In this article, we will denote the security best practices for 2020 and beyond. Because security is such a challenging subject for many, it often goes unheeded, and as such, many are caught unaware when an issue arises. By following these best practices, you can significantly lower your risk of being compromised by a malicious actor.Continue reading “Top 15 Server Security Practices for 2020”
In this article, we will learn how to switch a Linux firewall from IPtables to nftables on Ubuntu. IPtables, which is based on the Linux kernel Netfilter module, is currently the default firewall for many Linux distributions. It protects against multiple threat vectors and allows your server to block unwanted traffic based on a specific ruleset.Continue reading “How To Install nftables In Ubuntu”
Reading Time: < 1 minute
- These instructions are intended specifically for enabling and starting Firewalld CentOS 7.
- I’ll be working from a Liquid Web Self Managed CentOS 7 server, and I’ll be logged in as root.
Reading Time: 9 minutes
What is Puppet?
In this tutorial, we will install Puppet on a Ubuntu 18.04 server. Puppet is an open core, server based, task management type of automation software that is primarily used to limit your interactions for many of the mundane, day to day server tasks that used to require personal intervention.
This software allows you as the server owner to delegate specific functions to the software, thereby freeing you up for more critical business efforts. Puppet is a master/client based system that can interact with both Windows and Linux servers. The Puppet master server is run from a Linux server (a small downside given the time and effort it will save in the long run) but, can control efforts on other server types as well.
Continue reading “Install Puppet on Ubuntu 18.04”
Reading Time: 5 minutes
What is cPanel?
cPanel is a server control panel which allows users the ability to access and automate server tasks and, provides the tools needed to manage the overall server, their applications, and websites. Some features include the capability to modify php versions, creating individual cPanel accounts, adding FTP users, installing SSL’s, configuring security settings, and installing packages to name a few. cPanel and WHM have a vast range of customizations and configurations that can be completed to further personalize your platform specifically for your needs. It also includes 24/7 support from cPanel as well.
Reading Time: 4 minutes
What is a Firewall?
Broadly speaking, a firewall is part of a network or server that is designed to restrict potentially malicious and unauthorized access to the hardware while still allowing outward communication from the network or server.
There are two types of firewalls; physical hardware firewalls which are devices that connect to the destination server and stop traffic from passing to it and, software-based firewalls that run on a server and filter/reject connection attempts. In both cases, the firewall is at its core, a security measure meant to protect your data from unauthorized access. Today, we are going to review how to install CSF Firewall on a Ubuntu server
Reading Time: 4 minutes
What is Puppet?
Puppet is an intuitive, task-controlling software which provides a straightforward method to manage Linux and Windows server functions from a central master server. It can perform administrative work across a wide array of systems that are primarily defined by a “manifest” file, for the group or type of server(s) being controlled.
Reading Time: 5 minutesThis guide will walk you through the steps for setting up a firewall using iptables in Ubuntu 16.04. We’ll show you some common commands for manipulating the firewall, and teach you how to create your own rules.
Reading Time: 4 minutesWhen looking to host web sites or services from a Windows server, there are several options to consider. It is worth reviewing the strengths and weaknesses of each server type to determine which one is most likely to meet your particular needs before you spend the time installing and configuring a web service.
Some of the most common web servers available for Windows services are Tomcat, Microsoft IIS (Internet Information Services), and of course the Apache server. Many server owners will choose to use a control panel which manages most of the common tasks usually needed to administer a web server such as e-mail and firewall configuration.
At LiquidWeb, that option means you’re using one of our Fully Managed Windows Servers with Plesk. Alternately, some administrators who need more flexibility choose one of our Core or Self-Managed Windows Servers. This article is intended for the latter type of server with no Plesk (or other) server management control panel.
This guide was written for a 64-bit Windows server since a modern server is more likely to utilize that platform. There are also a few potential issues with Apache on a Win32 systems (non 64-bit) which you should be aware of and can be reviewed here.
While there are several mirrors to choose from for downloading the pre-compiled Apache binaries for windows, we’ll be using ApacheHaus for our purposes.
(This is the 64-bit version with OpenSSL version 1.1.1a included). If you would like to utilize an alternate version they are listed here:
Install Apache on Windows
We will assume that you have installed all the latest available updates for your version of Windows. If not, it is very important to do so now to avoid unexpected issues. These instructions are specifically adapted from the directions provided by ApacheHaus where we obtained the binary package. You may find the entire document in the extracted Apache folder under the file “readme_first.html”.
Visual C++ Installation
Before installing Apache, we first need to install the below package. Once it has been installed, it is often a good idea to restart the system to ensure any remaining changes requiring a restart are completed.
- Download the Visual C++ 2008 Redistributable Package and install it. It is located here.
- Restart (optional but recommended).
- Extract the compressed Apache download. While you can extract it to any directory it is a best practice to extract it to the root directory of the drive it is located on (our example folder is located in C:\Apache24). This is the location we will be using for these instructions. Please note that once installed you can see Apache’s base path by opening the configuration file and checking the “ServerRoot” directive).
- Open an “Administrator” command prompt. (Click the Windows “Start” icon, then type “cmd”. Right-click the “Command Prompt” item which appears, and select “Run As Administrator.”)
- Change to the installation directory (For our purposes C:\Apache24\bin).
- Run the program httpd.exe.
- You will likely notice a dialogue box from the Windows Firewall noting that some features are being blocked. If this appears, place a checkmark in “Private Networks…” as well as “Public Networks…”, and then click “Allow access.”
- As noted in the ApacheHaus instructions:
“You can now test your installation by opening up your Web Browser and typing in the address: http://localhost
If everything is working properly, you should see the Apache Haus’ test page.“
To shut down the new Apache server instance, you can go back to the Command Prompt and press “Control-C”.
- Now that you have confirmed the Apache server is working and shut it down, you are ready to install Apache as a system service.
- In your Command Prompt window, enter (or paste) the following command:
httpd.exe -k install -n "Apache HTTP Server"
Installing the 'Apache HTTP Server' service
The 'Apache HTTP Server' service is successfully installed.
Errors reported here must be corrected before the service can be started.
(this line should be blank)
- From your Command Prompt window enter in the following command and press ‘Enter.’
Look for the service “Apache HTTP Server.” Looking towards the left of that line you should see “Automatic.” If you do not, double-click the line and change the Startup Type to “Automatic.”
- Restart your server and open a web browser once you are logged back in. Go to this page in the browser’s URL bar: http://localhost/
Configure Windows’ Firewall
To allow connections from the Internet to your new web server, you will need to configure a Windows Firewall rule to do so. Follow these steps:
- Click the “Windows Start” button, and enter “firewall.” Click the “Windows Firewall With Advanced Security” item.
- Click “New Rule” on the right-hand sidebar.
- Select “Port,” and click Next. Select the radio button next to “Specific remote ports:” Enter the following into the input box: 80, 443, 8080
- Click Next, then select the radio button next to “Allow the connection.”
- Click Next, ensure all the boxes on the next page are checked, then click Next again.
- For the “name” section enter something descriptive enough that you will be able to recognize the rule’s purpose later such as: “Allow Incoming Apache Traffic.”
- Click “finish.”
- Try connecting to your server’s IP address from a device other than the one you are using to connect to the server right now. Open a browser and enter the IP address of your server. For example http://192.168.1.21/. You should see the test webpage.
- For now, go back to the windows firewall and right-click the new rule you created under the “Inbound Rules” section. Click “Disable Rule.” This will block any incoming connections until you have removed or renamed the default test page as it exposes too much information about the server to the Internet. Once you are ready to start serving your new web pages, re-enable that firewall rules, and they should be reachable from the Internet again.
That’s it! You now have the Apache Web Server installed on your Windows server. From here you’ll likely want to install some Apache modules. Almost certainly you will need to install the PHP module for Apache, as well as MySQL. Doing so is beyond the scope of this tutorial; however, you should be able to find a variety of instructions by searching “How to Install PHP (or other) Apache module on Windows server,” or similar at your favorite search engine.
Reading Time: 5 minutesAfter spinning up a new Ubuntu server you may find yourself looking for a guide of what to do next. Many times the default setting do not provide the top security that your server should have. Throughout this article, we provide you security tips and pose questions to help determine the best kind of setup for your environment.