apt-get update && apt-get upgrade
- (perl locales error? https://www.thomas-krenn.com/en/wiki/Perl_warning_Setting_locale_failed_in_Debian)
adduser username --force-badname --ingroup sudo
- add public key authentication
- set up basic firewall (ufw) and allow OpenSSH, turn on rate limiting
ufw limit ssh/tcp
, install fail2ban - disable password authentication and root login
/etc/ssh/sshd_config
- time: set timezone
sudo dpkg-reconfigure tzdata
and install ntp.
- Install stack: this for postgresql, and this for the rest of the stack.
- Remove Apache2 from port 80 (if using)
- ...permissions of socket...
- Add SSL,
- redirect to https in mysite_nginx.conf, server 80 block (
return 301 https://$server_name$request_uri;
), - Add forward secuirty
- Automatic security updates
- Django DEBUG = False