Continuing on my DevOps journey, I dove deeper into practical tasks that strengthened my skills in Linux server management, security, and automation. I set up SSH key authentication, secured Nginx with SSL/TLS, and implemented best practices for web server security. Exploring load balancing, I configured Nginx to distribute traffic for high availability. Documenting these steps keeps my journey purposeful and impactful.
Generate an SSH key pair on your local machine:
ssh-keygen -t rsa -b 4096 -C "test2@gmail.com"
Copy the public key to the remote server:
ssh-copy-id user@remote_server_ip
Test the connection:
ssh user@remote_server_ip
Confirm no password is requested.
Disable Password Authentication for SSH:
Open the SSH configuration file on the remote server:
sudo nano /etc/ssh/sshd_config
Modify or add the following lines:
yaml
PasswordAuthentication no
PubkeyAuthentication yes
Restart the SSH service:
sudo systemctl restart sshd
Web Server Security
Enhance Nginx Security with SSL/TLS:
Install Certbot and request a free SSL certificate:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
Verify SSL is working:
https://yourdomain.com
Implement Security Best Practices:
Update Nginx:
sudo apt update && sudo apt upgrade
Set up HTTP to HTTPS redirection:
nginx
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
Limit buffer size and request rate:
nginx
client_max_body_size 10M;
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=5r/s;
Load Balancing
Basic Load-Balancing Concepts:
Distribute incoming traffic across multiple servers.
Ensure high availability and fault tolerance.
Set Up Nginx as a Simple Load Balancer:
Edit the Nginx configuration file:
nginx
upstream backend {
server backend1.example.com;
server backend2.example.com;
}
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://backend;
}
}
Test the configuration:
sudo nginx -t
sudo systemctl reload nginx
Top comments (0)