Obtain SSL certificate for Nginx, make sure your Nginx config for http is working at http://yourdomain.com, then run:
#certbot --nginx -d yourdomain.com -d www.yourdomain.com
Certbot will: Auto-detect your Nginx config
Request and install a certificate
Ask if you want HTTP to HTTPS redirect (say yes)
Test HTTPS: Open https://yourdomain.com and You should see the lock icon
Auto-renew is set up by Snap
You don’t need to manually configure cron jobs. Snap installs a systemd timer to auto-renew: Check it:
$sudo systemctl list-timers | grep certbot
✅ Done!
You now have:
Fresh Certbot installed via Snap
Nginx auto-configured for HTTPS
Auto-renewals enabled
#sudo vim sudo vim /etc/nginx/sites-available/domain1.com
# Virtual Host configuration for domain1.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
server {
listen 80;
listen [::]:80;
server_name domain1.com www.domain1.com;
root /var/www/domain1.com;
index index.php index.html;
#location / {
# try_files $uri $uri/ =404;
#}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
}
}
Obtain SSL certificate for Nginx, make sure your Nginx config for http is working at http://yourdomain.com, then run:
#certbot --nginx -d yourdomain.com -d www.yourdomain.com
Certbot will: Auto-detect your Nginx config
Request and install a certificate
Ask if you want HTTP to HTTPS redirect (say yes)
Test HTTPS: Open https://yourdomain.com and You should see the lock icon
Auto-renew is set up by Snap
You don’t need to manually configure cron jobs. Snap installs a systemd timer to auto-renew: Check it:
$sudo systemctl list-timers | grep certbot
✅ Done!
You now have:
Fresh Certbot installed via Snap
Nginx auto-configured for HTTPS
Auto-renewals enabled
Delete Certbot SSL Certificate and Domain
Show all certificate
$sudo certbot certificates
Found the following certs:
Certificate Name: mydomainname.com
Serial Number: 6810f862e51702da43e0e1bc2f80f0d1123
Key Type: ECDSA
Delete the SSL Certificate that you want
$sudo delete --cert-name mydomainname.com
Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Deleted all files relating to certificate mydomainname.com.
Install iptables Debian 11 (Bullseye) and basic rules initial configuration.
IPtables is being replaced by nftables starting with Debian 10 Buster. Debian 11 comes with nftables framework. So to install iptables first we need uninstall nftables and its dependencies.
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName mydomainname.com
ServerAlias www.mydomainname.com mydomainname.com
DocumentRoot /var/www/mydomainname.com
<Directory /var/www/mydomainname.com>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/mydomainname.com/error.log
CustomLog ${APACHE_LOG_DIR}/mydomainname.com/access.log combined
</VirtualHost>
Activate
#a2ensite mydomainname.com.conf
Enabling site mydomainname.com.
To activate the new configuration, you need to run:
systemctl reload apache2
# systemctl reload apache2
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
sudo certbot renew --dry-run
The command to renew certbot is installed in one of the following locations:
/etc/crontab/
/etc/cron.*/*
systemctl list-timers
Remove certbot using snap
If you have installed certbot using snap, this will work perfectly to remove
#sudo apt-get install ufw
#sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)?
Enter Y, and proceed to allow connections to your server
Firewall is active and enabled on system startup
Check whether UFW is running:
#sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Allow Connections to Your Server
#sudo ufw allow 80
#sudo ufw allow 80/tcp
#sudo ufw allow 443/tcp
If you are unsure of its port number. For example, to enable MySQL:
#sudo ufw allow mysql
Specify Filtering Mode
Incoming Traffic.
#sudo ufw allow in ftp
Outgoing Traffic.
#sudo ufw allow out smtp
Deny Connections to Your Server
#sudo ufw deny 3306
Removing Firewall Rules
Checking UFW status with the parameter numbered. This allows you to select a rule by entry number.
#sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Apache DENY IN Anywhere
[ 2] 80 DENY IN Anywhere
[ 3] 22 ALLOW IN Anywhere
(out)
Delete the rules by the numbers in square brackets[]
#sudo ufw delete 3
Set Logging Level
By default, the Uncomplicated Firewall logging level is set to low. However, multiple logging levels are supported, and you have a preferred setting based on what firewall logs you wish to keep.
off disables ufw logging.
low logs blocked packets that don’t match your set rules and packets matching logged rules.
medium logs low level, allowed packets that don’t match the set policy, invalid packets, and all new connections to your server.
high logs medium without attempts/rate-limiting and all packets with attempt limiting.
full logs all firewall packets without rate/access attempts limiting.
To set your UFW logging level, use the command below.
#sudo ufw logging LEVEL
For example:
#sudo ufw logging medium
To enable logging for a specific firewall rule, such as SSH, use the command.
#sudo allow log 22/tcp
Enable IPV6 Support
#sudo vim /etc/default/ufw
Locate the IPV6 line and make sure it is set to yes
IPV6=yes
Disable / Reload UFW
To disable (stop) Uncomplicated Firewall, run the command.
#sudo ufw disable
If you need to reload UFW (reload rules), use the reload parameter.
#sudo ufw reload
To restart UFW, you will need to disable it first and then enable it again.
#sudo ufw disable
#sudo ufw enable
Again, before enabling UFW, make sure that the SSH port is allowed for your IP address.
Back to Default Settings
If you need to reset UFW back to default settings, type the following command. This will delete all existing rules and reset the firewall to default values.
user@example:~#ufw reset
Resetting all rules to installed defaults. This may disrupt existing ssh
connections. Proceed with operation (y|n)?
Requirements to install X2Go is VPS with high memory min 6GB
Install and configure the Full Desktop Environment. This is similar to what you would get if you installed Debian from a bootable DVD/USB memory stick to your local PC:
#apt-get update && apt-get upgrade -y
Step 1: Installing the Desktop Environment
#apt-get install task-xfce-desktop -y
Install xfce4 and all of the additional dependencies needed to support it:
#apt-get install xfce4
Step 2: Install X2Go on your server, type the following command:
#apt-get install x2goserver x2goserver-xsession
Step 3: Installing the X2Go Client Locally
On Linux
#apt-get install x2goclient
On Windows download X2Go Client at https://wiki.x2go.org/doku.php/download:start
Step 4: Connecting To the Remote Desktop
In the top-left menu select New session
Enter your server’s IP address or hostname in the Host field under Server.
Enter the username you used for your SSH connection in the Login field.
And, since you installed XFCE in Step Two, choose XFCE as your Session
To quickly install Composer in the current directory, run the following script in your terminal. To automate the installation, use the guide on installing Composer programmatically.