Date: Sun, 23 Jun 2019 22:03:48 +0530
Add a non root user
First thing i want to setup is to disallow root login and setup a new user
Set appropriate permissions for ssh folder
Next i want to copy the ~/.ssh folder to /home/vector/.ssh and set the appropriate permissions for the ssh folder.
cp -R ~/.ssh /home/vector/.ssh
chown -R vector:vector .ssh
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
Disallow root logging in /etc/sshd_config
Edit /etc/ssh/sshd_config and disallow root login. Before closing root shell make sure you are able to login with the user vector and that you are able to use sudo.
Now you are done with the security part. good job!
Certbot
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx certonly
Now we have the certificate and key in /etc/letsencrypt/live/resoaxes.com/;
Next, tell nginx to turn on ssl, and point it to the ssl certificate and ssl certificate key
Add the following block to the server section:
ssl on;
ssl_certificate /etc/letsencrypt/live/resoaxes.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/resoaxes.xyz/privkey.pem;
Since ssl connections listen on port 443 and not 80, edit 80 and replace it with 440
Create a new server block that listens on port 80, rewrite links to https
server {
listen 0.0.0.0:80;
server_name resoaxes.xyz www.resoaxes.xyz;
rewrite ^ https://$host$request_uri? permanent;
}
Now everything works. Redirecting to the website with https!
The next thing to setup is the https protected directories. These will be my private notes.
Password protect a directory in nginx
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd vector
sudo vim /etc/nginx/sites-available/resoaxes.xyz
Create a new location block underneath the original to server your protect directory
Enable HTTP/2
server {
listen 443 http2 default_server;
listen :443 http2 default_server;
#... all other content
}
Enable gzip compression
server {
#...previous content
gzip on;
gzip_types application/javascript image/* text/css;
gunzip on;
}
I haven't done this because of this vulnerability: https://en.wikipedia.org/wiki/CRIME
Outline VPN
Install docker and make sure its running
sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker
sudo systemctl status docker
Installing outline VPN. Make sure you have maximized your terminal at this point, we will need the output from this command.
sudo su
wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh | bash
Paste the output of the command somewhere. Its important.
... After doing all this, I'd say the recommended way to install outline would be to download Outline App Manager and following the 2 line instruction there.
Neovim config
~/.config/nvim/init.lua:
-- Remap Space to Leader in normal and visual mode
vim.keymap.set({ 'n', 'v' }, '<Space>', '<Nop>', { silent = true })
vim.g.mapleader = " "
-- H,L to switch tabs in normal mode
vim.keymap.set('n', 'H', function()
vim.cmd("tabp")
end, { desc = 'Switch to previous tab' })
vim.keymap.set('n', 'L', function()
vim.cmd("tabn")
end, { desc = 'Switch to next tab' })
-- Copy the directory containing file
vim.keymap.set('n', '<leader>cd', function()
local cwd = vim.fn.expand('%:p:h')
vim.fn.setreg('+', cwd)
print("Copied " .. cwd .. " to + register.")
end, { desc = "Copy the directory containing file" })
-- Copy the file path
vim.keymap.set('n', '<leader>cp', function()
local fp = vim.fn.expand('%:p')
vim.fn.setreg('+', fp)
print("Copied " .. fp .. " to + register.")
end, { desc = "Copy the file path" })