Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I have moved this question to serverfault where it might be more appropriate.
See https://serverfault.com/questions/128329/how-do-you-host-multiple-public-facing-websites-on-a-vps
We host about 30 websites using typical shared hosting plans using ASP.NET and SQL 2000/2005/2008.
I am now wondering about hosting all of these websites using our own virtual private server such as http://www.crystaltech.com/vps.aspx
This is clearly cheaper but comes with a lot of questions I need answers to:
Is the risk of having to keep this VPS server up and running worth it? Until now, the host provider has managed the server and we have not had to worry about crashes, downtime, software patches etc. We are not server administrators, we are programmers, so this is not really our expertise. On the other hand, it may not be hard to learn.
When we make a website live, we log in to a domain management control panel and change the primary and secondary name servers to point to our shared web host:
Eg ns1.sharedwebhost.com and ns2.sharedwebhost.com
These name servers are going to have to change when we have a VPS. I don’t understand anything about how to set this up. Is there some useful info anyone could direct me to? Or is there software we need to install to make the primary and secondary name servers work on our VPS?
The control panel we have for shared hosting comes with DNS management like this:
(source: yart.com.au)
What software would I need to install to create this for each site we host at a VPS?
The control panel we have for shared hosting also comes with a POP email interface that allows email addresses to be added easily:
(source: yart.com.au)
Is this something that can be easily set up at a VPS so clients can manage their own email addresses?
Is there software we need to install to make this work?
1) It depends on your applications, visitor patterns, required resources, etc. In general I'd say if you don't have the expertise - prefer scalable hosting solutions or managed dedicated servers (which can be quite expensive, but cheaper if you require very high availability).
Personally I host few dozen websites on my VPS and generally it is very easy to manage manually (after all it is Windows Server, you have GUI and PowerShell). That is until you hit a problem or someone hacks you.
2) You can always use free or paid DNS services or install OpenDNS on your VPS server (not recommended). Your VPS hoster might be providing DNS servers, ask them.
3) You can buy Plesk or cPanel and manage your websites the same way.
4) Same.
Everything you ask can be set up initially by your VPS provider. They will install control panels that will allow you to easily manage your websites, while having full server access as well.
You can have the best of both worlds. I use EuroVPN at www.eurovpn.com - they offer Semi-Managed plans on their VPS's (they have a sister company, EcoVPS for people who don't want this support). When I say semi-managed, the proactive monitoring is done by you, but you can always raise a ticket if you get stuck or there's a problem, and an engineer (1st/2nd & 3rd line) connects in using RDP to do the work for you.
Also, they give Plesk for "free".
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I'm currently building an application and I want to make sure that I use HTTPS throughout the whole application. The application is a web application in Golang and I wanted to know how to get legit certificates so that my application can be secure.
I would say it depends on how the application is gonna be deployed.
Hosting the application on a VPS / private server as a systemd service ?
You could look into Certbot if you want to manage SSL renewal automatically. But still you'll need to provide the certificate into your application, or use a HTTP proxy such as NGINX to expose your application on HTTPS.
This approach would work, but can be painful as you'll need to install / manage Certbot & possibly Nginx on your server.
Another good option would be to use Traefik, it's a Proxy server with builtin Let's Encrypt support, so that you'll be able to use free SSL, automatically renewed, by just installing the service, and creating a little configuration file.
I would personally choose the external proxy approach on this one, and especially Traefik. It shouldn't be the job of you web application to manage HTTPS, but more an external proxy. So that if one day you need to scale your application, it shouldn't be painful.
Well, you have a few options. I found it easy to use ZeroSSL to get a trusted certificate, but there are many other ways to do so. You can also use Certbot, but it several dependencies to be installed.
If you are getting certificate for FQDN , you can use Letusencrypt which provides many clients support including certbot. You can find it here
https://letsencrypt.org/docs/client-options/ but please remember it wont work without fqdn.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
Background Info:
My office is closing down due to COVID19 outbreak policies.
Unfortunately we do not have a VPN in place, and currently one of my coworkers has to going in every day to make commits for everyone who is working remotely--our repos are stored inside the office internal network.
The Problem:
I need to be able to get inside the internal network remotely using SSH, without having to make any changes to network configuration (I do not have access to the network devices). This means I would not be opening ports, or making firewall exceptions for example.
I was thinking of using a raspberry pi with a fresh linux image (any supported distro would be fine, I'm open to suggestions).
My goal is to plug the pi3 to my workstation ethernet port, and leave it there for the time being. I would not be able to do any physical reboots , etc.
I need a suggestion for a free tunneling solution that would be easy to set up and use for 1-10 people to be able to connect using a secure connection (SSH) and gain access to internal resources remotely.
Question:
I need suggestions for which distro would be nice and light enough for the pi3 to handle, and SSH server software to use.
I looked into OpenSSh which has been suggested in other similar threads, but it would require configuring firewall and opening port 22, which I cannot do.
Other
I've used Google Chrome's remote desktop in the past and it has worked wonderfully. I would set up the "host" machine with it, and then any other machine with Chrome (with the same account) could remote in without any sort of network configuration.
I guess I just need something similar to this, but instead of remote desktop I need an SSH solution. I would create a few root-enabled accounts to allow other devs to connect to it at the same time if possible.
I found a solution to my problem and will pass it along to my IT team for proper approval prior to putting in place. However I wanted to share the answer here in case anyone else ever has a similar situation.
As stated, be sure to check your company's policy and consult the proper channels before doing this sort of thing, as it can cause security risks and could get you fired... so be advised, do this at your own risk!
With that said, a "Reverse SSH" could be the solution to the problem. It allows you to connect to a machine inside of a network without having to open ports or firewall exceptions.
This isn't a good long term solution for most cases, but might be the workaround you need to do the trick in a pinch.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
My company is integrating with this company to enable us both consume services built on each other's platform to provide joint services extended to external users.
They recently sent me a file containing their VPN configuration with spaces provided to enter ours as well. Now I am not so savvy about VPNs plus our server is hosted in an Azure VM (windows server 2012 R2). I don't know if our hosting arrangement is VPN-ready by default. How am I supposed to go about this?
Any helpful articles or guidance is a welcome boon at this time.
PS.
My knowledge on networking is next to nothing. Just know the basest of things there.
there are two options to create the VPN to your cloud infrastructure:
1) By external services like OpenVPN - in that case, your involvement into what should be done will be to open some endpoints. Tutorials are available.
2) By internal service called Virtual Network. In that case, you should first place your VM to the Virtual Network, and then use tutorial. As the networking is a big topic, i would propose you to read the official tutorial instead of putting that information here.
So, basically, to get your VM ready for the VPN, you should:
1) Create Virtual Network
2) Place the VM into that VN
3) Configure both cloud and local gateways
4) Install the VPN client.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
My website was hacked and my homepage was changed again and again. Is there any tools or any ASP sources can protect it from editing?
I set the attributes hidden, read and system to the index.asp files, well, it was changed by the hacker again.
Notes:
My site was hosted in a shared server
My website was hacked by a china chopper before
I have cleaned server hidden asp files..
To put it bluntly, secure your server it will stop the hackers editing your pages :)
It sounds like your server has been compromised at a higher level, if this is a hosted solution (by a 3rd party company) they need to fix their servers. Unfortunately I've seen smaller hosting companies never fix the problem and just replace the files back and blame "poor coding" when the problem is actually "stupid system admins that don't know what they are doing". If this is the case, move to a different host. If this is your machine and you are hosting it, rebuild the entire machine it sounds like it has been compromised.
For your site 1st you need to check some security measure like there may chance that your web site vulnerabilities . With following attack like SQLinjection, Blind SQl , XSS, Oracle Padding Attack, DOT-NET-Nuke etc .
2nd thing as #silver said may be your host is responsible for all this thing like many time on IIS there is major security issue if your other site which is hosted in the server is having some vulnerabilities so attacker or hacker can access of the server throw PHP-Shells and Some ASP or ASPX shells. So for this issue you need to choice the good host :)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
I have a dedicated server running Linux.
The operating system runs the following -let's call them- components:
PostgreSQL
Access rule: Only staff (and local access of course)
Apache
Sites
Public site: Every one
Private site: Only staff
The staff reaches these components via WAN, and I'd like to know which is the best, easiest, and most flexible way to apply these Access rules (also centralized so I don't have to configure every component).
Of course the server will run much more stuff, but I think I'll manage when I'll have a solution for the above.
I thought about some ways though:
VPN: Which won't work as I have a public thing that has to be available to the world, and it seems a bit complicated to me either... I don't know
LDAP auth: This seem to be the best, but I only the definition of LDAP
What are your guesses guys?
Would you recommend any good readme to me?
VPN is your best solution. It is widely used in exactly the same scenario - Postgre and the private site are on 192.168.x.x addresses (you can configure this using virtual interfaces, e.g. eth0:0 and then tell them to listen only on this interface), the public site is on a real public IP address. When the staff connects via VPN, they also get a 192.168 IP address and have authenticated and encrypted access to all internal components - otherwise, only the public site can be accessed. If you can afford additional resources, the best solution is a de-militarized zone (http://en.wikipedia.org/wiki/DMZ_%28computing%29). There are other solutions, but none that work with Windows clients out-of-the-box.