Old information below is for historical information
- Access via FastHosts
Installing SSL for HTTPS
20/04/23 Renew SSL Certificate
Hardware Upgrade 20/4/23
Debian Upgrade 15/2/24
Debian Upgrade 16/2/24
2024 gm4slv.org.uk domain renewed
04/04/24 : Install Renewed SSL Certificate
New VPS : March 2025
Dokuwiki Security
- LocationMatch method
- .htaccess method
SSH Security

VPS Notes

GM4SLV.ORG.UK VPS : New VPS created 6^th March 2025

To separate my personal wiki site from yaddnet.org server
Wiki backed-up and moved from yaddnet.org to new gm4slv.org.uk VPS
SSL Certificate replaced to enable HTTPS

GM4SLV.ORG.UK VPS : CANCELLED AND DELETED 9^th October 2024

Wiki functionality easily provided by yaddnet.org VPS
wiki pages & data transferred to yaddnet.org
Fasthosts deleted VPS following telephone confirmation
- deletion/cancellation not possible via Control Panel
- telephone call-back needed to confirm

Old information below is for historical information

OS      : Debian 10 (Buster)
RAM     : 0.5GB
Network : 400MB 
SSD     : 10GB

IP Address : 213.171.209.127
Hostname   : gm4slv.org.uk
Open Ports : ssh, http, https

Domain Name  : gm4slv.org.uk
Renewal date : 3/4/2024

Access via FastHosts

browse to https://admin.fasthosts.co.uk/Servers/VPS/1116040162 and login with credentials (email : g…@..p…..)

Installing SSL for HTTPS

Create Certificates

First : obtain SSL Certificates

Configure APACHE

Second : configure Apache to use HTTPS

copy self generated gm4slv.org.uk.key from the “openssl” command to /usr/local/ssl/
copy the *crt for the newly obtained signed *.crt file renamed as signed.crt to /usr/local/ssl
copy the “intermediate” file to /usr/local/ssl/ (renamed as ca.pem)
edit apache config… looks like /etc/apache2/sites-available/default-ssl.conf
- SSLCertificateFile /usr/local/ssl/signed.crt
- SSLCertificateKeyFile /usr/local/ssl/gm4slv.org.uk.key
- SSLCertificateChainFile /usr/local/ssl/ca.pem
make symlink sites-enabled/default-ssl.conf pointing to sites-available/default-ssl.conf
a2enmod ssl
restart apache2
will it be listening on port 443? yes
open firewall port 443 on Fasthost control panel
Can I reach it with https://gm4slv.org.uk? yes
Can I still reach it with http://gm4slv.org.uk? yes
force redirect of plain HTTP: to HTTPS:
add to 000-default.conf:

        ServerName gm4slv.org.uk
        ServerAlias www.gm4slv.org.uk
        Redirect permanent / https://gm4slv.org.uk/

taken from https://linuxize.com/post/redirect-http-to-https-in-apache/
restart apache2
verify SSL access ok - yes
verify non-SSL is redirected to SSL - yes

Confirm proper security

Browse to https://gm4slv.org.uk

20/04/23 Renew SSL Certificate

new Signed and CA (intermediate) certificates obtained and installed in /usr/local/ssl

Hardware Upgrade 20/4/23

Original configuration VPS XS : 500MB RAM and 10GB SSD @ £1 per month (plus VAT)
Upgrade to VPS S : 1GB RAM and 20GB SSD @ £3 per month (plus VAT)
VPS rebooted for upgrade
RAM seems to have increased to 1GB but reported 'df -h' still shows 7.5GB total for / and 1.9GB for Swap. This is only 10GB.
Perhaps more time is needed for VM to catch up and expand the Virtual Hard Drive?
Gotcha…. the Virtual Drive was increased to 20GB, but not the partition or the filesystem… the only way to get a full 20GB was to “rebuild” the VPS….
took a backup of the dokuwiki files (rsync mirrored them to shack PC). Hit “Rebuild” and built a new VPS. Applied for replacement SSL keys (had to make a new CSR/KEY first)…
Used rsync to send back the dokuwiki files (from the shack PC mirror)
set up Apache2 to use the new SSL certificates…
VPS is now rebuilt and all wiki files restored & Apache2 uses HTTPS.

Debian Upgrade 15/2/24

Upgraded from Buster (10) → Bullseye (11)
Upgraded Dokuwiki (this needed PHP7.4 from Buster, which is why the Debian upgrade was necessary) to the newest version (Release 2024-02-06a “Kaos”)
Upgraded from Bullseye (11) → Bookwork (12) - might as well get to STABLE

Debian Upgrade 16/2/24

Upgraded to Trixie (testing)

gm4slv@gm4slv:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux trixie/sid
Release:        n/a
Codename:       trixie

deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian trixie main contrib non-free non-free-firmware
 
 
#deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
#deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
 
deb http://deb.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian-security trixie-security main contrib non-free non-free-firmware

Dokuwiki still working correctly with latest versions of Apache and PHP

gm4slv@gm4slv:~$ php --version
PHP 8.2.12 (cli) (built: Jan  8 2024 06:21:20) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.12, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.12, Copyright (c), by Zend Technologies

2024 gm4slv.org.uk domain renewed

03/04/24 Domain Name auto-renewed for 2 years until April 2026
04/04/24 SSL Certificate auto-renewed for 1 year until May 2025

04/04/24 : Install Renewed SSL Certificate

SSL Certificates Auto Renewed by Fasthosts
download new certificates from Fasthosts control panel:
- New “Certificate” downloaded and renamed “signed.crt”
- New “Intermediate Certificate” downloaded and renamed “ca.pem”
copied both → VPS $HOME dir via SCP
On VPS →
- copied current /usr/local/ssl/ca.pem → ca_old.pem
- copied current /usr/local/ssl/signed.crt → signed_old.crt
- copied new ca.pem from $HOME to /usr/local/ssl/ca.pem
- copied new signed.crt from $HOME to /usr/local/ssl/signed.crt
- restarted apache sudo service apache2 restart
check new valid certificate now in use in web browser
- Validity Issued on & Expires on dates now show new certificate is in use

New VPS : March 2025

New VPS 1 obtained at Fasthosts

Type:Virtual Machine
Size:vps 1 2 60
Cpu:1 vCore
RAM:2 GB
Disk:60 GB NVMe SSD

Distributor ID: Ubuntu
Description:    Ubuntu 24.04.1 LTS
Release:        24.04
Codename:       noble

Installed PHP and Apache2

gm4slv@gm4slv:~ $ php --version
PHP 8.3.6 (cli) (built: Dec  2 2024 12:36:18) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.6, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.6, Copyright (c), by Zend Technologies

configured SSL per previous method SSL Install on VPS
changed SSH port from default 22 to a new port, changed VPS firewall to suit new SSH port
Ubunto OS brought up to date: sudo apt-get update and sudo apt-get upgrade and sudo apt-get dist-upgrade

Dokuwiki Security

previous installations used .htaccess to prevent web access to data/conf/lib/bin etc. directories
this time I decided not to use .htaccess but to follow the alternative instructions in https://www.dokuwiki.org/security to use LocationMatch

LocationMatch method

Apache is told which directories (data, conf, bin, inc, vendor) to make private. The downside is that this configuration might need altering if new directories are added during dokuwiki upgrades.

add to /etc/apache2/apache2.conf

<LocationMatch "/(data|conf|bin|inc|vendor)/">
    Order allow,deny
    Deny from all
    Satisfy All
</LocationMatch>

sudo service apache2 restart

.htaccess method

the secured directories in dokuwiki have suitable .htaccess files already. Apache needs to betold to allow them to alter behaviour

AllowOverride All