Starting in Web server hosting and administration

[Craig Blake]

Hello all,

Not entirely sure where to put this thread.

I've got a VPS at DigitalOcean with FreeBSD 10.2 on it that I use for my wife's business site and my own personal site.
However, someone has asked me to develop a site for them and host it. I used to be a web designer, and I still code, though I can't design (due to visual impairment) on top of this I'm studying for a BSc in computer science since health has forced change of career.

I'd like to get into server administration, in particular for web hosting.

I see a lot of companies out there charging massive $£€¥ for server management services, which I considered, but I figured for a small 3 site VPS I could use this as a means to learn how to do it myself since my degree is part time.

What do people recommend to use in terms of security and hardening, monitoring services and maintenance and performance optimization.

If I could make my life "easier" by switching form a graphics career to a sysadmin and/or programmer. It'll be nice to get back into work!

Thanks,
Craig

 

[Deleted member 9563]

What do people recommend to use in terms of security and hardening, monitoring services and maintenance and performance optimization.

No root login and fail2ban. You can do more, but that should keep you fairly secure with just a few minutes work.

 

[SirDice]

Don't forget to update the system regularly. Or at least when there's a security issue. For ports/packages you can keep an eye on pkg audit. For the base OS I recommend getting the FreeBSD-security-notifications@FreeBSD.org mailinglist.

 

[Deleted member 9563]

web hosting

If that includes offering e-mail then you would want to use an automatic black list checker. Actually, probably best to get e-mail service from some place that specializes in that. (This guy has a good reputation.)

 

[Craig Blake]

Hello everybody,

Thank you for all your suggestions. I am just a bit paranoid with all the security hype lately (which is fair enough, we do need to concentrate on it). It seems that FreeBSD is fairly secure out the box if I just do a SSH-only login and fail2ban.
I suppose the real work comes into protecting port 80 and other ports that I need to open and close the rest. And I suppose mod_security does a decent enough job on web server security.

Does anybody have any suggestion regarding monitoring systems? I read a little about Zabbix the other day and was wondering whether that was overkill. Though I'm using DigitalOcean so can always upgrade the vPS any time I need to.

There are also a number of logs to watch. Is there any way to have a constantly updating stream reading these log files in a terminal window? Or would it be simpler to use something like Zabbix?

Thanks again for all your advice.

 

[metsuke]

Zabbix is nice in that you can create checks for anything that you can put in a shell script (so anything). My work deployed Zabbix across thousands of nodes, and created checks with dependencies. For instance, check first if MySQL is installed, and if so, then check if it is running. I have no complaints yet, and it appears to just work.