Linux on Sander Knape

Securing your server's SSH configuration

Sun, 06 Nov 2016 12:43:02 +0200

Are your SSH log files flooding with failing login attempts? I’ve seen many questions on websites such as Stackoverflow and Stackexchange from worried people that someone is actively targeting their servers with brute-force password logins attempts. Let me get one thing straight first: you are not special! It’s part of internet life: many botnets constantly attempt to login to servers. These can be random IP addresses or known ranges such as Amazon AWS EC2 instances or DigitalOcean droplets. There’s nothing much you can do about this except for making sure that your server is securely set up.

Get insight into your server with Datadog

Sun, 09 Oct 2016 17:44:02 +0200

I have been running my blog for a few months now on a DigitalOcean droplet. Apart from the few metrics DigitalOcean provides, I never really had any insight into how my server is performing. This includes metrics like CPU and Memory, but also metrics from the applications I run to host my blog, in particular Nginx, php-fpm and MySQL.

To get more insight into these metrics, I decided to install the Datadog agent on my server. Datadog comes with a large selection of integrations for various different applications, including all the applications I am running. The great thing is that Datadog comes with a free plan for up to 5 hosts, although the biggest downside is that the data retention is only for a single day. It is easy to upgrade to a paid plan however, so I might decide to do that sometime in the future.

Using Let's Encrypt for free automated SSL certificates

Thu, 01 Sep 2016 13:07:02 +0200

If you maintain your own server or servers with SSL certicates, you might know how annoying it can be to keep those certificates up to date. Especially when you have a multitude of servers, some possibly even serving the same certificates, this is a hassle to manage. Luckily, there is a solution, and its called Let’s Encrypt.

Introducing Let’s Encrypt #

Let’s Encrypt is a Certificate Authority (CA) that provides an automated method for requesting and renewing free Domain Validated (DV) SSL certificates. It is not possible to request the other certificate types (Organization Validation (OV) and Extended Validation (EV)) through Let’s Encrypt. These certificate types require some manual work from the CA and can thus not be automated. If you have good reason to go for an OV or EV certificate, Let’s Encrypt is not an option for you. Remember though: each certificate type is equally secure for your website visitors.

Getting a Qualys SSL Labs A+ rating with Nginx

Sun, 19 Jun 2016 12:01:02 +0200

Setting up SSL for your server may seem like a daunting task. In addition, why would you do it? What are the benefits? There are multiple, actually, with some of the most important ones being:

It’s better for SEO. Back in 2014, Google announced they would start with giving HTTPS websites a little boost in the search results.
It’s not slower than HTTP. In fact - it will even be faster with HTTP2 enabled. Check the “Is TLS Fast Yet?” website for details.
It’s free. Ok, it’s not free if you want that spiffy, large green browser bar for your customer. If you are happy enough with a green lock (in Google Chrome at least), it’s free.
You can automate it! Which is especially great when you manage multiple servers with multiple SSL certificates.

In this post we’ll setup an Nginx configuration in such a way that you will get an A+ rating on the Qualys SSL Labs test. If you want to follow along with this blog, you’ll need the following things already set up: