Ci-dessous, les différences entre deux révisions de la page.
Révision précédente | |||
— | vps [2019/07/17 19:24] (Version actuelle) – modification externe 127.0.0.1 | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | ====== Configurer VPS ====== | ||
+ | Via l' | ||
+ | ===== Liens ===== | ||
+ | *[[https:// | ||
+ | *[[https:// | ||
+ | *[[https:// | ||
+ | *[[https:// | ||
+ | *[[https:// | ||
+ | *[[https:// | ||
+ | |||
+ | ===== Fail2ban ===== | ||
+ | |||
+ | La configuration se fait dans ce fichier | ||
+ | |||
+ | / | ||
+ | |||
+ | # service restart fail2ban | ||
+ | |||
+ | On peut lister les jails actives : # fail2ban-client status | ||
+ | |||
+ | Pour lister l’état de la jail ssh : # fail2ban-client status ssh | ||
+ | |||
+ | Logs : # tail -f / | ||
+ | |||
+ | |||
+ | Rapport de tous les jails | ||
+ | <code bash> | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Iptables ===== | ||
+ | |||
+ | Activer le parefeu applicatif d'OVH | ||
+ | |||
+ | Activer le parefeu du serveur | ||
+ | https:// | ||
+ | |||
+ | ===== msmtp ===== | ||
+ | |||
+ | https:// | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== yunohost ===== | ||
+ | |||
+ | https:// | ||
+ | |||
+ | https:// | ||
+ | https:// | ||
+ | |||
+ | ===== ssh ===== | ||
+ | |||
+ | Fermer le port 22 et en sélectionner un autre | ||
+ | |||
+ | yunohost n' | ||
+ | |||
+ | Choisir une authentification par cle et non mot de passe | ||
+ | |||
+ | |||
+ | ==== Authentification SSH par clé ==== | ||
+ | |||
+ | |||
+ | Sur le client : ssh-keygen | ||
+ | Your identification has been saved in / | ||
+ | cat ~/ | ||
+ | |||
+ | Envoyer la clef au serveur | ||
+ | cat ~/ | ||
+ | |||
+ | |||
+ | ==== Supprimer identification MDP ==== | ||
+ | |||
+ | <code | copy> | ||
+ | |||
+ | nano / | ||
+ | # Modifiez ou ajoutez la ligne suivante | ||
+ | PasswordAuthentication no | ||
+ | ..... | ||
+ | systemctl restart ssh | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Etre averti d'une connexion SSH sur son serveur ===== | ||
+ | |||
+ | <code bash> | ||
+ | #!/bin/sh | ||
+ | |||
+ | DEST=MonAdresse@Mail.ext | ||
+ | DATE=`date " | ||
+ | IP=`echo $SSH_CONNECTION | awk ' | ||
+ | REVERSE=$(dig -x $IP +short) | ||
+ | MSG=" | ||
+ | IP: $IP | ||
+ | ReverseDNS: $REVERSE | ||
+ | Date: $DATE" | ||
+ | |||
+ | echo " | ||
+ | |||
+ | |||
+ | ===== Dokuwiki ===== | ||
+ | |||
+ | |||
+ | Recupérer le dossier data du répertoire dokuwiki de l' | ||
+ | Sauvegarder le dokuwiki de Yunohost | ||
+ | <code bash>mv / | ||
+ | Copier le dossier data de l' | ||
+ | cp -rf dataDokuwikiAncienSite / | ||
+ | |||
+ | |||
+ | On adapte les droits et les perms | ||
+ | |||
+ | <code bash> | ||
+ | chown -R / | ||
+ | chmod 640 / | ||
+ | |||
+ | chown dokuwiki: | ||
+ | |||
+ | |||
+ | Copier les répertoires manquants | ||
+ | <code bash>mv data-BACKUP/ | ||
+ | mv data-BACKUP/ | ||
+ | |||
+ | ===== Backup ===== | ||
+ | |||
+ | |||
+ | Upload / Download Backup | ||
+ | |||
+ | <code bash>scp -P NumPort DIR-SOURCE DIR-DEST</ | ||
+ | |||
+ | |||
+ | < | ||
+ | scp -P 1234 / | ||
+ | scp -P 1234 login@serveur.ext:/ | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Tester sa config mail ===== | ||
+ | |||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | |||
+ | ajouter alias abuse@mondaime.ext | ||
+ | |||
+ | Tester son DKIM | ||
+ | <code bash>dig +short TXT mail._domainkey.monDomaine.ext</ | ||
+ | |||
+ | |||
+ | |||
+ | ===== mise à jour ===== | ||
+ | |||
+ | yunohost tools update | ||
+ | yunohost tools upgrade --ignore-apps | ||
+ | |||
+ | |||
+ | reverse dns | ||
+ | <code bash> dig -x IP | ||
+ | dig +noall +answer -x IP | ||
+ | </ | ||
+ | |||
+ | ===== wordpress bloquer types mimes ===== | ||
+ | |||
+ | Création d'un plugin | ||
+ | <code bash> | ||
+ | <code | download> | ||
+ | <?php | ||
+ | /** | ||
+ | * Plugin Name: Custom mime types | ||
+ | * Plugin URI: https:// | ||
+ | * Description: | ||
+ | * Version: 1.0 | ||
+ | * Author: crust | ||
+ | * Author URI: http:// | ||
+ | **/ | ||
+ | function custom_mime_types( $mimes ){ | ||
+ | // Forbiden ALL | ||
+ | | ||
+ | // OK 4 svg, jpg and mp3 only | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | // List mime types available here | ||
+ | // https:// | ||
+ | return $mimes; | ||
+ | } | ||
+ | add_filter(' | ||
+ | ?> | ||
+ | </ | ||
+ | |||
+ | ===== Modifier le thème du SSO de yonohost ===== | ||
+ | |||
+ | https:// | ||
+ | |||
+ | Penser à rafraichir le cache du navigateur (avec FF) | ||
+ | Ctrl+Maj+R | ||