markdown 02.初始网络服务器设置数字海洋

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了markdown 02.初始网络服务器设置数字海洋相关的知识,希望对你有一定的参考价值。

#  Initial Network Server Setup Digital Ocean

## Redirect your DNS

* Go to your DNS Provider

* Change your nameserver (NS) to:

```
ns1.digitalocean.com
ns2.digitalocean.com
ns3.digitalocean.com
```

## Config DNS

Go to your droplet

`https://cloud.digitalocean.com/droplets`

Adding your server to networking

`Choose your server`
Click on `More`
Click on `Add a Domain`

Add the following routes

```
A www YOUR_IPV4_ADRESS
AAA @ YOUR_IPV6_ADRESS
AAA www YOUR_IPV6_ADRESS
```

## Install SSL Certificate with Certbot

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx

* Run the following commands to install certbot on your Server

```
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx 
```

### Setting up Nginx

Access you Nginx default file

`sudo nano /etc/nginx/sites-available/default`

Change the default configuration to your domain name

`server_name YOUR_DOMAIN_NAME.COM www.YOUR_DOMAIN_NAME.COM;`

Check the sintax

`sudo nginx -t`

Reload Nginx

`sudo systemctl reload nginx`

## Install Certbot

Run the install command for certbot

`sudo certbot --nginx`

Configure Auto-Renewal

`sudo certbot renew --dry-run`

## Add CAA

Add the CAA adress to your DNS Records

`@  letsencrypt.org issue`

#  Initial Firewall Server Setup Digital Ocean

Check your firewall status

`sudo ufw status`

Check your current Config

`sudo ufw app list`

You will need to enable the following services

* Allow Nginx

```
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
```

* Allow SSH

`sudo ufw allow OpenSSH`


# Extra

https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands
https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
https://www.ssllabs.com/index.html
https://www.htbridge.com/ssl/

以上是关于markdown 02.初始网络服务器设置数字海洋的主要内容,如果未能解决你的问题,请参考以下文章

markdown 03.初始NGINX服务器设置数字海洋

无法让 Celery 使用 prod 设置处理数字海洋液滴

.htaccess 在数字海洋服务器中不起作用

我无法将我的 TablePlus 连接到数字海洋 postgresql 数据库

如何在数字海洋水滴上运行进程并在注销时保持运行? [复制]

Nuxt.js 前端和 laravel api 在同一个 nginx 服务器上 数字海洋