And Toy Story.
Debian is a very popular Linux distribution for servers and is considered to be the most stable. Its social contract highlights values of transparency, community contribution, and adherence to the principles of Free software.
Debian “buster” 10 released, and Condless of course lets you experiment the new release with a ready-to-use VPS, so what are you waiting for?
To improve the successfull mail delivery rate from the server set up for the domain names: SPF, DKIM, DMARC, and make sure the server hostname appear at the A record, rDNS, server control panel, MTA (includes mailname), and content filter configuration values.
To config relay host in Postfix, use the commands:
apt-get install libsasl2-modules postconf -e 'relayhost = $relay_host_ip' postconf -e 'smtp_sasl_auth_enable = yes' postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd' postconf -e 'smtp_sasl_security_options =' echo "$relay_host_ip yourEmail:yourPassword" > /etc/postfix/sasl_passwd chown root:root /etc/postfix/sasl_passwd chmod 600 /etc/postfix/sasl_passwd postmap /etc/postfix/sasl_passwd /etc/init.d/postfix restart
To control the SSH authentication methods, the sshd_config file should be edited. In order to define which logs will be saved and where, the rsyslog.conf file should be edited according to the instructions.
To config the intrusion prevention system Fail2ban, create a jail.local file and use the commands, for example to enable the ssh protection:
[sshd] enabled = true
And to unban IP:
fail2ban-client set sshd unbanip $IP
To config NAT and port forwarding with iptables use:
post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '$LAN-IP-SUBNET' -o eno1 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '$LAN-IP-SUBNET' -o eno1 -j MASQUERADE post-up iptables -t nat -A PREROUTING -i eno1 -p tcp -m multiport --dports $PORTS -j DNAT --to $DESTINATION-LAN-IP post-down iptables -t nat -D PREROUTING -i eno1 -p tcp -m multiport --dports $PORTS -j DNAT --to $DESTINATION-LAN-IP
To config a reverse proxy in Apache server, which keeps the original reciever address and don’t pass the SSL certificates requests use those directives:
ProxyPreserveHost On ProxyPass /.well-known/acme-challenge ! ProxyPass /$PATH http://$LAN-IP:$PORT/$PATH ProxyPassReverse /$PATH http://$LAN-IP:$PORT/$PATH ProxyPass / http://$LAN-IP:$PORT/ ProxyPassReverse / http://$LAN-IP:$PORT/
As you probably have noticed- Buster, Strech, Jessie, and all other Debian distribution code names, are names of characters from the Toy Story movie, inspired by Bruce Ferns who worked at Pixar besides his tenure as the Debian project leader.