Good morning Fedi friends!
π All I want for Christmas is: checking off every item in my #VPS setup to do list without breaking anything π
Buying a VPS, installing YunoHost, changing DNS records and installing #GoToSocial was SUPER EASY. These next tasks: not so much, despite all the articles I've been reading and videos I watched. As always, wish me luck!
P.S.: Santa I promise I was good this year
Special thanks to @mkj and @st3fan for the superb recommendations
abeltramo
in reply to Elena Rossini β • • •Having everything as a configuration file is definitely helpful when you access the server again in 3 months, and you forgot which commands you have executed π
Elena Rossini β
in reply to abeltramo • • •@abeltramo follow-up question: my VPS provider has a super cheap plan for daily backups (like, 2 Euros a month).
Being a total newbie, it would be super easy to set up.
My VPS is only to test #GoToSocial and #YunoHost, doesn't have any critical information on it at all. If I lose all the data, that's not too big of a deal.
I am a big fan of the 3-2-1 backup system but in this case my VPS' daily backup will do I think. Thoughts?
abeltramo
in reply to Elena Rossini β • • •Software can be re-downloaded, just store the required config files and steps to install in a note somewhere else (and possibly back that up!).
Elena Rossini β
in reply to abeltramo • • •abeltramo
in reply to Elena Rossini β • • •ralf tauscher :FreiburgSocial:
in reply to Elena Rossini β • • •Elena Rossini β
in reply to ralf tauscher :FreiburgSocial: • • •@stereo excellent point Ralf, thank you!
I don't have any critical information stored in my VPS so I think I may rely on that... setting up Borg is beyond my current skillset (aka no coding skills whatsoever LOL)
Elena Rossini β
in reply to Elena Rossini β • • •@stereo follow-up question Ralf:
I noticed YunoHost says this: "In YunoHost context, direct 'root' SSH login is by default disabled" - is this why I'm unable to log in to my VPS from my Mac's Terminal? Even if I use the correct command and password? I keep getting "permission denied" or something even though I didn't disable remote root access
ralf tauscher :FreiburgSocial:
in reply to Elena Rossini β • • •Dr. Daniel Dizdarevic
in reply to Elena Rossini β • • •@stereo I'm a bit late, but yes, you're right. YunoHost disables root login by default if it maintains the file /etc/ssh/sshd_config (this is a setting during setup). The corresponding line is "PermitRootLogin no".
However, the YunoHost admin account that you've created during setup and that you use to log into the web interface is also the one that is allowed to use SSH. For example, if your admin username is called "elena", the command "ssh elena@..." should work.
Elena Rossini β
in reply to Dr. Daniel Dizdarevic • • •@daniel @stereo thank you for the explanation!
Quick follow-up question:
Wordpress security plugins allow you to change your login URL to anything you want / something difficult to guess to prevent brute force attacks.
And you could lock out people who use the wrong username OR password even just once.
Is there something like this for YunoHost? I donβt like that my domain name redirects immediately to the YunoHost login page π₯
Dr. Daniel Dizdarevic
in reply to Elena Rossini β • • •@stereo I'm not a YunoHost expert. In fact, you're the one who inspired me to look into it and migrate my own server from doing everything myself to YunoHost π .
As far as I can see, it is not intended to change the URL of the admin interface. However, YunoHost uses fail2ban to protect the server and applications against brute force attacks. fail2ban is probably the most important tool for self-hosting:
github.com/fail2ban/fail2ban
It's also quite easy to extend this to other logins.
GitHub - fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errors
GitHubDr. Daniel Dizdarevic
in reply to Dr. Daniel Dizdarevic • • •@stereo A few more things you can check off your list:
* YunoHost sets firewall rules. You can check the rules in the web interface under "Tools -> Firewall". By default, only the ports that YunoHost needs are accessible.
* YunoHost shows all available updates under "System Update". You can and should install them as soon as possible as there is no risk of breaking anything. Most updates do not require a reboot, but you can do this under "Tools -> Shutdown/Reboot".
YunoHost is great π
Elena Rossini β
in reply to Dr. Daniel Dizdarevic • • •@daniel thank you Daniel ! I ran the system update today for the first time and it was so effortless (but first I backed up everything with YunoHostβs superb backup feature - as recommended by @stereo)
I have nothing but WONDERFUL things to say about YunoHost π
Kit Ling Blackmore
in reply to Elena Rossini β • • •