VPS Security Hardening

@james make sense! thanks for your thorough explanations

@james thanks for your prompt response and sharing the references.

I have go through the documentations that you point out above. It's looking great as Cloudron has already setup a very robust security measure. And yes, it gives much more clarity now!

As per my understanding, the point 1 and 2 is recommended by the documentations and point 3 is pretty much done by Cloudron by internally setting up the IP table in the Cloud Firewall section. If you can confirm my understanding is correct?

I also appreciate for your openness in sharing your thoughts, just in case, I want to clarify regarding more damage and perhaps even create security risks mentioned below?
@james said in VPS Security Hardening:

If you have to ask such a question, you will do more damage and perhaps even create security risks.

Was it pointing to because it's been done by Cloudron as in Cloud Firewall section, so we don't need to mess around with it or do you any other concern?

Thanks for your help.

Hi,

I plan to do security hardening on the VPS that host the Cloudron.

And if below points can affect Cloudron:

1. Disable root login and use sudo user login
2. Change the ssh port
3. Disable all ports except the ssh port with firewall (or any specific port that needs to be open for Cloudron to run? I.e. does http and https need to be open as well?)
4. Kernel hardening

Thanks in advance

@joseph thanks!

@james local comp time is fine. how do I know it is not correct though?

Btw this issue still persist somehow, but when I tried to open it from incognito mode it's fine, so probably it's the browser cache.

Thanks for the help.

@joseph
I put the main location at www.example.com
and alias at example.com
any difference of alias from redirection?

@james

Hi,

Why I am getting this not secure indication while pointing the root domain to the wordpress?

Is it related to SSL cert config? and how to fix this?

Thanks in advance

@james thanks for your help, all good now

@james ok thanks I managed get it work using dry-run. so when should I change the DNS record in the domain registrar if using dry-run?

Previously what I have done:

1. set up a fresh Ubuntu 24 server and Cloudron by hand.
2. visit the new IP Address in the browser.
3. I used the backup config from 20 May 25, but then change the backup directory to the latest backup in 26 May 25 (this is the automatic backup, as I cannot open cloudron dashboard already) not using dry-run.
4. removed the local DNS record in the /etc/hosts file of the deleted VPS
5. changed the IP in the DNS record in the domain registrar to the new VPS IP
   Where did I go wrong?

and there is a folder in my storage bucket for backup named snapshot, what is this for? what is the difference with backup?

@james if I reinstall the server again and run using dry-run what IP address should I put in the /etc/hosts file?

@james that's what I did before, I restore it to the new server and got that "route unavailable post activation".
isn't it because the cloudron backup is stuck with that previous IP address of the server that been deleted?
and can I still access cloudron dashboard now? as one of the step is creating backup and backup config, so how do I do this if I cant access the dashboard?

@james I did try out the dry-run, before but since it's was not working before and deleted the previous server (45.79.92.84) and spin another server (45.76.157.117), but the old server (67.219.110.179) still there. What should I do in this case?

@james, thanks please keep me posted

@james it worked now, here is the result:
Generating Cloudron Support stats...Done
Uploading information...Done

Please email the following link to support@cloudron.io : https://paste.cloudron.io/busovomeqe

@james, yes, is there any installation needed for the command?

Thanks @james , I found this
zsh: command not found: cloudron-support

can you suggest what is happening withs this issue and how to fix it?

Hi all, got issues while restoring to a new VPS, anyone got this before?

Found this error while restoring to a new VPS:

anyone got this issue before?

@james thanks for the thorough explanations. so I have done this part:
example: 53.82.33.6 my.awesome.it and adding in the /etc/hosts file
but probably still got that browser cache. So I already open it and stuck in this page when opening through the new server IP:

How do I manage this?

@jdaviescoates yes I have updated /etc/hosts on my Mac local machine, but seems no effect. Could you please share what it suppose to look like? And after adding the new IP address and domain name run the dry-run it should connect the Cloudron to the new VPS IP right?