OS      : Debian 10 (Buster)
RAM     : 0.5GB
Network : 400MB 
SSD     : 10GB

IP Address : 213.171.209.127
Hostname   : gm4slv.org.uk
Open Ports : ssh, http, https

Domain Name  : gm4slv.org.uk
Renewal date : 3/4/2024

• browse to https://admin.fasthosts.co.uk/Servers/VPS/1116040162 and login with credentials (email : g…@..p…..)

First : obtain SSL Certificates

Second : configure Apache to use HTTPS

        ServerName gm4slv.org.uk
        ServerAlias www.gm4slv.org.uk
        Redirect permanent / https://gm4slv.org.uk/
 

Browse to https://gm4slv.org.uk

• new Signed and CA (intermediate) certificates obtained and installed in /usr/local/ssl

• Original configuration VPS XS : 500MB RAM and 10GB SSD @ £1 per month (plus VAT)
• Upgrade to VPS S : 1GB RAM and 20GB SSD @ £3 per month (plus VAT)
• VPS rebooted for upgrade
• RAM seems to have increased to 1GB but reported 'df -h' still shows 7.5GB total for / and 1.9GB for Swap. This is only 10GB.
• Perhaps more time is needed for VM to catch up and expand the Virtual Hard Drive?
• Gotcha…. the Virtual Drive was increased to 20GB, but not the partition or the filesystem… the only way to get a full 20GB was to “rebuild” the VPS….
• took a backup of the dokuwiki files (rsync mirrored them to shack PC). Hit “Rebuild” and built a new VPS. Applied for replacement SSL keys (had to make a new CSR/KEY first)…
• Used rsync to send back the dokuwiki files (from the shack PC mirror)
• set up Apache2 to use the new SSL certificates…
• VPS is now rebuilt and all wiki files restored & Apache2 uses HTTPS.

• Upgraded from Buster (10) → Bullseye (11)
• Upgraded Dokuwiki (this needed PHP7.4 from Buster, which is why the Debian upgrade was necessary) to the newest version (Release 2024-02-06a “Kaos”)
• Upgraded from Bullseye (11) → Bookwork (12) - might as well get to STABLE

• Upgraded to Trixie (testing)

gm4slv@gm4slv:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux trixie/sid
Release:        n/a
Codename:       trixie

deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian trixie main contrib non-free non-free-firmware
 
 
#deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
#deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
 
deb http://deb.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian-security trixie-security main contrib non-free non-free-firmware

• Dokuwiki still working correctly with latest versions of Apache and PHP

gm4slv@gm4slv:~$ php --version
PHP 8.2.12 (cli) (built: Jan  8 2024 06:21:20) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.12, Copyright (c) Zend Technologies
    with Zend OPcache v8.2.12, Copyright (c), by Zend Technologies

• 03/04/24 Domain Name auto-renewed for 2 years until April 2026
• 04/04/24 SSL Certificate auto-renewed for 1 year until May 2025

• SSL Certificates Auto Renewed by Fasthosts
• download new certificates from Fasthosts control panel:
  • New “Certificate” downloaded and renamed “signed.crt”
  • New “Intermediate Certificate” downloaded and renamed “ca.pem”
• copied both → VPS $HOME dir via SCP
• On VPS →
  • copied current /usr/local/ssl/ca.pem → ca_old.pem
  • copied current /usr/local/ssl/signed.crt → signed_old.crt
  • copied new ca.pem from $HOME to /usr/local/ssl/ca.pem
  • copied new signed.crt from $HOME to /usr/local/ssl/signed.crt
  • restarted apache sudo service apache2 restart
• check new valid certificate now in use in web browser
  • 
  • Validity Issued on & Expires on dates now show new certificate is in use

• New VPS 1 obtained at Fasthosts

Type:Virtual Machine
Size:vps 1 2 60
Cpu:1 vCore
RAM:2 GB
Disk:60 GB NVMe SSD

Distributor ID: Ubuntu
Description:    Ubuntu 24.04.1 LTS
Release:        24.04
Codename:       noble

• Installed PHP and Apache2

gm4slv@gm4slv:~ $ php --version
PHP 8.3.6 (cli) (built: Dec  2 2024 12:36:18) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.6, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.6, Copyright (c), by Zend Technologies

• configured SSL per previous method SSL Install on VPS
• changed SSH port from default 22 to a new port, changed VPS firewall to suit new SSH port
• Ubunto OS brought up to date: sudo apt-get update and sudo apt-get upgrade and sudo apt-get dist-upgrade

• previous installations used .htaccess to prevent web access to data/conf/lib/bin etc. directories
• this time I decided not to use .htaccess but to follow the alternative instructions in https://www.dokuwiki.org/security to use LocationMatch

Apache is told which directories (data, conf, bin, inc, vendor) to make private. The downside is that this configuration might need altering if new directories are added during dokuwiki upgrades.

add to /etc/apache2/apache2.conf

<LocationMatch "/(data|conf|bin|inc|vendor)/">
    Order allow,deny
    Deny from all
    Satisfy All
</LocationMatch>

sudo service apache2 restart

the secured directories in dokuwiki have suitable .htaccess files already. Apache needs to betold to allow them to alter behaviour

AllowOverride All

add to /etc/apache2/apache2.conf

         <Directory /var/www/html>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

sudo service apache2 restart

• Configured sshd to disallow password-logins and only accept public-key authentication
  • be careful to check the files in /etc/ssh/sshd_conf.d for hidden config options!
• uploaded public keys from
  • Puttygen for putty on laptop
  • ConnectBot app on phone
• saved both in ~/.ssh/authorized_keys
• now only logins with a valid public key will succeed.
  • In the event of a loss of the public keys it's still possible to gain access via Fasthosts account dashboard
    • → then reconfigure sshd to accept password logins again until new keys can be uploaded.

Page Updated : 06/03/25 20:27 GMT