?Initial Server Setup?in steps 3 and 4.

What the?Red?Means The lines that the user needs to enter or customize will be in?red?in this tutorial! The rest should mostly be copy-and-pastable. The Basics When you first begin to access your fresh new server, there are a few early steps you should take to make it more secure. Some of the first tasks required on a virtual private server can include setting up a new user, providing them with the proper privileges, and configuring SSH.

Why Run Nginx and Apache Together Both nginx and apache are powerful and effective servers. Apache currently reigns as the #1 server for websites and since its public release in 2006, nginx has taken the world by storm and is now the #2 server for active sites. The reasons for each respective server’s popularity are clear: apache’s power and nginx’s speed are well known. However, both servers do have drawbacks—apache is hard on server memory, while nginx (great at static files) needs the help of php-fpm or similar modules for dynamic content. However, one can combine the two web servers to great effect, with nginx as static web server front and apache processing the back end.

Author: DigitalOcean Introduction Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In addition to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections. CSF includes UI integration for cPanel, DirectAdmin and Webmin, but this tutorial only covers the command line usage. CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. It is configured to temporarily block clients who are detected to be attacking the cloud server.

Author: DigitalOcean Intro One of the commonly asked questions from our users is how to add another IP address to their server. You can assign your own private IP address to your droplet by creating a VPN tunnel. Whether you want to build your own Virtual Private Network (VPN), or assign an SSL certificate to that IP address, you have several options. From all of the possible options, the most optimal ones are between PPTP and OpenVPN. A Point-To-Point Tunneling Protocol (PPTP) allows you to implement your own VPN very quickly, and is compatible with most mobile devices. Even though PPTP is less secure than OpenVPN, it is also faster and uses less CPU resources.

Author: DigitalOcean Introduction This tutorial is aimed at teaching you how to write shell scripts for the most variety of purposes. Shell scripts can be used to run multiple commands, a single command with difficult and extensive arguments, or more user friendly interfaces for distributing your work. Essentially it makes your life easier by automating stuff you’d have to do manually without it.

August 24, 2013 @ 8:34 am, by Maarten Kossen In light of recent events, there’s been a lot of chatter about leaving free e-mail services in favor of self-hosted e-mail. With self-hosted e-mail you have the option to host your e-mail wherever you want it, either on a server at home or on a VPS. Even my friend from Bennet Office Technologies told me to switch to a privately managed server to host my website and email. There’s plenty of affordable options around to run your own mail server. I would personally recommend a Xen or KVM VPS for this, as with OpenVZ it is really easy for your provider to “snoop” on your e-mail. This is also possible with Xen or KVM, but it usually requires a reboot (which you will probably notice). I’ve used a 512MB Xen VPS for this tutorial. I’ve used “this much” memory because I want to run clamd and SpamAssassin in RAM. The server also has 45GB of disk space, which is more than enough to run a couple of big mailboxes on. You could do with less RAM (though that would increase the CPU load and slow down mail processing) and far less disk space (depending on your needs), but with “my” specs, you’re on the safe side.