these notes are from the udemy course secure vps

1. Using DigitalOcean, Choose the LEMP image.
2. Link the domain name to the VPS IP ADDRESS.
3. Connect to the Server with SSH, on windows: putty / on mcOS: ssh command.
4. Update package and reboot

   apt-get update
   apt-get upgrade
   reboot #restart server
   

5. Configuring nginx
   • Check Configuration here /etc/nginx
   • Create a folder for your website here /var/www
   • Copy the default file here /etc/nginx/sites-available, and set the server configuration
   • link the file in /etc/nginx/sites-available:

   sudo ln -s /etc/nginx/sites-available/aladinstudio /etc/nginx/sites-enabled/aladinstudio
   

   • Check for errors:

   sudo nginx -t
   

   • Reload configuration:

   sudo service nginx reload
   

   • By now, the website is live: aladinstudio.com
   • To remove server details being displayed in browsers, In /etc/nginx/nginx.conf uncomment the line # server_tokens off;
   • Avoiding XSS attacks, add the flowing line in In /etc/nginx/nginx.conf, after the line gzip on;

   # avoiding xss attacks
   add_header X-Content-Type-Options "nosniff" always;
   add_header X-Frame-Options "SAMEORIGIN" always;
   add_header X-XSS-Protection "1; mode=block" always;
   

   then check for errors and reload configuration

   sudo nginx -t
   sudo service nginx reload
   

   • Mitigating Dos and DDoS attacks, add the flowing line in In /etc/nginx/nginx.conf

   client_body_buffer_size 4m;
   large_client_header_buffers 4 4m;
   limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
   limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=1r/s;
   limit_conn conn_limit_per_ip 15;
   limit_req zone=req_limit_per_ip burst=20;
   

   then check for errors and reload configuration
6. Secure mysql database:

   sudo mysql_secure_installation
   

   then basically yes for every question.
7. Install free SSL certificate for https:

   # Installing Certbot
   sudo add-apt-repository ppa:certbot/certbot
   sudo apt install python-certbot-nginx
   # Obtaining an SSL Certificate
   sudo certbot --nginx -d example.com -d www.example.com
   

   more detailed process here.
8. For WordPress installation follow this guide.

SSH Client: link
Filezilla: link

man # get commands manual.  

pwd # path of the current directory.  

cd /      # go to root.  
cd /usr/  # got to user folder.  
cd -      # goto previous folder.  
cd ..     # goto parent folder.    

ls -a # display all.

nano file.txt          # create file.txt.
cp file.txt file2.txt  # copy file.txt to file2.txt.
mv file2.txt /file.txt # move file2.txt to root folder file.txt.
rm file.txt            # remove file.txt from current folder.

mkdir test         # make folder test.
cp -r test/ test2/ # copy folder test and its files.
mv test/ test2/
rm -r test         # remove folder.
rmdir test         # remove empty folder.
rm -ri test        # add confirmation to remove folder.

apt-get install package-name # install package-name
apt-get remove package-name  # uninstall package-name but keep configuration files.
apt-get purge package-name   # uninstall package-name and all it configuration files.
apt-get update               # update all packages
apt-get autoremove           # delete anciant packages.

reboot

sudo service docker status # check status of service docker
service nginx stop    # stop service nginx.
service nginx start   # start service nginx.
service nginx restart # restart service nginx.
service nginx reload  # reload configuration files and settings.

mv composer.phar /usr/local/bin/composer # make composer globally accessible.

ssh-keygen -t rsa -b 4096 -C "root"

adduser test

deluser test
rm -r /home/test

sudo adduser user_test sudo

sudo chown -R www-data permissions/ # assigning right over permissions folder for user www-data.

Who are we changing the permission for? [ugoa] - user (or owner), group, others, all Are we granting or revoking the permission - indicated with either a plus ( + ) or minus ( - ) Which permission are we setting? - read ( r ), write ( w ) or execute ( x )

chmod [permissions] [path]

Using Binary References to Set permissions: The first number represents the Owner permission; the second represents the Group permissions; and the last number represents the permissions for all other users. The numbers are a binary representation of the rwx string.

chmod 740 file1

sudo ufw status                  # check firewall status.
sudo apt-get install ufw         #if not installed
sudo ufw enable                  #activate the firewall
sudo ufw disable
sudo ufw default deny incoming   # deny incoming connections
sudo ufw default allow outgoing  # deny outgoing connections
sudo ufw allow ssh
sudo ufw allow www               #allow port 80 (http)
sudo ufw allow 443/tcp           #allow manually port 443 (https)
sudo ufw delete allow 80/tcp          #deny access with http

/etc/nginx/nginx.conf

/var/www/

sudo mysql_secure_installation

then basically yes for every question.

/etc/nginx/nginx.conf

/var/www/

Steps to Install SSL: link
Link to test SSL level of security: link