Self Host 101 - Set up and Secure Your Own Server

00:00

you are looking at SSH login attempts to

00:02

a brand new virtual private server that

00:04

I just created and if you have your own

00:06

VPS and you haven't taken the steps to

00:08

lock it down try running this command to

00:10

see if there are login attempts

00:12

happening and you'll be surprised to

00:13

what you find because there are hackers

00:15

running automated scripts 24/7 trying to

00:17

find and exploit vulnerable servers and

00:19

you don't want to be a victim of this

00:21

now in this video I'm going to show you

00:23

the basics of setting up and locking

00:24

down a VPS to prevent these login

00:26

attempts and automatically block other

00:27

types of attacks as well this will be

00:30

the first video in a series on

00:32

self-hosting with the VPS so if this

00:34

kind of thing interests you let us know

00:35

in the comments and also stick around

00:37

for future videos in the series where we

00:38

take this VPS and turn it into a web

00:40

server or a database server now whether

00:43

you're a complete beginner a hobbyist or

00:44

a developer that wants to start managing

00:46

their own servers this video will show

00:48

you everything you need to know to

00:49

create a secure locked down VPS that's

00:51

ready to run any service you throw at it

00:53

so let's jump in I'm CJ welcome to

00:58

sentense

01:04

now if you're new to the world of vpss

01:06

welcome there are a lot of things you

01:07

can do with them and a lot of reasons

01:09

why you would want to manage one

01:10

yourself now a VPS is just one way to

01:12

host things on the web if you're

01:14

interested in learning about more check

01:15

out episode 615 of syntax where Wes and

01:18

Scott compare the different kinds of

01:19

hosting and the various providers now

01:21

like I mentioned you can do a lot of

01:22

things with a VPS and one of the reasons

01:24

people typically start learning about

01:26

and looking into VPS is to self-host uh

01:29

things like a personal Media Server Like

01:31

Plex jellyfin or MB or host their own

01:34

cloud with something like nexcloud or

01:35

host photos with something like Photo

01:37

prism or host your own password manager

01:39

with like bit Warden or passbolt uh but

01:42

you can also self-host your own

01:43

applications and web services things

01:45

like a custom Discord bot or some long

01:47

running process or like a websocket

01:49

server or self-host your own instance of

01:51

Sentry you could also run web servers

01:53

like enginex Apache or caddy you can

01:55

host databases like MySQL postgress

01:57

mongodb or reddis and others and

01:59

ultimately reduce your dependency on

02:01

managed services like versell netlify

02:02

Heroku render Railway fly.io am I

02:05

missing any and also manage database

02:07

services like AWS RDS Planet scale neon

02:09

and others now in episode 730 of syntax

02:12

Wes and Scott talk about some of these

02:14

paas or platform as a Service

02:16

Alternatives they talk about things like

02:18

uh piku doku Kubo cap Rover kifi

02:22

probably a couple others and these all

02:23

allow you to get the same functionality

02:25

as verell or netlify but running on your

02:27

own server now managing a VPS is not not

02:30

for the faint of heart it requires

02:31

constant attention and maintenance which

02:33

is why managed Services exist and why

02:35

this type of thing is typically a

02:36

full-time job but if this kind of thing

02:38

still interests you let's get into it

02:41

now the next part of this video will

02:42

assume that you want to set up a VPS and

02:44

you have acquired one so like I

02:45

mentioned check out episode 615 of

02:47

syntax if you'd like to know where to

02:49

get one and more about these various

02:51

hosting providers now I'm going to be

02:53

setting up a tiny VPS it's running

02:55

Ubuntu

02:56

22.041 gig of RAM 1 CPU and 10 GB of dis

03:00

space now this video is not sponsored by

03:02

any VPS hosting or domain provider so

03:04

I'm going to keep things fairly generic

03:06

so you can use whatever you can afford

03:07

and whatever you prefer now depending on

03:09

the type of workload you're going to be

03:11

running on this VPS you might need

03:12

better specs but for me I'm going to

03:14

have a few static sites a few node.js

03:16

applications and a couple databases so

03:18

the minimal specs that I mentioned will

03:20

work for what I need to

03:26

do now let's connect to rvps for this

03:29

we're going to use a thing called SSH

03:32

and you're going to need a terminal to

03:33

do this now on a Mac I am using an app

03:36

called iterm you can also use the

03:37

buil-in terminal on a Mac if you're on

03:39

Windows there's a thing called Windows

03:40

terminal if you're on Linux just search

03:42

for the app called terminal and open it

03:45

up and we're going to want to run the

03:46

command SSH so once it's open we're

03:48

going to type SSH and then we'll need to

03:50

type the username that has been set up

03:52

for us on the VPS now this is going to

03:54

vary by where you got your VPS for me

03:57

the VPS username is root and we're going

04:00

to log in with that you yours might be

04:02

admin or Ubuntu or Debian uh it might

04:05

vary but for me it's root and then after

04:07

the at sign we're going to put in the IP

04:09

address of our server now this IP

04:11

address will be listed in whatever

04:12

dashboard of wherever you got your VPS

04:14

but this is a public IP address and that

04:16

means anyone in the world that's on the

04:18

internet will be able to access uh the

04:20

server at this IP address just like

04:21

we're about to access this server now

04:23

you should have a command that's SSH

04:24

username at IP address hit enter and now

04:27

it's going to attempt to connect now the

04:28

first time you're ever connected ing to

04:30

a server you're going to see this

04:31

warning and here you can just type yes

04:33

and what this is doing is it's storing

04:35

the fingerprint of this server on your

04:37

computer so the next time you connect

04:39

it's going to validate that

04:40

fingerprint now uh the next time you

04:43

connect you shouldn't see this warning

04:44

and if you ever see this warning again

04:46

and you haven't changed anything on the

04:47

server then that means something has

04:50

gone wrong something is potentially

04:51

compromised like the the SSH key on the

04:53

server has actually changed and

04:55

sometimes there's a legitimate reason

04:57

for that uh but just so you know you

05:00

should only see that warning the first

05:01

time you connected the server and you

05:02

shouldn't see it anytime after that now

05:04

we'll need to type in our password now

05:06

as you type you're not going to see

05:07

anything on the screen here in the

05:08

terminal but as long as you type

05:11

everything correctly you should get

05:12

connected to your

05:18

server now one of the first things you

05:20

should do when you connect to your VPS

05:22

for the first time is run updates and

05:24

upgrades so like I mentioned earlier I'm

05:27

running Ubuntu

05:29

will work if you're on an Ubuntu or dbn

05:31

based system now depending on what your

05:33

VPS has set up for you if you are not

05:36

connecting as the root or super user

05:38

then all of these commands you're going

05:40

to need to type pseudo in front of so

05:42

like pseudo apt upgrade or pseudo apt

05:44

install for me because I'm running as

05:46

the root user I will not need to put

05:48

pseudo in front of those commands but if

05:49

you try running those commands and it

05:50

says you don't have permission put

05:52

pseudo in front of them so the first

05:54

thing we're going to do is just say apt

05:55

update now this command isn't going to

05:57

actually upgrade anything it's just

05:59

going to to update the package lists

06:01

locally on your machine so when you do

06:02

run an upgrade or you do run an install

06:04

it's always grabbing the latest versions

06:06

from those specific repositories so now

06:09

that we have the latest package list you

06:11

can see that it says 76 packages can be

06:13

upgraded so we're going to run the

06:15

upgrade command so I'll just do apt

06:18

upgrade and that's going to grab and

06:20

install all of the latest versions of

06:21

all the packages that I have installed

06:24

and we can confirm this with Y and it'll

06:26

start downloading and and upgrading

06:28

everything now you might be wondering

06:30

why are we upgrading one of the ways to

06:32

keep your VPS secure is to always be

06:35

running the latest versions of all

06:37

packages because when hackers attempt to

06:40

gain access to a machine or exploit a

06:42

machine typically they're taking

06:43

advantage of old broken versions and so

06:47

anytime a a package has an upgrade a lot

06:50

of times it's potentially a bug fix or a

06:51

vulnerability fix and so we always want

06:53

to make sure we're always running the

06:55

latest versions of all packages just to

06:57

make sure that we always have the latest

06:58

fixes and patches for for anything that

07:00

we're using on our system now when you

07:01

run this upgrade you may or may not see

07:03

this notice that there is a pending

07:05

kernel upgrade now the kernel is like

07:07

the root of the operating system and

07:09

this is another thing that could

07:10

potentially be be vulnerable so we

07:11

always want to be running the latest

07:13

version of the kernel now if you upgrade

07:14

the kernel you are going to have to

07:16

restart the machine which is why we

07:18

typically want to run these commands

07:19

before we do anything else on the VPS

07:21

because we're going to need to reboot it

07:23

a few times before we can start running

07:24

our own applications so I am going to do

07:27

the kernel upgrade here and then uh from

07:29

there will'll likely restart our

07:31

machine now this is asking me what

07:33

services should be restarted uh like I

07:35

said we are going to restart the entire

07:37

machine so we actually don't really even

07:39

have to worry about this I can just okay

07:40

through it because once we reboot the

07:42

whole machine then all of these services

07:43

will be restarted anyways now that all

07:46

of the upgrades have run and in my case

07:47

I also upgraded the kernel you can do

07:50

this to determine if you need to reboot

07:52

so if you do an LS of /var run/ reboot

07:55

required if that exists that means your

07:58

machine needs to be rebooted and uh

08:00

there are different ways to do this you

08:01

can actually do this from the command

08:03

line if you just type reboot but you can

08:05

also do it from your VPS dashboard and

08:06

that's how I'm going to do it just

08:07

because I want to make sure that this

08:08

thing actually reboots because if you

08:10

accidentally shut down the machine and

08:12

there there's no way to restart it in

08:14

your dashboard you're going to have to

08:16

reach out to like to the support team of

08:18

where wherever you're hosting your VPS

08:19

so for my VPS there's a dashboard where

08:22

I can literally say restart VM so I am

08:25

going to exit from my SSH session here

08:28

go to my dashboard and restart the VPS

08:31

now that the machine has rebooted we're

08:32

going to SSH back in and once you're in

08:35

as long you shouldn't see system restart

08:37

required that's a good sign and also if

08:39

it says zero updates can be applied

08:40

immediately you should be good to go but

08:42

since I upgraded the kernel it's likely

08:45

that some packages some more packages

08:46

can be upgraded as well so we are

08:48

actually going to do an apt upgrade

08:50

again now in my case it says there are a

08:53

couple of packages that have been kept

08:54

back and it didn't autoinstall them so

08:56

I'm actually just going to try to

08:57

install them directly so I'm going to

08:58

copy their name and then just do an apt

09:00

install with those names now you may not

09:04

have gotten that error and that's

09:05

completely fine if it says you have no

09:07

upgradeable packages you're good to go

09:08

but at this point because I did install

09:10

those if I do an app upgrade now I

09:12

should see uh there's nothing to be

09:13

upgraded which means I'm on a fully

09:15

upgraded

09:20

system now the next thing I'll do is

09:22

change the root users password now uh

09:26

for me in my VPS dashboard they

09:28

literally gave me a password that I

09:29

could copy paste to log in as the root

09:31

user and I don't want to be able to do

09:33

that so I'm going to change it to

09:34

something that only I know and something

09:36

that can't be copy pasted from the

09:38

dashboard so if you type

09:40

PWD that will prompt you to change the

09:43

password for the currently logged in

09:44

user in this case I'm going to change

09:45

the password of the root user now you

09:47

won't see anything when you're typing

09:48

your password but as long as you type it

09:49

correct both times it'll change the

09:51

password now to check it I'll exit the

09:52

SSH session and relog in with my new

09:58

password

10:02

so I've confirmed my updated password

10:04

works now we can start locking down the

10:07

server and one of the first Concepts

10:09

you'll learn in security is the

10:10

principle of least privilege and if

10:13

we're running all of our commands as

10:14

root we always have super user

10:16

privileges if you actually if you type

10:18

ID in the terminal and your user ID is

10:20

zero that means you are the super user

10:21

you can do anything on this machine and

10:24

there are some things we need super user

10:26

privileges for but we don't need it for

10:28

everything so we're going to create a

10:30

secondary user and they will not have

10:32

super user permissions by default but

10:35

will be able to run things with super

10:37

user permissions if they require it now

10:39

to add a new user we can use the add

10:40

user command so I'm going to type add

10:42

user and then the name of the user in

10:44

this case I'm going to call it CJ

10:45

because that's

10:46

me so this will create the user and it's

10:48

going to ask for a password now give it

10:50

a password but give it a different

10:51

password than the root user you don't

10:53

want those passwords to be exactly the

10:54

same for security purposes so I'm going

10:56

to give this a password now after you

10:57

set up the password It'll ask you a few

10:59

more questions just fill those out and

11:00

for some of these you can just leave

11:01

them blank if you don't have any info

11:03

for them now that we've created the user

11:04

they're a regular plain old user they

11:06

can't do anything as the super user yet

11:09

but what we'll do is We'll add them to a

11:10

group called pseudo and that will then

11:13

allow them to perform Super User actions

11:15

if they need to so to do this we're

11:16

going to do a user mod we'll do-

11:19

lowercase A- capital G and then we will

11:22

specify pseudo and then the username in

11:24

this case my username is CJ now from

11:27

here if we want to make sure it worked

11:28

we can type groups and then the name of

11:30

the user and we'll see the groups that

11:32

they're in so by default a user is

11:33

always in a group with their own name so

11:34

I'm in the CJ group but you can see that

11:36

we've added that pseudo group as well so

11:38

now to try this out let's actually exit

11:40

our SSH session as root and try logging

11:43

in as this new user that we created so

11:45

I'm going to exit we're going to do an

11:47

SSH but now instead of logging in as

11:49

root we're going to type the username

11:51

that we just created we'll type in the

11:52

password and we're good to go so now we

11:55

are able to log into the machine but not

11:57

as the root user and like I said this is

11:59

is one of the first steps of locking

12:00

down the machine is making sure that

12:02

you're not always doing things as the

12:03

root user now you can see that Ubuntu is

12:05

actually being very helpful right now

12:07

and it's saying uh if you want to run

12:08

something as the administrator or as the

12:10

super user you can use the pseudo

12:12

command so for example if I tried

12:13

running an app update like we did when

12:15

we were under the root account you'll

12:17

see this error and basically that means

12:20

we don't have permissions to do it but

12:22

if I'd like to perform this action as

12:23

the super user I can do pseudo apt

12:26

update now it's going to ask for your

12:28

password the first time and this is your

12:30

user password so just typee that in and

12:32

from there it will run the command with

12:33

super user privileges now you can use

12:35

this pseudo command for any command that

12:37

you want to run as the super user now if

12:39

you're new to Linux and the the pseudo

12:42

command um you you are basically

12:45

unlocking the ability to understand this

12:47

classic XKCD joke of um if you put

12:50

pseudo in front of any command you now

12:51

are executing it as the super user and

12:53

pseudo used to stand for super user do

12:56

uh but now the command can also be used

12:58

to run commands on the machine as other

12:59

users as well so it actually stands for

13:01

substitute user do and it allows you to

13:03

perform commands as other users and by

13:05

default it'll perform the commands as

13:07

the root

13:13

user now the next step in locking down

13:15

the machine is making it so that we

13:17

connect with an SSH key instead of a

13:19

password now to do this you will need an

13:21

SSH key I'm going to link this article

13:23

by GitHub in the description it shows

13:25

you how to generate an SSH key if you

13:27

don't have one uh but the next steps

13:29

will require you to have an SSH key now

13:31

it's important to note that SSH key that

13:33

you generate should be generated on your

13:35

local machine the machine that you're

13:36

going to be connecting to the VPS from

13:38

not on the VPS itself so make sure when

13:41

you follow the directions to generate

13:42

the SSH key it's happening on your local

13:44

machine now that SSH key locally on your

13:46

machine lives in your home folder in a

13:48

folder called SSH and for me this is the

13:51

public key file and if we run the cat

13:53

command on it we can see the contents of

13:55

it now this is completely okay to share

13:57

because this is my public key

13:59

I would not want to share the private

14:01

key which is in the file without the pub

14:02

on it but the public key completely okay

14:05

to share and this is what we need to add

14:07

to the server to be able to log in using

14:10

this SSH key now let's add this public

14:12

key to the VPS so I'm going to copy the

14:15

my public key and then over on the VPS I

14:18

need to create a folder in my home

14:20

folder called SSH so right now I'm in my

14:22

home folder I'm going to make a

14:24

directory called SSH and then I need to

14:26

create a file called authorized unor

14:28

keys now to do this I'm going to use a

14:30

command line tool called Nano it's very

14:32

easy to use basically it's a command

14:33

line text editor and then I'm going to

14:35

specify the file name so I want to edit

14:36

the file called SSH SL authorized

14:41

Keys now once I'm in here this is just a

14:44

text editor I can I can type whatever I

14:46

want but I need to put my public key

14:48

into this file so I'm going to paste it

14:50

in and then I'm going to exit and save

14:52

the file so you you can see in Nano it

14:54

literally tells us to exit we can press

14:56

crl X and then to save it we'll press

14:59

press Y and then hit enter so now my

15:01

public key is in that authorized key

15:03

file and that's actually all we need if

15:05

I exit my session here and then try

15:08

sshing back in you'll notice it doesn't

15:10

ask for my password and just instantly

15:12

logs me in and this is because behind

15:14

the scenes it was doing a public private

15:16

key negotiation and allowed me to log in

15:18

with my SSH

15:24

key now that we've set up our SSH key we

15:26

are going to disable password login in

15:29

entirely and this is how we're going to

15:30

stop attackers from trying a bunch of

15:31

different passwords is no one will be

15:33

able to log into our server with a

15:34

password you have to use an SSH key once

15:36

we enable this setting now it's

15:38

important to note if you're connecting

15:39

to this VPS from other computers you're

15:41

going to need to make sure that you set

15:42

up an SSH key on those machines as well

15:45

and you add the public key to that

15:47

authorized Keys file that we worked on

15:49

earlier but at this point let's disable

15:51

password login now to disable password

15:53

login we're going to need to edit the

15:55

sshd config we'll use pseudo for this

15:57

because we need super user to edit that

15:59

file we'll use Nano because it's a text

16:01

file and the file is ATC SSH

16:05

sdore config now we'll edit this file

16:08

and because we're using pseudo we'll

16:10

have to type in our user password now

16:11

once we're in the file we can hold the

16:13

down arrow to get to the section on

16:15

password

16:16

authentication now I will note that in

16:19

the previous section I said that login

16:20

with SSH key would just work if it's not

16:22

working for you it's possible that this

16:24

setting was not set to yes so make sure

16:25

that you set this setting to yes but

16:27

we're looking for the password

16:29

authentication setting so yeah right now

16:31

password authentication is set to yes I

16:33

want to set this to no and then save the

16:36

file now on my machine there's actually

16:39

another config that I need to update and

16:42

that is in the D folder so if we take a

16:46

look in that folder there's also sshd

16:55

config.inc authentication set to yes so

16:58

I want to make sure that I set this one

17:00

to no as well so we'll save that update

17:02

it and now we need to restart the SSH

17:05

service to get these settings to kick in

17:06

so I'm going to do pseudo service SSH

17:09

restart now to test if this worked let's

17:11

actually try logging in as the root user

17:13

so I'm going to ssh in as root and if we

17:17

get this error permission denied public

17:19

key we know that it's working because we

17:21

didn't set up a public key for the root

17:22

user we only set it up for our other

17:24

user and uh now we actually can't log in

17:27

with the password uh as the user but if

17:29

we try sshing in as the user we created

17:32

the public private key exchange should

17:34

happen and we should get logged into the

17:41

machine now we've locked things down so

17:43

we can only log in Via an SSH key but to

17:45

lock things down even further we're

17:47

going to prevent login via the root user

17:49

over SSH entirely so to do this we'll

17:51

jump into that same config file we're

17:54

going to go down to the section that

17:55

says permit rout login and we're going

17:59

to remove the hash will actually which

18:00

will actually enable this configuration

18:03

by default without password just means

18:04

that it would only allow the public

18:06

private key authentication for the root

18:08

user but we're actually just going to

18:09

set this to no and that way the root

18:11

user cannot log in bya SSH at all so

18:14

we'll save this file and then we'll

18:16

restart the SSH service so we'll do

18:18

pseudo service SSH restart and from here

18:22

root can no longer log in bya

18:27

SSH

18:30

now the next step in locking down your

18:31

VPS is to control the network and

18:33

firewall policy now for me my VPS

18:36

provider has a dashboard where I can

18:38

open and close various ports on the

18:40

firewall you might have that as well

18:42

you're going to want to look for a

18:43

section called ports or firewall or

18:45

network uh but if you don't have that

18:47

section in your VPS provider dashboard

18:49

you can actually use an application

18:51

firewall so built into Ubuntu is an

18:54

application called ufw or uncomplicated

18:57

firewall and it allows you to control

18:59

the firewall from the command line

19:01

directly on the VPS itself but uh since

19:03

my provider has a dashboard where I can

19:05

control all of the ports and everything

19:07

I'm going to be using that for all of

19:09

these this network stuff that I talk

19:15

about now the first thing we'll do is

19:17

close all ports that don't need to be

19:18

open now if you're new to all of this

19:20

stuff ports are like little doorways on

19:22

your computer that can receive and

19:24

respond to network requests and so for

19:26

example we've been connecting to our VPS

19:28

via SSA and by default the SSH service

19:30

is running on Port 22 to respond to

19:33

those SSH requests now um if if you're

19:37

not running anything else on your

19:38

machine that needs to be exposed to the

19:39

internet like you don't have a web

19:41

server or you don't have a database or

19:42

anything else you can just close down

19:44

all other ports so either use ufw to do

19:47

this from the command line or go into

19:49

your VPS provider dashboard and any

19:51

ports that it has open like a lot of

19:53

times Port 80 and 443 will be open by

19:55

default because the provider assumes

19:57

that you're going to be running an H

19:58

HTTP or https service and that's those

20:01

Services respond on those specific ports

20:03

but if you're not going to have a web

20:05

server there you can close those ports

20:07

so just remove those rules that that

20:08

open up those ports or if you're using

20:10

ufw uh use it to either open or close

20:14

those

20:19

ports now one of the common things

20:21

people do to lock down a machine further

20:23

is change the port that SSH is running

20:25

on now we mentioned it runs on Port 22

20:27

but you could run it on 2222 or 4242 you

20:30

could pick a port number um and to do

20:33

that you would need to go into your

20:34

firewall whether it's in a dashboard or

20:36

it's from the command line and open up

20:38

the port that you run want to run SSH on

20:40

and then you can go into that

20:41

configuration file that we were in

20:42

earlier and there's actually a section

20:43

that will let you set the port that SSH

20:46

runs on now if you do this this is one

20:48

way of preventing automated attacks

20:51

against your server because a lot of

20:52

scripts that hackers are running will

20:54

assume that SSH is running on Port 22 if

20:57

Port 22 is open so if you close 22 and

21:00

run SSH on a different port that's going

21:02

to prevent those automated attacks now

21:04

there are ways of poking and pting at a

21:06

server to figure out what ports are open

21:08

and if any ports are open attempting to

21:10

figure out what services are running on

21:11

those ports so a Savvy hacker will still

21:14

be able to find your SSH Port even if

21:16

you change it from the default 22 now

21:19

personally I like the convenience of not

21:21

having to type in the port number when I

21:22

SSH so I just leave SSH running on Port

21:25

22 but again that's this is one way of

21:27

locking down the Sur if you want to

21:29

prevent those automated login

21:35

attempts now you can further lock down

21:37

these ports by restricting access to

21:39

specific IP addresses Now by default if

21:41

you're setting up a rule and it has the

21:43

ipv4 address

21:44

0.0.0.0 that means allow and respond to

21:48

requests from any IP address but let's

21:51

say for instance you only want to allow

21:53

access to Port 22 from your computer

21:56

that you're running right now if you

21:58

have a static IP address that means an

22:00

IP address that doesn't change you can

22:01

set up that firewall rule so that it

22:03

only allows connections from your IP

22:05

address now I don't have a static IP

22:07

address I'm just running home internet

22:09

um and so day-to-day my IP address might

22:11

change but if you're at a business or

22:13

you're paying your internet service

22:14

provider for a static IP address then

22:16

this is a kind of rule that you can set

22:18

up where basically in the rule instead

22:19

of 0.0.0.0 you put your IP address and

22:23

now your server will only allow

22:25

connections on that specific Port from

22:27

the IP address that you sp

22:33

specify now that things are locked down

22:36

we're going to want to make sure that

22:37

our system stays up to date and so for

22:39

this we're going to install a program

22:41

called

22:42

unattended-upgrades so from the command

22:44

line if you do pseudo app install

22:47

unattended-upgrades this will install it

22:50

now my system came preconfigured with it

22:52

but if yours didn't you're going to need

22:53

to install it from here we're going to

22:55

enable automatic updates so you do

22:57

pseudo D package - reconfigure

23:00

unattended-upgrades this will run a

23:03

little uh configuration wizard you just

23:05

want to say yes on enabling automatic

23:08

upgrades now from here you're good to go

23:10

but you might want to customize it some

23:12

more so I'll link to the documentation

23:14

in the description but you'll notice

23:17

that they talk about a specific config

23:19

file that you can modify so if we take a

23:21

look at this there are some settings

23:23

inside of there like the kind of updates

23:25

that should be applied and also further

23:27

settings like should the machine be

23:29

automatically rebooted and stuff like

23:31

that so if you say pseudo Nano and then

23:33

the location of that file you can edit

23:36

it now by default only security updates

23:39

are enabled so these two lines here and

23:41

these two lines here are for security

23:43

updates but if you want to automatically

23:45

update other types of packages as well

23:47

you can uncomment these lines so if you

23:49

remove these two slashes that actually

23:52

makes it so that this line will be

23:54

matched whenever it's running the

23:55

automatic upgrades as well so I'm going

23:56

to do this for updates because this will

23:57

just update regular packages as well now

24:00

like I said there are other options in

24:02

here I'll link the git repo that talks

24:04

about the other kinds of options but

24:06

there are options in here also for

24:08

things like automatically rebooting uh

24:11

picking what time the server should

24:13

should reboot uh you can also set up

24:15

mail so that it sends you an email if

24:17

there are updates that need to happen

24:19

these kinds of things now from here we

24:21

want to make sure that the service is

24:23

running so if I do a pseudo system CTL

24:29

status for unattended upgrades as long

24:32

as you see this output with a little

24:33

Green Dot there then that means the

24:34

service is running in the background and

24:36

it will be automatically installing

24:37

updates now at this point you can do

24:39

whatever you want on your VPS you can

24:41

open ports you can install Services it's

24:44

yours to do what you would like uh

24:46

personally I'm a web developer so in the

24:48

next video in this series I'm going to

24:50

set up this machine to be a web server

24:53

I'm going to set up some static sites

24:54

I'll have some nodejs apis running I'll

24:57

have a couple of databases running

24:58

inside of containers I'll have reverse

25:01

proxies set up with subdomains and also

25:03

set up some SSL certificates so if

25:04

you're interested in that kind of thing

25:06

let us know in the comments but also uh

25:08

stick around for the next video in this

25:12

series that's all I have for you for now

25:14

if you enjoyed this let us know in the

25:16

comments if there are some pieces that I

25:18

missed let us know in the comments as

25:20

well um I absolutely want this to be a

25:22

valid and secure resource for people

25:25

that are setting up a VPS so if I said

25:27

anything wrong or you think things could

25:29

be done better let me know in the

25:30

comments I'll add them as corrections to

25:32

this video so that's all I got for now

25:34

I'll see you in the next

25:44

[Music]

25:54

one