Power up with new SaaS Add-Ons from the DigitalOcean Marketplace

Question

Is my website configuration ready to go live?

  • Posted September 17, 2014

I want to know if I am missing something or no.

I have: 512MB Ram 20GB SSD Disk Singapore 1 LEMP on Ubuntu 14.04 I am building a simple PHP application.

I have done:

  1. LEMP one-click app installation

  2. initial server setup I wen to this link and applied all the things in the tutorial (Create new user, gave it Root Privileges, changed ssh port, disabled root login).

  3. key-based authentication After doing that I have disabled login using password

  4. installed ufw firewall I have closed all incoming and outgoing ports. and the I have opened the ones I need until this post and those are: 2222/tcp(ssh port and sftp) 80/tcp 2222/tcp (v6) (ssh port and sftp) 80/tcp (v6)

I will be openning more ports when needed. For example if I need to use something that uses port XXXX then I will open that.

  1. mysql_secure_installation I have done this and I have added a new user to not use the root.

Now my question is:

  • In step 4, Do I need to open more ports In the firewall? Some ports that are necessary to be open before my website goes live.
  • In step 5, Do I need to disable root in mysql or it does not matter? Or just using the other username with all privileges in my application is fine?

And the most important question, Am I missing any other setup before going live?

Subscribe
Share
support795065September 17, 2014

Update: I don’t know why numbering didn’t work on the question -_- the way it is now is 1, 2, 1, 2, 1 which is wrong. The correct order is 1,2,3,4,5. for example key-based authentication is number 3 not 1 again.

and number 5 (not 1 again) is mysql_secure_installation not mysqlsecureinstallation

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Andrew SBSeptember 17, 2014

Hi!

If you only plan on serving a plain web page over HTTP, then there is no need to open any other ports. If you add HTTPS encryption, than you’ll also need to open port 443.

If the root MySql account is password protected and MySql is only listening on the localhost (i.e. not accepting connections from the internet on port 3306), you should be alright.

Kamal NasserSeptember 17, 2014
  • In step 4, Do I need to open more ports In the firewall? Some ports that are necessary to be open before my website goes live.

The only ports you need open to serve a website are 80 and 443 if you have SSL enabled.

  • In step 5, Do I need to disable root in mysql or it does not matter? Or just using the other username with all privileges in my application is fine?

You can keep the root MySQL user, but your application should use its own user account that is limited to one database or as many database as it needs (the root user has access to everything). See How To Create a New User and Grant Permissions in MySQL | DigitalOcean.