Get alerted when assets are down, slow, or vulnerable to SSL attacks—all free for a month. Learn more

Question

Is my website configuration ready to go live?

I want to know if I am missing something or no.

I have: 512MB Ram 20GB SSD Disk Singapore 1 LEMP on Ubuntu 14.04 I am building a simple PHP application.

I have done:

  1. LEMP one-click app installation

  2. initial server setup I wen to this link and applied all the things in the tutorial (Create new user, gave it Root Privileges, changed ssh port, disabled root login).

  3. key-based authentication After doing that I have disabled login using password

  4. installed ufw firewall I have closed all incoming and outgoing ports. and the I have opened the ones I need until this post and those are: 2222/tcp(ssh port and sftp) 80/tcp 2222/tcp (v6) (ssh port and sftp) 80/tcp (v6)

I will be openning more ports when needed. For example if I need to use something that uses port XXXX then I will open that.

  1. mysql_secure_installation I have done this and I have added a new user to not use the root.

Now my question is:

  • In step 4, Do I need to open more ports In the firewall? Some ports that are necessary to be open before my website goes live.
  • In step 5, Do I need to disable root in mysql or it does not matter? Or just using the other username with all privileges in my application is fine?

And the most important question, Am I missing any other setup before going live?

Show comments
Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Andrew SBSeptember 17, 2014

Hi!

If you only plan on serving a plain web page over HTTP, then there is no need to open any other ports. If you add HTTPS encryption, than you’ll also need to open port 443.

If the root MySql account is password protected and MySql is only listening on the localhost (i.e. not accepting connections from the internet on port 3306), you should be alright.

Kamal NasserSeptember 17, 2014
  • In step 4, Do I need to open more ports In the firewall? Some ports that are necessary to be open before my website goes live.

The only ports you need open to serve a website are 80 and 443 if you have SSL enabled.

  • In step 5, Do I need to disable root in mysql or it does not matter? Or just using the other username with all privileges in my application is fine?

You can keep the root MySQL user, but your application should use its own user account that is limited to one database or as many database as it needs (the root user has access to everything). See How To Create a New User and Grant Permissions in MySQL | DigitalOcean.

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up