Basic Security & DNS

In this section, we configure some basic security options that make it safe for your server to receive and send data on the Internet.

Firewall

Configure the firewall to allow SSH traffic from your IP address, and then enable the firewall.

$ sudo ufw allow from <your IP address> to any app OpenSSH
$ sudo ufw enable

Software Updates

Upgrade your distribution's packages. Depending on what distribution you're running, your package manager may be something other than apt and package names may vary.

$ sudo apt update && sudo apt dist-upgrade -y

Install the antivirus.

$ sudo apt install clamav clamav-daemon

Reboot the server.

$ sudo reboot

DNS

With basic security in place, it should be safe to configure your domain's DNS records to point to your new server's IP address. The DNS records will allow us to configure our web server and TLS first, before we deploy the application to the open web.

Once DNS has propagated, you should be able to SSH into your admin user at your domain name.

$ ssh myadmin@your.domain.tld

More than Basic Security

There is a lot more you can do to secure a server than just what's explained here. Keep being curious, and try to apply something new you learned about security every time you log in to perform maintenance.

You will want to log in as your admin user periodically to upgrade your distribution's packages and back up your Owncast application data. Admin tasks like these can be automated, but they are hard to automate safely.

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search