Differences

This shows you the differences between two versions of the page.

--- public:computers:vps_tips_tricks [06/03/25 19:22 GMT] – [.htaccess method] john
+++ public:computers:vps_tips_tricks [06/04/25 07:32 BST] (current) – [Access via FastHosts] john
@@ Line 10: / Line 10: @@
    * SSL Certificate replaced to enable HTTPS
 </note>
+===== New VPS : March 2025 =====
+  * New VPS 1 obtained at Fasthosts
+<code>
+Type:Virtual Machine
+Size:vps 1 2 60
+Cpu:1 vCore
+RAM:2 GB
+Disk:60 GB NVMe SSD
+</code>
+<code>
+Distributor ID: Ubuntu
+Description:    Ubuntu 24.04.1 LTS
+Release:        24.04
+Codename:       noble
+</code>
+  * Installed PHP and Apache2
+<code bash>
+gm4slv@gm4slv:~ $ php --version
+PHP 8.3.6 (cli) (built: Dec  2 2024 12:36:18) (NTS)
+Copyright (c) The PHP Group
+Zend Engine v4.3.6, Copyright (c) Zend Technologies
+    with Zend OPcache v8.3.6, Copyright (c), by Zend Technologies
+</code>
+  * configured SSL per previous method [[public:computers:ssl_install_vsp|]]
+  * changed SSH port from default 22 to a //new// port, changed VPS firewall to suit new SSH port
+  * Ubunto OS brought up to date: ''sudo apt-get update'' and ''sudo apt-get upgrade'' and ''sudo apt-get dist-upgrade''
+===== Dokuwiki Security =====
+  * previous installations used .htaccess to prevent web access to data/conf/lib/bin etc. directories
+  * this time I decided not to use .htaccess but to follow the alternative instructions in [[https://www.dokuwiki.org/security]] to use **LocationMatch**
+==== LocationMatch method ====
+Apache is told which directories (data, conf, bin, inc, vendor) to make private. The downside is that this configuration might need altering if new directories are added during ''dokuwiki'' upgrades.
+add to ''/etc/apache2/apache2.conf''
+<code apache>
+<LocationMatch "/(data|conf|bin|inc|vendor)/">
+    Order allow,deny
+    Deny from all
+    Satisfy All
+</LocationMatch>
+</code>
+''sudo service apache2 restart''
+==== .htaccess method ====
+the secured directories in ''dokuwiki'' have suitable .htaccess files already. Apache needs to betold to allow them to alter behaviour <code apache>AllowOverride All</code>
+add to ''/etc/apache2/apache2.conf''
+<code apache>
+         <Directory /var/www/html>
+                Options Indexes FollowSymLinks MultiViews
+                AllowOverride All
+                Order allow,deny
+                allow from all
+        </Directory>
+</code>
+''sudo service apache2 restart''
+===== SSH Security =====
+  * Configured ''sshd'' to disallow password-logins and only accept public-key authentication
+    * be careful to check the files in ''/etc/ssh/sshd_conf.d'' for hidden config options!
+  * uploaded public keys from
+    * Puttygen for [[https://www.putty.org/ | putty]] on laptop
+    * [[https://connectbot.org/ | ConnectBot ]] app on phone
+  * saved both in ''~/.ssh/authorized_keys''
+  * now only logins with a valid public key will succeed.
+    * In the event of a loss of the public keys it's still possible to gain access via Fasthosts account dashboard
+      * -> then reconfigure sshd to accept password logins again until new keys can be uploaded.
+===== 06/04/25 : Renew SSL certificate =====
+  * Same procedure as before
+    * Download "Certificate" -> ''signed.crt''
+    * Download "Intermediate Certificate" -> ''ca.pem''
+    * Upload via WinSCP to VPS
+    * Copy old ''/usr/local/ssl/signed.crt'' -> ''signed.crt.old''
+    * Copy old ''/usr/local/ssl/ca.pem'' -> ''ca.pem.old''
+    * Copy new files into ''/usr/local/ssl''
+    * Restart Apache
+  * There were 2 "Intermediate Certificate" for download from Fast Hosts...
+    * I used the one named ''7D5B5126B476BA11DB74160BBC530DA7.cer''
+    * This is the same as the one used when I renewed ''YaddNet.org'' SSL [[public:radio:2025:yaddnet_ssl_renewal|]]
+    * It seems that the intermediate certificate is not unique to the domain being secured, it's a certificate that verifies the identity of the authenticator of the domain's SSL certificate.
+===== Old information below is for historical information =====
 <note warning>
@@ Line 22: / Line 121: @@
 </note>
-===== Old information below is for historical information =====
 <code>
 OS      : Debian 10 (Buster)
@@ Line 38: / Line 137: @@
 ==== Access via FastHosts ====
-  * browse to [[https://admin.fasthosts.co.uk/Servers/VPS/1116040162]] and login with credentials (email : g...@..p.....)
+  * browse to [[https://admin.fasthosts.co.uk/Servers/VPS/1116040162]] and login with credentials
 ===== Installing SSL for HTTPS =====
 ==== Create Certificates ====
@@ Line 183: / Line 282: @@
     * restarted apache ''sudo service apache2 restart''
   * check new valid certificate now in use in web browser
-    * {{:public:linux:screenshot_2024-04-04_07.24.16.png?400|}}
+    * {{:public:computers:screenshot_2024-04-04_07.24.16.png?400|}}
     * Validity Issued on & Expires on dates now show new certificate is in use
-===== New VPS : March 2025 =====
-  * New VPS 1 obtained at Fasthosts
-<code>
-Type:Virtual Machine
-Size:vps 1 2 60
-Cpu:1 vCore
-RAM:2 GB
-Disk:60 GB NVMe SSD
-</code>
-<code>
-Distributor ID: Ubuntu
-Description:    Ubuntu 24.04.1 LTS
-Release:        24.04
-Codename:       noble
-</code>
-  * Installed PHP and Apache2
-<code bash>
-gm4slv@gm4slv:~ $ php --version
-PHP 8.3.6 (cli) (built: Dec  2 2024 12:36:18) (NTS)
-Copyright (c) The PHP Group
-Zend Engine v4.3.6, Copyright (c) Zend Technologies
-    with Zend OPcache v8.3.6, Copyright (c), by Zend Technologies
-</code>
-  * configured SSL per previous method [[public:computers:ssl_install_vsp|]]
-  * changed SSH port from default 22 to a //new// port, changed VPS firewall to suit new SSH port
-  * Ubunto OS brought up to date: ''sudo apt-get update'' and ''sudo apt-get upgrade'' and ''sudo apt-get dist-upgrade''
-===== Dokuwiki Security =====
-  * previous installations used .htaccess to prevent web access to data/conf/lib/bin etc. directories
-  * this time I decided not to use .htaccess but to follow the alternative instructions in [[https://www.dokuwiki.org/security]] to use **LocationMatch**
-==== LocationMatch method ====
-Apache is told which directories (data, conf, bin, inc, vendor) to make private. The downside is that this configuration might need altering if new directories are added during ''dokuwiki'' upgrades.
-add to ''/etc/apache2/apache2.conf''
-<code apache>
-<LocationMatch "/(data|conf|bin|inc|vendor)/">
-    Order allow,deny
-    Deny from all
-    Satisfy All
-</LocationMatch>
-</code>
-''sudo service apache2 restart''
-==== .htaccess method ====
-the secured directories in ''dokuwiki'' have suitable .htaccess files already. Apache needs to betold to allow them to alter behaviour <code apache>AllowOverride All</code>
-add to ''/etc/apache2/apache2.conf''
-<code apache>
-         <Directory /var/www/html>
-                Options Indexes FollowSymLinks MultiViews
-                AllowOverride All
-                Order allow,deny
-                allow from all
-        </Directory>
-</code>
-''sudo service apache2 restart''
-===== SSH Security =====
-  * Configured ''sshd'' to disallow password-logins and only accept public-key authentication
-    * be careful to check the files in ''/etc/ssh/sshd_conf.d'' for hidden config options!
-  * uploaded public keys from
-    * Puttygen for [[https://www.putty.org/ | putty]] on laptop
-    * [[https://connectbot.org/ | ConnectBot ]] app on phone
-  * saved both in ''~.ssh/authorized_keys''
-  * now only logins with a valid public key will succeed.
-    * In the event of a loss of the public keys it's still possible to gain access via Fasthosts account dashboard, and then to reconfigure sshd to accept password logins again until new keys can be uploaded.
- //[[gm4slv@gm4slv.plus.com|John Pumford-Green]] Wed May  4 09:03:28 2022//
 Page Updated : ~~LASTMOD~~