In this post I'm going to introduce playbooks, and show you how to customise the /etc/resolv.conf file on each server. I assume you have followed Part One of this series and have created a hosts file and files in ~/myansible/host_vars/.
Tasks, playbooks, groups and roles
A note on terminology. A task is something done on a server, like a file created or updated, a user, cron job, or os package added or removed etc. A task could be done from the command line using the ansible binary, but usually multiple tasks get grouped together in a yaml file called a playbook. A playbook might install and configure one specific piece of software, for example. The image above shows a set of 6 playbooks, each which will have multiple tasks within it (the tasks are not shown)
Ansible is a system to automate the updating of server configurations and other administration tasks. In this post I'll explain what's necessary to get started with Ansible, creating a configuration structure, telling Ansble about your hosts and running ad-hock commands on multiple hosts.
Ansible is useful when you have 3 or more VPSs and need to keep changes synchronised or updates applied in a consistent manner. It takes a little more work to do something through a configuration management system, but the reward is that you can apply your configuration change to 3, (or 3000) servers with little extra effort once that is done.
Not every server needs priority CPU, backups, and 24x7 fully managed support. We have added a few options on our http://launchtimevps.com ordering interface to let you tweak these settings to enable you to get a lower price for your server if that is appropriate.
- Option to enable/disable backups. Less disk space usage costs less.
- Select the number of CPU cores (1-4).
- Select the CPU priority (over other VMs on the host). Get a bit more CPU time when the host is busy (when the host is relatively idle, which is typical, nothing changes).
- Sysadmin support level required. Cheaper for self, managed a bit more if you want us to be fully managing your server.
- Support level priority. Options for customers needing to get sysadmin assistance 24x7 in emergencies. Though to options for non-urgent support requests.
The latest Ubuntu LTS release, Xenial 16.04 , comes with support for a container system called LXD. LXD builds on the existing LXC container system, allowing for more convenient management of those containers.
In this post I show how you can test out LXD containers on a Rimu VPS running Ubuntu 16.04. I assume you already have a Ubuntu 16.04 VPS set up; if not you can grab one at RimuHosting or launchtimevps.com.
Containers allow further separation between websites running on your VPS, which can be useful for removing dependency problems, for creating test environments for upgrading or developing new sites and perhaps for improving the security of your websites.
Everyone wants security, and its ideal that your SSL certificates are also secure. With this in mind, websites like SSLLabs have a testing tool that is used to grade the SSL certificate installed on your server.
Often people get a low ranking when its fairly easy to get an A. I could make this post long winded and complex, but ultimately it comes down to adding the following items in your SSL configuration.
SSLProtocol All -SSLv2 -SSLv3
Note: If you are using Centos, then its likely you will need to add this to every virtualhost config after turning SSL on.
We dislike dealing with exploited websites. A common cause is "the long forgotten outdated install from a web developer who left years ago. hoping works forever". Public facing services need to be kept updated in order to remain secure, so script-kiddies can't use your server for abuse, like selling dodgy medicinal products.
One would always try to enforce strong permissions and server settings to avoid these from happening, even use something like apparmor (which it is the way to do it), but there are other ways also to strengthen things a bit more. With the inotify feature in newer kernels, it is possible to monitor a file system location for changes and check those quickly with a scanner. We have made a script to help automate rapid notifications when possible issues are detected. This will work with a CMS or tomcat install. We also provide instructions on Maldetect ahead. Continue reading
Owncloud is a popular file storage and synchronization system, with many additional features available for it. It's a self-hosted alternative to systems like dropbox, but with owncloud your files are stored on your own servers. This allows you to meet requirements to keep data in a certain jurisdiction, for example, or it might give you peace of mind to know where your data is stored and who has access to it.
Running owncloud means you can keep documents organized in the owncloud repository and have access to them from anywhere, including desktop computers, laptops, mobile devices, and even through the web on public computers. Changes made to those documents will be synchronized so the changes will show up on the other devices automatically.
You can use it as a personal server with a single account or it can be used as an organization's file store with multiple accounts. Users can be assigned to groups, and different groups can have access to different sets of files. You can also share files with someone outside your organization who doesn't have an account on owncloud by sending them a special link they can use to access the file.
There are also a number of plugins that can be loaded to enable other functionality; for example you can synchronize calendars and addressbooks between your devices using owncloud.
In this document, I'll explain how to get a recent version of Owncloud running on a new RimuHosting Debian VPS.
We are pleased to announce the availability of Ubuntu 16.04 LTS server for new setups. This release has been code named Xenial Xerus. The official release notes are available from the Ubuntu team here.
Our new VPS images are based on the official builds provided directly from http://cloud-images.ubuntu.com
Significant updates in this release include Continue reading
According to Wikipedia, "WordPress is the most popular blogging system in use on the Web, at more than 60 million websites." It's also the most commonly installed blogging system on our customers' servers, and we use it to run the blog you're reading right now.
One factor that has contributed to WordPress 's popularity is its ease of installation. And because it is so popular many themes, extensions and other add-ons are available, documentation and help resources abound, and an ecosystem of support companies has grown up around it. These provide a positive feedback loop, helping to reinforce its popularity.
But as well as being easy to install and popular, it is also the most commonly exploited system we host. That's because its popularity has led to increased interest from hackers, and also because the install defaults are not as secure as they could be. If a hacker can leverage these weaknesses to crack a password for your site, they will often use it to send spam or distribute exploits designed to hack into other computers. Even without cracking a password, many wordpress sites can be used to attack other sites. If your WordPress system gets exploited you'll have the unenviable task of cleaning that up, made a bit easier thanks to Liz's restore wordpress script.
Secure WordPress in 5 easy steps
February 29th, 2016 marks the end of LTS Support for Debian Squeeze, which is still used by many of our customers. This means that updates for known security issues will no longer be produced and over time, a server running this version will become vulnerable to being exploited.
Squeeze was released in 2011 and was our recommended distribution at the time, however if you're still running it now is the time to upgrade to a new version. Wheezy (Debian 7), and Jessie (Debian 8) have been released since then. Debian is known for having a relatively easy in-place upgrade system, compared to other distributions. However, there are still potential problems with any upgrade, so be prepared to fix up configuration problems that might prevent your server from operating properly after the upgrade.