As a brief note to self, if you forget the MySQL root password again, these are the steps you followed to create a new MySQL root password on an existing MySQL server running on Ubuntu 16.x:
Summary: How to create a public and private key pair to use ssh and scp without using a password, which lets you automate a remote server backup process.
Over the last two years I've ended up creating a large collection of websites and web applications on a variety of Linux servers that are hosted with different companies like GoDaddy and A2 Hosting. I recently embarked on a mission to automate the backup processes for all these sites, and as a result of this effort, I thought I'd share what I've learned here.
Table of Contents
- New Linode Server
- Update Everything
- Ubuntu Firewall
- Add a New User
- Disabling Root Login (sshd_config)
- Limit Login Attempts (sshd_config)
- Install Nginx and MySQL
- Adjust Firewall
- Nginx Configuration
- Installing Java on Ubuntu
- NOT what I used: Let’s Encrypt on Ubuntu 16.04
- (1) Create a cert (openssl)
- (2) Create a strong Diffie-Hellman group
- (3) Configure Nginx to Use SSL
- Adjust the Nginx Configuration to Use SSL
- (Alternative Configuration) Allow Both HTTP and HTTPS Traffic
- Adjust the Firewall
- Enable the Changes in Nginx
- Test in Browser
- Nginx "default_server"
- Can change to a permanent redirect (301)
- More Security: Preventing Information Disclosure
- More Security: Fail2Ban
- Restricting Access by IP Address
- See also
Without any introduction or discussion, here are the notes I made while learning how to get HTTPS working with Nginx. These are just for me, but if something helps you, cool.
Ubuntu is running great on my old 2008 iMac, but if you’re having Linux performance issues, here’s an ArchLinux page titled “Improving performance.”
This is a link to an article titled, “Optimizing Linux for slow computers.” Note that this article links to this more thorough resource on archlinux.org.
Here are a couple of paragraphs from it:
When tuning a server, you'll really want to tweak for performance and high throughput. That's where most Linux configurations really shine over the competition: they come better tuned to get the most out of server configurations.
As a quick note, I haven’t tried to log into one of my GoDaddy websites in several months, and when I tried to log in just now I got this macOS ssh error message:
Unable to negotiate with <ip-address here> port 22: no matching host key type found. Their offer: ssh-dss
Here are a few notes on the “ARM server” market (from a server expert).
I don’t remember where I took this picture from, I assume it is the Play Framework docs, but it offers a nice explanation of how a Future works in the Play Framework, especially in regards to blocking the client and server.
I heard about CoreOS through someone who works at Netflix. If I needed a ton of Linux servers, I’d definitely check it out.
I’ve started to write a mobile app using Sencha Touch for the client, and the Play Framework and Scala on the server side (to create a RESTful API). At some point I may make all of this code open source, but for today I’m just going to share some pictures of the Sencha Touch client.
First, here’s the Notes screen. A note can be anything with a title, and optional body: