Self Host 101 - Set up and Secure Your Own Server
Vložit
- čas přidán 2. 06. 2024
- In this video, CJ shows you how to configure and lock-down a Virtual Private Server running Ubuntu 22.04. With this base VPS setup, you can begin hosting your own apps and services. This is the first part in a series on self hosting.
00:00 Intro
00:59 The What and Why of Virtual Private Servers
03:22 Connect to your VPS with SSH
05:14 Update package lists and Upgrade packages
09:16 Change root password
09:56 Create non-root user
13:08 Login with SSH Key
15:19 Disable Password Login
17:36 Disable root login
18:25 Network and Firewall Policy
19:11 Closed unused ports
20:15 Change default SSH port
21:31 Restrict port access to a specific IP
22:29 Enable and configure automatic updates
24:38 Thanks!
------------------------------------------------------------------------------
Listen to Syntax episode 615 - syntax.fm/show/615/where-shou...
Watch Syntax episode 730 - • Host your own Vercel
Listen to Syntax episode 730 - syntax.fm/show/730/own-your-o...
Github - generate an SSH key - docs.github.com/en/authentica...
XKCD 149 - xkcd.com/149/
unattended-upgrades reference - github.com/mvo5/unattended-up...
------------------------------------------------------------------------------
Terms and Topics Covered:
Terminal Emulator - en.wikipedia.org/wiki/Termina...
SSH - Secure Shell - en.wikipedia.org/wiki/Secure_...
VPS - Virtual Private Server - en.wikipedia.org/wiki/Virtual...
Brute Force Attack - en.wikipedia.org/wiki/Brute-f...
Exploit - en.wikipedia.org/wiki/Exploit...)
Vulnerability - en.wikipedia.org/wiki/Vulnera...)
Self Hosting - en.wikipedia.org/wiki/Self-ho...)
Media Server - en.wikipedia.org/wiki/Media_s...
PaaS - Platform as a service - en.wikipedia.org/wiki/Platfor...
Ubuntu - en.wikipedia.org/wiki/Ubuntu
Debian - en.wikipedia.org/wiki/Debian
Principle of least privilege - en.wikipedia.org/wiki/Princip...
Superuser - en.wikipedia.org/wiki/Superuser
sudo - en.wikipedia.org/wiki/Sudo
Public-key cryptography - en.wikipedia.org/wiki/Public-...
gnu Nano - en.wikipedia.org/wiki/GNU_nano
port Computer Networking - en.wikipedia.org/wiki/Port_(c...)
Firewall - en.wikipedia.org/wiki/Firewal...)
------------------------------------------------------------------------------
Self Host-able Services Mentioned:
Awesome Selfhosted - github.com/awesome-selfhosted...
Media Servers
Plex - www.plex.tv/
Jellyfin - jellyfin.org/
Emby - emby.media/
File Sharing
Nextcloud - nextcloud.com/
Password Managers
Bitwarden - bitwarden.com/blog/host-your-...
Passbolt - www.passbolt.com/self-hosted-...
Error Tracking / Monitoring
Sentry - develop.sentry.dev/self-hosted/
------------------------------------------------------------------------------
Self Host-able PaaS Mentioned:
piku - github.com/piku/piku
dokku - dokku.com/
kubero - github.com/kubero-dev/kubero
caprover - caprover.com/
coolify - coolify.io/
------------------------------------------------------------------------------
Paas - Platform as a Service Mentioned:
Vercel - vercel.com/
Netlify - www.netlify.com/
Heroku - www.heroku.com/
fly.io - fly.io/
Render - render.com/
Railway - railway.app/
------------------------------------------------------------------------------
Hosted Database Providers Mentioned:
AWS RDS - aws.amazon.com/rds/
PlanetScale - planetscale.com/
Neon - neon.tech/
------------------------------------------------------------------------------
Hit us up on Socials!
www.syntax.fm/links
Brought to you by Sentry - Use code "tastytreats" to get 2 months free - sentry.io/syntax
#vps #ubuntu #selfhosted #guide - Věda a technologie
This video is for beginners and hobbyist that are learning about the basics of servers and Linux. If you are managing multiple servers you can automate this kind of setup with tools like Terraform, Ansible, Puppet, Chef and others. We hope to cover these kinds of tools in future videos.
Also, we want this video to be an accurate and secure guide for people that are learning the basics, if you notice anything wrong or missing, please let us know and we will add corrections.
CJ on fire with these videos! 🔥🔥🔥
I sure hope CJ's being properly compensated? He's a real catch!
You guys have always been entertaining and great to watch! But, CJ is so high-bandwidth while also very entertaining. I love to be entertained while being educated. Syntax now is best in class on CZcams!!!
Love this !! so easy to understand and follow !! That SSH ports explanation was top notch
Great video CJ, looking forward to the series!
Looking forward to the next part of this series! Just signed up for a Hetnzer VPS and followed the steps here, I now know so much more about basic linux and web servers!
Excited about the future content for setting the server for web apps
I have always loved CJ and his tutorials on his channel, but he hasn‘t done them often in the last months I think. More CJ tutorials!!!
Once we get rolling there will be much more CJ on this channel
can you share his channel link
@@alexdin1565 youtube.com/@CodingGarden
@@alexdin1565 CodingGarden on yt
What a catch CJ was. I thoroughly enjoy his style and energy!
New favorite channel! These videos are so good.
So goooooood...
VPS FTW! I'm hyped about this series! Thanks for sharing! CJ you are the MVP(S) 😘
Absolutely love your content. Can’t explain it, but it feels like I’m being tutored 1 on 1. You have a knack for teaching. Stoked for more!
Super useful series!! Keep it going 😃
This video brings me happiness. Not just the content, but CJ is the best fit for this by a mile!
That is some GREAT content. Can’t wait for the next parts of this series
Heyyy CDawg, didn't know you had another channel, my guy! Most instantest sub ever 😸
Ohhh. This is awesome. I have a PC that I've been thinking about utilizing like this. I will be following this series for sure!
Great stuff, looking forward to the next one!
Excited for this series! Would be interested to see server configuration with Caddy
That will be the next video!
Thank you. I really needed this. It explained everything plain and simple.
That was very interesting and useful. Please keep it coming.
I've been using Linux for 6 months, but learned a lot of new things. Great video!
CJ is a beast. I definitely love these how to video's and self hosted is what I'm working on.
Great video, helps a lot, CJ!
This is on the outer edges of the theoretical limits of how good CZcams content can be. Great job!!
I'm liking the shift to Linux stuff and servers!! Looking forward to more.
Wow this is amazing cj
just in time
Pleaaase continue I’m excited for this series 🔥🔥
Coding garden forever 🌱
Seriously this video helped me immensely. I just have a little play server and didn't realize anyone would try to hack into it. Sure enough, I checked the auth log and there's a lot of activity of some folks trying to log in with all sorts of usernames. My server is now secure thanks to the info in this video.
Love this content. It's actually worth learning this stuff as opposed to the latest in js-land.
Very useful, thanks CJ ❤
syntax is looking good on you, CJ!
super interested , keep them videos coming
this is a really really good video. sshing my love to you... ❤
Man, if I had this video when first setting up my Raspberry Pi I would be over the moon 🙌. Having to figure all this stuff out separately took some time.
Great stuff, thanks for the content!
That was just what I was looking for!
Oh wow perfect. I have just started self hosting my stuff and I know little about security. Thanks Coding Garden Guy
Can't wait for part 2
Great content as always cj, but I got dizzy from the zooming in and out❤😂
CJ! Love it !
Awesome! Let's go!
Great content CJ! One little advice from a viewer perspective, please limit the amount of zoom in/zoom out for the framing. A more subtle movement would be beneficial and still effective! Thanks!
Thanks for the feedback. This does stop after the 3 minute mark, but I should probably limit it to just the intro. -CJ
@@syntaxfm You are right, I've just finished this great video and I've noticed the improvement in the subsequent minutes. Kudos and waiting for the next!
I really really want part 2 CJ
this is a great video.
Ayye seeing your face instantly lit up my face with a smile
2:54 I've been wondering how much a tiny/starter VPS could handle, thanks for the info!
pretty cooool !😱
Nice :) thanks.
21:19 Just add the custom port number to your (client) ssh config! Super easy win. I specify my user there too because I typically only have a single user I'm concerned with.
This is amazing
This is a great video for walking through VPS basic set up and security measures. Really enjoyed it! Looking forward to the next one 👌
One question for my own understanding, we do something similar already with SSH keys at my day job, but we use .pem keys to log in. Is there any difference / benefits to doing it that way vs how you're doing it without?
Thanks
.pem is a container file format that can store all kinds of cryptographic keys including SSL certificates. When using it with SSH, it will contain a private key.
The ~/.ssh/id_rsa (private key) file is actually a .pem file but without the extension!
The only difference with the way you are connecting is manually specifying the key to use instead of the ssh agent picking one automatically from ~/.ssh - if you want the ssh-agent to automatically use your .pem file when connecting to a server, you can use: ssh-add keyfile.pem - but you'll need to do this after every reboot.
-CJ
@@syntaxfm Awesome thanks CJ! Great video
Nice video! This video will be a great checklist for when I'm spinning up a new VPS.
My question is, how much can you pack inside this 1 vCPU 1GB Ram VPS?
Will it be able to run an simple sqlite database + nuxt?
Any tips on how to make the most out of it?
Thanks CJ
This kind of stuff interests me!
Also saying in the comments.
Are you sure you wouldn’t rather hear how a famous dev guy or other, starts his day, and what kinda coffee he drinks? syntax sometimes goes on two hour interviews of non value info. I agree I like this better. Syntax keep up the channel…
The goal here is to have regular deep dives into real code and practical stuff to accompany the more causal pod. Def more on the way.
Thanks for the awesome content, so much information and you really find a great balance between depth and speed.
I have a spare dell laptop lying around which I am beginning to think to turn into my own server. How deluded am I?
The main purpose would be for my business to run a python script for langchain that takes a recording, transcribes it and then saves to to a git repo (an automatic summary for students).
The reason being I am having a hard time making the script and corresponding packages easy to install and set up for my peers! So I want to set the laptop up as a kind of server, albeit with some down time now and then.
A spare old laptop running Linux is a great way to get started with this kind of stuff as well. If you haven't heard of it, research "home lab" and you'll find lots of resources on this. I think if the server will only be used by students / staff, this should be doable. -CJ
@@syntaxfm thanks, that's what I really wanted to hear haha
Can't you use scp to copy your public key to your vps? There is also a way to add 2FA using TOTP codes as a second form of authentication to the terminal.
this is my first time i like the youtube suggestion very clear tutorial and I like you energie thanks CJ
please can you add this tutorials
how we can run docker apps in vps and use different domain name for each app ?
run Nginx as reverse proxy
4:30 Maybe I missed it, but the reason for the fingerprint is to help prevent "man in the middle" attacks.
Yesss! **Grabs Popcorn**
CJ ❤
If I don't have my machine where I log in with my secondary user, how can I log in to the server if the root is disabled as well?
the auth.log command didnt work for me because there was no file. but i used last and lastlog which works fine.
What provider are you using for your VPS? I've always been overwhelmed trying to choose
Given these tasks are always performed when setting up a VPS is there a way to automate them?
Yes there are a few popular tools for this: cloud-init, Terraform, Ansible, Puppet and Chef
-CJ
Are you going to cover cloudflare?
How can you use something like Zerotier or Tailscale to only allow ssh from those vpn services?
You can do this with those tools or any other type of VPN including OpenVPN and Wireguard. Once the VPS is connected to the VPN, you can add a firewall rule that limits connections to port 22 from a given subnet within the VPN.
@@CodingGarden Great, thanks!
What happens if you disable password login and lose your public key?
If your VPS provider has "console" mode, you can login with the root password if you still know it. In some cases this would require a support ticket / someone at the VPS company with direct hypervisor access to login. Otherwise, you would need to ask your hosting provider to reset your VPS. This is why backups and fail safes are important. I'll talk about those in future videos. -CJ
Yup, after realising there's no good way to prevent unexpected serverless costs i've gone back to traditional servers.
Hey it seems your audio is slightly out of sync with the video itself.
Kool kool kool
Guys, this might not be the best place to ask question, but I am wondering rn how can i publish my portfolio app that makes uses websockets for free? Looking at servicea other than aws, azure, gcp feels like some functionality is missing while they themselves look like rabbitholes😅
websockets require a traditional long-running server, and I don't think there are any free offerings in this space. You should grab a $5 VPS and follow along this series so you can host your own :)
I linked a few cheap VPS options here: twitter.com/coding_garden/status/1770834001843957963
Another alternative for real-time connections is to use the free tier on a hosted service like supabase or firebase, but this will likely require you to re-write your real-time logic.
@@WesBos @CodingGen thank you! I will look into these
Does CJ has his own channel?
I do! Over here on Coding Garden. I haven't posted any videos there since joining Syntax but will start live streaming again soon.
Cant seem to find find episode 615 of syntax...
syntax.fm/show/615/where-should-you-host-your-app-hosting-providers-compared
How to get public ip
Has the channel been renamed?
It has. Check out this for the full story czcams.com/video/fmdJ1KGSKIA/video.htmlsi=LEMCXbW0a8VIi9Oj
TLDR, Level Up Tutorials and Syntax were acquired by Sentry and to simplify things we combined them. Scott who started LUT is deeply involved in content and planning.
Don't forget to set correct file permissions!
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys