How to Set up Your VPS

VPS or Virtual Private Servers are…

Mac OS includes a native SSH client, Terminal, which allows you to quickly and easily connect to a server via SSH.

What is SSH

Secure SHell (SSH) is an encrypted connection protocol used to connect to the command line interface (CLI) of a remote machine.

SSH utilises TCP port 22 by default. This can be changed to a non-standard port.

The SSH process uses symmetric encryption, asymmetric encryption and hashing in order to securely connect the client to the remote server.

The first time you connect to the server, you will be asked to verify the public key of the server. On future connections, the client will reference this verified public key to ensure that you are still connecting to the same server by referencing the known_hosts file.

Both the client and the server negotiate a session key which is used to encrypt and decrypt the data sent during the SSH connection.

Finally, the server authenticates the client using an SSH key (if available and used).

How to connect to VPS using Terminal on Mac OS X.

Step 1: Open Terminal

The quickest and easiest ways to open Terminal is with keyboard shortcuts:

Use shortcut “Control + Option + Shift + T“, to open Terminal in a new window.

Use shortcut “Command + Control + Option + Shift + T“, to open Terminal in a new tab.

1. Alternatively use the Spotlight Search in your menu bar or shortcut Command + Space.
2. Type “Terminal” in the search box.
3. Terminal should appear at the top of your results. Double-click to open.

Step 2: Enter the standard SSH command

ssh user@I.P.or.domain

Replace user and I.P.or.domain. with the username and IP of your remote server. Press return to execute this command.

This will connect to the server via SSH with the username user and the default SSH port 22.

Initial VPS Setup: Users and Firewall: Follow this guide.

Install Node.js: Follow this guide.

Install Git: Follow this guide.

The RHEL web console is then enabled using the following command:

sudo systemctl enable --now cockpit.socket

You can then access you a wide range of administration tasks, including:

Managing services
Managing user accounts
Managing and monitoring system services
Configuring network interfaces and firewall
Reviewing system logs
Managing virtual machines
Creating diagnostic reports
Setting kernel dump configuration
Configuring SELinux
Updating software
Managing system subscriptions 

Root privileges are needed to activate the RHEL web console. These are not needed to log onto RHEL, once activated.

This will listen on port 9090 for all users. See the manual for more details.

Create a websites’ directory

Following traditional Apache access config. You should create a web accessible directory

All the files of your websites and web applications will be held there. In the command console you should enter:

mkdir creates a directory (folder). In the command console type:

sudo mkdir -p /var/www/

The –p parameter is for recursive folder creation: firstly, «mysitename1.org» directory is created; secondly – «public_html» directory, where the content of the web resources, you are going to place, will be held. «/var/www/» is a path to create new directories.

Create a Demo Application

To create a demo application the microservices will run on ports 3000+.

sudo mkdir -p /var/www/demo

sudo touch /var/www/demo/app.js

sudo vi /var/www/demo/app.js

This will open the file in a text editor.

Press ‘i‘ to insert text.

Then paste:

var frontity = require("./build/server").default;
var http = require("http");
var server = http.createServer(frontity);
server.listen();

To save and exit press “Esc“, then colon “:” then “x“.

Set up FTP access

File Transfer Protocol (FTP), is a protocol for providing access to files residing on a remote server.

It’s one of the earliest protocols created for allowing users to download files over the internet and has been the standard method for transferring files between computers for decades. With the FTP protocol, users can download and upload files to remote servers.

Vsftpd, short for Very Secure FTP daemon, is a secure FTP daemon that is an upgrade of FTP protocol. It enforces secure connections to FTP servers by encrypting traffic send to and from the server, and by so doing, the file transfer is kept safe and secure from hackers.

Install VSFTPD with the following command:

sudo yum install vsftpd

Introduction

If you are looking to install an FTP server, you can’t beat the simplicity of VSFTPD.

FTP stands for File Transfer Protocol. It has been a standard method for transferring files between computers for decades.

Although security measures have been added, FTP is by nature an insecure method for transferring files. However, it can be useful when making files available to multiple users, or when working in a secure and private network.

This guide will show you how to configure and install an FTP server using VSFTPD on CentOS 7.

At this point, you are expected to have:

• The yum package manager, installed by default
• Access to a user account with sudo privileges
• A text editor (vim/nano)

Install an FTP Server to CentOS 8

Step 1: Install FTP Service with VSFTPD

1. If not already done, start by updating the package manager:

sudo yum update

Allow the process to complete.

This guide uses the VSFTPD (Very Secure FTP Daemon Software Package). It’s an easy to set up software utility for creating an FTP server.

Install VSFTPD software with the following command:

sudo yum install vsftpd

Start the service and set it to launch when the system boots with the following:

sudo systemctl start vsftpd

sudo systemctl enable vsftpd --now

Create a rule for your firewall to allow FTP traffic on Port 21:

sudo firewall-cmd --zone=public --permanent --add-port=21/tcp

sudo firewall-cmd --zone=public --permanent --add-service=ftp

To check the status of vsftpd:

sudo systemctl status vsftpd

Copy the default config:

sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.default

Then edit the config:

sudo vi /etc/vsftpd/vsftpd.conf

These three variables should be set:

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#

# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_
full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/xferlog
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
# the behaviour when these options are disabled.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction

Restart VSFTPD:

sudo systemctl restart vsftpd

FTP the build folder to your server and move to the web directory:

sudo mv build /var/www/demo/