support795065
By:
support795065

Is my website configuration ready to go live?

September 17, 2014 2.5k views

I want to know if I am missing something or no.

I have:
512MB Ram 20GB SSD Disk Singapore 1 LEMP on Ubuntu 14.04
I am building a simple PHP application.

I have done:

  1. LEMP one-click app installation

  2. initial server setup
    I wen to this link and applied all the things in the tutorial (Create new user, gave it Root Privileges, changed ssh port, disabled root login).

  3. key-based authentication
    After doing that I have disabled login using password

  4. installed ufw firewall
    I have closed all incoming and outgoing ports. and the I have opened the ones I need until this post and those are:
    2222/tcp(ssh port and sftp)
    80/tcp
    2222/tcp (v6) (ssh port and sftp)
    80/tcp (v6)

I will be openning more ports when needed. For example if I need to use something that uses port XXXX then I will open that.

  1. mysqlsecureinstallation I have done this and I have added a new user to not use the root.

Now my question is:

  • In step 4, Do I need to open more ports In the firewall? Some ports that are necessary to be open before my website goes live.
  • In step 5, Do I need to disable root in mysql or it does not matter? Or just using the other username with all privileges in my application is fine?

And the most important question, Am I missing any other setup before going live?

1 comment
  • support795065 September 17, 2014

    Update:
    I don't know why numbering didn't work on the question -_-
    the way it is now is 1, 2, 1, 2, 1 which is wrong.
    The correct order is 1,2,3,4,5.
    for example key-based authentication is number 3 not 1 again.

    and number 5 (not 1 again) is mysql_secure_installation not mysqlsecureinstallation

Log In to Comment
2 Answers
kamaln7 MOD September 17, 2014
  • In step 4, Do I need to open more ports In the firewall? Some ports that are necessary to be open before my website goes live.

The only ports you need open to serve a website are 80 and 443 if you have SSL enabled.

  • In step 5, Do I need to disable root in mysql or it does not matter? Or just using the other username with all privileges in my application is fine?

You can keep the root MySQL user, but your application should use its own user account that is limited to one database or as many database as it needs (the root user has access to everything). See How To Create a New User and Grant Permissions in MySQL | DigitalOcean.

How To Create a New User and Grant Permissions in MySQL
MySQL is a powerful database management system used for organizing and retrieving data. This tutorial explains how to to create new MySQL users and how to grant them the appropriate permissions.
Reply
asb MOD September 17, 2014

Hi!

If you only plan on serving a plain web page over HTTP, then there is no need to open any other ports. If you add HTTPS encryption, than you'll also need to open port 443.

If the root MySql account is password protected and MySql is only listening on the localhost (i.e. not accepting connections from the internet on port 3306), you should be alright.

Reply
  • support795065 September 17, 2014

    Yes I have ran mysql_secure_installation and that disabled the remote access to mysql root.
    I want to have a php page and the only thing on the backend is an input form. Even for mail and thing like that I am going to do mailgun or other alternative to it.
    I still need to have port 2222 (shh) port open right?

Have another answer? Share your knowledge.