bigjohnny
By:
bigjohnny

Setting up with DO

July 26, 2017 279 views
Ruby on Rails PostgreSQL Security Ubuntu

I'm sure this has been asked a thousand times but I can't find any questions/answers by searching... Anyway - I'm looking to set up a rails site, discourse forum and image server here on DO, (or heroku - but I just don't want to pay the crazy money they would want), but I have zero experience with devops.

Am I likely to be able to setup a server (with ssl) and keep it secure easily? Or am I as well to bite the bullet and pay for someone else to keep me secure (Heroku). I suppose I'm looking for anyone's feedback who has setup a server and is keeping it secure despite a lack of devops knowledge. I've been looking for an outsource for a managed DO server but it doesn't look like anyone is offering this as a service at a sensible price that I can find (feel free to suggest anyone that does).

Any answers/guidance gratefully received,

Johnny

2 Answers
jtittle MOD July 26, 2017
Accepted Answer

@bigjohnny

When it comes to managing a server, we have a few guides to cover the basics, though security is a very broad subject matter. Much like software, security is ever-changing and you would need to keep up with any updates/upgrades to the OS as well as the software you run.

It's not impossible to run a server with limited experience. Even the most experienced sysadmins had to start somewhere :-).

This guide is one we normally recommend for initial server setup. It's geared towards Ubuntu 16.04, though the overall details apply to most any OS (CentOS, Fedora, Debian, etc).

Initial Server Setup with Ubuntu 16.04

Other initial server setup guides can be found here.

...

When it comes to security, properly setting up a firewall is always a good idea and with our newest service, Cloud Firewalls (which are free of charge), setting up and managing a firewall is pretty easy.

1). An Introduction to Cloud Firewalls

2). How to Create Your First DigitalOcean Cloud Firewall

3). How to Troubleshoot DigitalOcean Cloud Firewalls

4). How to Organize DigitalOcean Cloud Firewalls

Beyond initial setup and using a firewall, application security is equally as important. Unfortunately, we don't have specific guides that cover security for rails or discourse in general (at least not yet), though general security applies there. Use secure passwords (I always recommend 16-32 characters, and 64 when you can) and SSL.

How To Secure Nginx with Let's Encrypt on Ubuntu 16.04

...

When it comes to fully managed service, as in server + application, the cost can be quite high as your normally paying someone to be available at any given time. I know when I take on sysadmin jobs, the average cost is anywhere from $50-$100/hour.

For a managed service, in most cases, managed only means the OS and core software and overall security -- it doesn't generally apply to the application level. Before paying for managed services, I'd make sure that managed actually means what you believe it does so you're not left hanging in the event something does happen :-).

I can't really comment on Heroku as I've not really used them (but I love their design!), though from what I can tell, they provide a general managed environment for the software and OS, but not specifically the application itself (unless they've changed that around).

When you start a new server, there are a few steps that you should take every time to add some basic security and give you a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 16.04.
Have another answer? Share your knowledge.