VPS setup terms / Digital Ocean Flashcards
If you don’t already have an SSH key, generate one using the following command:
ssh-keygen
Once generated, SSH keys are stored in the SSH directory at the r.._ of your user account
Once generated, SSH keys are stored in the SSH directory at the root of your user account .~/.ssh
When you generate an SSH key, it creates two files:
- A p____ key, which remains securely stored on your machine.
- A p____ key, which you provide to DigitalOcean or other services. This will have the .p___ file extension.
When you generate an SSH key, it creates two files: - A private key, which remains securely stored on your machine. - A public key, which you provide to DigitalOcean or other services. This will have the .pub file extension.
Use the following command to display your public key:
cat ~/.ssh/id_rsa.pub
Note: The file name id_rsa.pub is a default for many setups, but the actual file name may differ based on how you generated your SSH key. If a different file was created, adjust the cat command accordingly (e.g., cat ~/.ssh/your-key-name.pub)
command to connect to the server:
ssh root@’ip address or domain name’
ssh root@chasephilpot.com
ssh root@123:456:789
Command to give the new user ‘username’ sudo privileges
usermod -aG sudo ‘username’
the -a argument stands for append
The -G argument tells usermod to change a user’s group settings.
A utility to efficiently transfer and synchronize files and directories between two locations. It can operate locally or remotely.
rsync
(part of larger command)
‘–archive A’ is shorthand for -rlptgoD, which means:
-r: recursively copy d_________s
-l: copy symbolic l____s as symbolic l____s
-p: Preserve file p________s
-t: Preserve modifcation ________s
-g: Preserve g________ ownership
-o: Preserve o______
-D: Preserve d__________ and special files
-r: recursively copy directories.
-l: Copy symbolic links as symbolic links.
-p: Preserve file permissions
-t: Preserve modification times
-g: Preserve group ownership
-o: Preserve owner (only if run as a superuser).
-D: Preserve device and special files.
(part of larger command)
Changes the ownership of the files to the specified user (ralph) and group (ralph) after they are transferred to the destination.
–chown=ralph:ralph
command to enable ufw
sudo ufw enable
command for deleting rules in ufw:
sudo ufw delete allow rulename
command to confirm NGINX is running
systemctl status nginx
command to enable the ufw ‘Nginx Full’, which allows HTTP and HTTPS traffic
sudo ufw enable ‘Nginx Full’
command to remove any redundant configuration
sudo ufw delete allow ‘redundant_config’
command to check ufw status
sudo ufw status
To remove any configuration from ufw we can use the command:
sudo ufw delete allow ‘rule_name’
Example:
sudo ufw delete allow ‘Nginx HTTP’
command to initialize certbot:
sudo certbot –nginx -d www.domainname.com -d domainname.com
(optionally you can use the -v command to debug issues if they arise)
NOTE: certbot now upgrades http to https by default (this is the desired behavior)
The a__ command is a package management tool in Ubuntu and other Debian-based Linux distributions
The apt command is a package management tool in Ubuntu and other Debian-based Linux distributions
command to install node:
command to install NPM:
sudo apt install nodejs
sudo apt install npm
command to install PM2
(a Production Process Manager for Node.js applications PM2 is going to make sure that our application is always running)
sudo npm install pm2@latest -g
test the nginx config file for typos with the command:
sudo nginx -t
An _ record maps a domain to the physical IP address of the computer hosting that domain.
An A record maps a domain to the physical IP address of the computer hosting that domain.
Internet traffic uses the _ record to find the computer hosting your domain’s DNS settings.
Internet traffic uses the A record to find the computer hosting your domain’s DNS settings.
The value of an _ record is always an IP address, and multiple _ records can be configured for one domain name.
The value of an A record is always an IP address, and multiple A records can be configured for one domain name.
restart Nginx so that it can pick up the new configuration with the command:
sudo systemctl reload nginx
This will allow us to automate the app process
Pm2 makes it easy to start/stop our app and even restarts it if the server crashes and restarts
command to tell pm2 to run whenever our server is up
pm2 startup systemd
command for installing certbot:
sudo snap install certbot –classic
A VPS can be thought of as being functionally equivalent to a dedicated p_____ s______ (although usually a lot cheaper)
A VPS can be thought of as being functionally equivalent to a dedicated physical server (although usually a lot cheaper)
DigitalOcean Droplets are L____-based virtual machines (VMs) that run on top of virtualized h_____. Each Droplet you create is a new server you can use, either standalone or as part of a larger, cloud-based infrastructure.
DigitalOcean Droplets are Linux-based virtual machines (VMs) that run on top of virtualized hardware. Each Droplet you create is a new server you can use, either standalone or as part of a larger, cloud-based infrastructure.
A V____ P_____ C_____ (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are inaccessible from the public internet and other VPC networks, and traffic on them doesn’t count against bandwidth usage
A Virtual Private Cloud (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are inaccessible from the public internet and other VPC networks, and traffic on them doesn’t count against bandwidth usage
VPC p____ing allows you to join two VPC networks with a secure, private connection.
VPC peering allows you to join two VPC networks with a secure, private connection.
we can connect to a VPS via its __ address
we can connect to a VPS via its IP address
we use a firewall to disable traffic to the server except for ___ (so we can still connect to is securely)
we use a firewall to disable traffic to the server except for ssh (so we can still connect to is securely)
S_______s are on-demand Droplet and volume images. They’re useful to manually back up or reproducibly create Droplets.
Snapshots are on-demand Droplet and volume images. They’re useful to manually back up or reproducibly create Droplets.
UFW stand for ____ Firewall
Uncomplicated Firewall
the service allowing you to connect to your server that has a profile registered within UFW
OpenSSH
Run the following command to get a list of all current available profiles (re: firewall):
ufw app list
you can check your current UFW ruleset with the command:
sudo ufw status
or
sudo ufw status verbose
To block all network connections that originate from a specific IP address, run the following command
sudo ufw deny from 203.0.113.100
Once you have Nginx installed and enabled as a service, run the following command to identify which profiles are available
sudo ufw app list | grep Nginx
The following command will allow both HTTP and HTTPS traffic on the server (ports 80 and 443):
sudo ufw allow “Nginx Full”
PostgreSQL listens for client connections on port 5___
PostgreSQL listens for client connections on port 5432
For more detailed information about each command parameter and available modifiers, you can use the __ utility to check UFW’s manual
the man utility
ufw man
PM2 is a d_____ process manager widely used in production for Node.js applications
PM2 is a daemon process manager widely used in production for Node.js applications
PM2 makes it possible to d____ize applications so that they will run in the background as a service.
PM2 makes it possible to daemonize applications so that they will run in the background as a service.
It is possible to add multiple records for the same DNS entry, each pointing to a different IP address. This supports a load distribution and balancing strategy known as R____ R____ DNS.
It is possible to add multiple records for the same DNS entry, each pointing to a different IP address. This supports a load distribution and balancing strategy known as Round Robin DNS.
An AAAA record, also called a Q___ A record, maps an IPv6 address to a domain name. This determines where to direct requests for a domain name in the same way that an A record does for IPv4 addresses.
An AAAA record, also called a Quad A record, maps an IPv6 address to a domain name. This determines where to direct requests for a domain name in the same way that an A record does for IPv4 addresses.
A CNAME record defines an a___ for an A record and points one domain to another domain instead of an IP address
A CNAME record defines an alias for an A record and points one domain to another domain instead of an IP address
S____ P____ F____ (SPF) records contain lists of email servers that are authorized to send email on behalf of your domain
Sender Policy Framework (SPF) records contain lists of email servers that are authorized to send email on behalf of your domain
CAA records specify which c____ a_____s are permitted to issue certificates for a domain.
CAA records specify which certificate authorities are permitted to issue certificates for a domain.
most domain owners make their web servers accessible through the bare domain (example.com) and also through the “h___” definition “www” (www.example.com).
most domain owners make their web servers accessible through the bare domain (example.com) and also through the “host” definition “www” (www.example.com).
A z___ file is a simple text file that contains the mappings between domain names and IP addresses. This is how the DNS system finally finds out which IP address should be contacted when a user requests a certain domain name.
Z___ files reside in name servers and generally define the resources available under a specific domain, or the place that one can go to get that information.
A zone file is a simple text file that contains the mappings between domain names and IP addresses. This is how the DNS system finally finds out which IP address should be contacted when a user requests a certain domain name.
Zone files reside in name servers and generally define the resources available under a specific domain, or the place that one can go to get that information.
Every domain that a name server knows about is stored in a z___ file
Every domain that a name server knows about is stored in a zone file
The more z___ files that a name server has, the more requests it will be able to answer authoritatively.
The more zone files that a name server has, the more requests it will be able to answer authoritatively.
The S___ of A____, or SOA, record is a mandatory record in all zone files
The Start of Authority, or SOA, record is a mandatory record in all zone files
MX records are used to define the m____ ex_____s that are used for the domain. This helps email messages arrive at your mail server correctly.
MX records are used to define the mail exchanges that are used for the domain. This helps email messages arrive at your mail server correctly.
The command line tool d__ with the -x flag can be used to look up the reverse DNS name of an IP address.
The command line tool dig with the -x flag can be used to look up the reverse DNS name of an IP address.
dig -x 8.8.4.4 +short
(The +short is appended to reduce the output to the reverse DNS name.)
t____r____ is a simple tool to show the pathway to a remote server.
traceroute is a simple tool to show the pathway to a remote server.
traceroute google.com
when using traceroute, the maximum number of hops can be adjusted with the -_ flag. If the host you are trying to route to is over 30 hops away, you may need to specify a larger value here. The maximum value you can set is 255.
traceroute -m 255 obiwan.scrye.net
A dynamic alternative to the traceroute program is m__
A dynamic alternative to the traceroute program is mtr
Unlike traceroute, mtr is not installed by default on most systems. You can get it by typing the following commands.
Ubuntu / Debian:
sudo apt-get install mtr
CAA records are used to specify which Certificate Authorities (CAs) are allowed to issue S../T.. certificates for your domain
CAA records are used to specify which Certificate Authorities (CAs) are allowed to issue SSL/TLS certificates for your domain
__ is a utility for transferring and synchronizing files between a computer and a storage drive and across networked computers by comparing the modification times and sizes of files
rsync
A “server b____” is a configuration section within a web server like Nginx that defines how to handle requests for a specific domain or group of domains, essentially allowing you to host multiple websites on a single server by specifying different settings and behaviors for each domain based on the incoming request’s domain name; in simpler terms, it’s like a virtual server within a server, enabling distinct configurations for different websites on the same machine.
A “server block” is a configuration section within a web server like Nginx that defines how to handle requests for a specific domain or group of domains, essentially allowing you to host multiple websites on a single server by specifying different settings and behaviors for each domain based on the incoming request’s domain name; in simpler terms, it’s like a virtual server within a server, enabling distinct configurations for different websites on the same machine.
Let’s Encrypt is a C____ A_____ (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted _____ on web servers
Let’s Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers
