Create an Extra Secure Ubuntu 18.04 NGINX server | Gabriel S | Skillshare

Playback Speed


  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x

Create an Extra Secure Ubuntu 18.04 NGINX server

teacher avatar Gabriel S, Web Developer & UX Designer

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Lessons in This Class

7 Lessons (36m)
    • 1. Create SSH keypair

      3:59
    • 2. Create LEMP and Login to server

      5:04
    • 3. MySQL MariaDB Create Database

      7:15
    • 4. Add new Ubuntu user, disable root

      8:23
    • 5. Fail2ban and extra security settings

      3:35
    • 6. Harden network, sysctl settings

      6:59
    • 7. Login with new sudo user

      1:10
  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.

27

Students

--

Projects

About This Class

How to install and secure an Ubuntu 18.0 NGINX LEMP server. All terminal commands, step by step at http://gabriel.nu/tutorials/

Meet Your Teacher

Teacher Profile Image

Gabriel S

Web Developer & UX Designer

Teacher

Class Ratings

Expectations Met?
  • Exceeded!
    0%
  • Yes
    0%
  • Somewhat
    0%
  • Not really
    0%
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.

Transcripts

1. Create SSH keypair: Today we will learn how to set up an extra secure about two. And the next server? Yes. Go to my website, Gabriel, look and new slash tutorial. Here I have listed all the timer commands, so it will be a serious to copy paste. If you click on the egg solution link, you will also get the $100 cup on credit uptake solution for your posting. So on that start the great um ssh To keep her, we were first installed big twice. So your standard orbit twice. By clicking this link, you just click the first button here toe download it. Andi one down there. Did you just click executable file on installed it place so we would create Ah, strong or it's a key. So you just open be twice after installment You will see a link My Aunt Key. And if you have ah already created our keeper will put the for example you can hear Just upload Dr Key But we will create a new keep our directly in bed twice years Click great new underground to a possible preferably ah 18 plus character password which is come safe, Teoh After that post here. Yes, confirmed the same most phrase on. We will select the strongest encryption here. Click generate. So now it's very important that you exporter near Key's preferred return I krypton external drives like USB flash. So select openness is age, which is compatible with more clients and also the private key estan to the post race you had shoes on. I usually keep bit voice open, at least until you have created your droplet that the solution on grant created your toe to do user balloon. 2. Create LEMP and Login to server: so we will not create on a bump to server within the next at the conclusion. So you just get my first links. Who can get the 100 or lower credit couple on by creating account. So here just aren't your email on the possibly want and you will get the 60 day credit cover $100. So yes, Logan dar on When you looked in, I'm sure you here. You really didn't do. Click the create bottom. It's a green button in the top on your shoes, droplets on the you take a tub marketplace and you scroll down to lamp on 18 points. Food, sir, for stick that on the A starter standard, I really will shoes the smallest possible here. Two gigabyte promise quick enough for Ah, for example. For WordPress site, it's just $10. Backup is normally cheaper if you have a smaller but not really select a town dollars per month on the data center region, you will select the country where you have the most vistors. Monitoring can be good toe out so you can see the performance. You will see if you need toe out, uh, more gigabyte later, but maybe copy Paste the public key Re creative. So we just hope in your public key you can open it in the new power. The rest on the text editor. I would just open it in brackets here. I just copy the whole low thing here. I pasted him to the pop. A conclusion on the just name it Probably Sue. Remember which key is toe? What? Which droplet Andre out The key to the conclusion Fool, You can changed his name if you want But now we re just collected green Great bottle on that will start to install everything We need her at the Gabriel dot the new slash vitoria's You'll find the form so you can make a little commands easier. Well, it could be the I'd be undressed here first. So we got this. I pounders at the conclusion in the service were started in the form on whatever you're out to this form It will be copied to the terminal commands. Hello it is Go along. It was seeing the commodity in green. Okay. Can pace the Tinto bit twice on the chase. The using it to root Onda we find our key here Proof one. I'm just at the post race for your private key on the click log in. So we're now looking to the server. Just accept and save the certificate on. Be twice will open both this five manager, where you can transfer the forests and also it will open automatically the tone a window where we will run a lark amounts. 3. MySQL MariaDB Create Database: for the my sequel and installed Mariah TB. Yes, the company Commander Gable. New tutorials to get my secret possible in the terminates enough to select the postcode on bit wise will automatically copy deposit for you. Just paste it into note pads. So you have it for future use falls apart It baseless here, Not in the form. I have to get a look new stressed the lawyers to make the commands below easier. No way will secure the installation just to cope with this. And he don't, er I'm the here can just answer yes on everything, actually. But if you want to control the my sequel possibles, you can select uh, 10 Well, no to here even know installed Maria db instead of my secret. So first to we just need the post. Would here. Yeah, just answer yes on everything. So before we installed Marie Levy, we will just update all service server packages. Just copy paste the camiones from the four month given the new slash tutorials based it on hit. Enter this. Come there sometimes take away. But just be patient, so I know we will. I just installed DVD. If you get these messages you hit, enter or if you want to fix you can do that. - We just check the state to say first over the modern DB. If it's running on the obviously it's not running failed because a time out. So you started. Just cope with this. If it fails, rechecked the version off my secret we have on the real no again to our sort or two are dead ways. Just use the pulse. What do you have? Copper basted before Andi will not create the first database. As you can see, Ah used utf eight and before it's just to be able to store Smileys and other characters also in the database is here. Create the Yusor Onda. We grant all privileges to this Yusuf for the state of its just exit with control, see from the database 4. Add new Ubuntu user, disable root: So we will add a new a bunch of user and disabled the root user. But the first we have stop titled server package ease. So just copy the Dominica moans here at the Gabriel New slash tutorials and paste it into the terminal and hit. Enter. This would be quiet first. Yes. Don't. So, yes, - some of these commands that take a while. But just wait until it stops. They're stops. We continue with the updates. Here is the answer. Yes, with a Finally we will remove everything that we don't need her. But we were first. Wait until now. Yeah. Here. Cast hit. Enter. Actually, there is stopped. So we paced the lost command to remove everything we don't need on we also Yes. Here, just hit. Enter. Same here. There it stopped when done. So we've been out a new about two user which will be our pseudo user. So it will have the same privileges as route but different name. So you just shows a good possible here and hit enter when you don't and confirmed the same password. I did something wrong, so I had to redo. Good to check if you have caps. Look activated or not. You know, I just he attempted because I don't want toe out down here. Personal information just cooked the old commands here less You can see all your personal You sirs have been copied into green into this camiones. We just test this. It's down to the post. Would you issues there? You can see that we are moved in. We'll make a new director too pasty in lower public key. Just go Growth release on the well. Open a file where we will call. He paced our public e. You can take it from note pad world from twice just hit, right mass bottle on it will look paste into the terminal exit. We will just remove the the pulse. Would Logan hair? Because we have Ah, We will begin with the key Paris instead on with disable the route looking. So now we have to From now you have to log in with your new about two years service. You cannot begin with truth anymore on the real not be able to look in with post world. It's already set to watch. We accept the rooming to know here Onda reload with a new something and check if it's still not working here can say See that it's active in green 5. Fail2ban and extra security settings: so we will not configure fail to about so just copy. Paste the commands as usual from the giver. The new slash tutorials into your terminal window on the Remember your pulse would for your private key just dumped you. Hold we asked Cupid Ire failed to brown config. We will and that this capital. As you can see, you will need to add a few of these lines. Some lines will already be there. So you're checking your file and compare it. You can search with the control w Here you can see we have all the report on the log path. So we will out the other lines. Just exit with the control X on the also. Yes, So we just Reese thought felt about and check the status. You can also run this command us to see if you have had done abounds on the so far is hero way will also add some extra security Some things so we can start with this Sougou. No, no in That's so true on on this line Yes, they could do next to exit and save. If you run the pseudo reboot now, you will actually be logged out so you can wait with us your first. Remove services they don't use, conversely, stole services and see what you have. But normally you can remove all this. You should never have Ah ftp server, you know so yes, also, yes. 6. Harden network, sysctl settings: armory was told on the network. Just check which of these you have already comment in your fire. You consult with control W in Windows. - Yes . Continue. Go through all this to see which you have enabled and which you haven't in a building just on comment. The lines you want to use just outdoes. We're so not already in the file. - That's where soon done. That's the most here. 7. Login with new sudo user: So when you're done, you want to run the pseudo reboot. So we need to change our settings in twice. So we were able to log in. So yes, check that you have your new about to you. So here you are, Sue the user on say the profile. All the rest shall be just like for the root user. We use the same. He's same password. Don't save it for your current windows user. Well, no gout, so we can give him and see if it works. They have it. You have the you're terminal window which is open now and loved unless you're super user.