Original Post – https://www.codingpaths.com/django/initial-server-setup/

Initial Server Setup

In this blog, we will be going through initial server setup on Centos7. This is generally recommended before diving straight into production. Centos is an open source Linux distribution under RHEL(Red Hat Enterprise Linux). The reason why Centos is preferred over Ubuntu is because of its stability. Its updates can take about more than 7-8 years to come.

1. Configuring Centos 7

After purchasing a server, login into it using the ssh command in the terminal. Remember to use your public ip and the password given by the administrator.

ssh root@your_ip_here
ssh root@your_ip_here
ssh root@your_ip_here

If you are getting a warning like “LC_CTYPE: cannot change locale (UTF-8): No such file or directory”, then enter the following command in your local terminal by logging out. The LC variables determine the language of encoding the characters. So, we need to export this variable.

<span>logout export </span><span>LC_ALL</span><span>=</span><span>"en_US.UTF-8"</span>
ssh root@your_ip_here
<span>logout export </span><span>LC_ALL</span><span>=</span><span>"en_US.UTF-8"</span>
ssh root@your_ip_here
logout export LC_ALL="en_US.UTF-8"
ssh root@your_ip_here

Updating centos

<span>sudo </span>yum update
<span>sudo </span>yum upgrade
<span>sudo </span>yum update
<span>sudo </span>yum upgrade
sudo yum update
sudo yum upgrade

Setting up hostname

hostnamectl set-hostname centos-server
<span>hostname</span> <span># to check the hostname</span>
hostnamectl set-hostname centos-server
<span>hostname</span> <span># to check the hostname</span>
hostnamectl set-hostname centos-server
hostname # to check the hostname

Setting up hostname in the hosts file

<span>sudo </span>nano /etc/hosts
<span>sudo </span>nano /etc/hosts
sudo nano /etc/hosts

Add your ip followed by tab and then type centos-server which is the hostname. Then hit CTRL+x to exit and enter to save the changes.

2. Adding a new user

Root has the most privileges in the OS. It can be destructive to operate the server under root user. To limit the scope, we will be creating a new user. In future, if any need arises, we will change the permissions for this user.

adduser user_name
passwd user_name <span>#setting up password for new user</span>
gpasswd <span>-a</span> user_name wheel <span>#adding sudo privileges</span>
<span>logout</span>
adduser user_name
passwd user_name <span>#setting up password for new user</span>
gpasswd <span>-a</span> user_name wheel <span>#adding sudo privileges</span>
<span>logout</span>
adduser user_name
passwd user_name #setting up password for new user
gpasswd -a user_name wheel #adding sudo privileges
logout

3. Securing the server

There are bots all around trying to find vulnerabilities in the servers. Till now, we have used password based authentication which is highly exploitable. These bots try brute force attacks to enter our server. So to fix this, we will disable password based authentication and setup ssh keys. These ssh keys will be stored in the local machine and the server. After this whenever we try to ssh into our server, it will analyse the keys and give access. So, setting up ssh keys for authentication in the local machine in home directory. Hit enter for default actions –

ssh-keygen <span>-t</span> rsa <span>#generating keys</span>
ssh-copy-id user_name@your_ip_here <span>#coping the keys to the server</span>
<span>logout</span>
ssh-keygen <span>-t</span> rsa <span>#generating keys</span>
ssh-copy-id user_name@your_ip_here <span>#coping the keys to the server</span>
<span>logout</span>
ssh-keygen -t rsa #generating keys
ssh-copy-id user_name@your_ip_here #coping the keys to the server
logout

Now you can ssh login without password for the new user –

ssh user_name@your_ip_here
ssh user_name@your_ip_here
ssh user_name@your_ip_here

Change configuration in /etc/ssh/sshd_config, thereby making our server more secure –

PermitRootLogin no
PasswordAuthentication no
PermitRootLogin no
PasswordAuthentication no
PermitRootLogin no
PasswordAuthentication no

<span>sudo </span>nano /etc/ssh/sshd_config
<span>sudo </span>systemctl restart sshd
<span>sudo </span>nano /etc/ssh/sshd_config
<span>sudo </span>systemctl restart sshd
sudo nano /etc/ssh/sshd_config
sudo systemctl restart sshd

Up next – Deploy Django Applications on Centos
Thanks for reading!

原文链接：Initial Server Setup – Django Deploy