VPS setup terms / Digital Ocean

Question 1

If you don’t already have an SSH key, generate one using the following command:

Answer 1

ssh-keygen

Question 2

Once generated, SSH keys are stored in the SSH directory at the r.._ of your user account

Answer 2

Once generated, SSH keys are stored in the SSH directory at the root of your user account .~/.ssh

Question 3

When you generate an SSH key, it creates two files:
- A p____ key, which remains securely stored on your machine.
- A p____ key, which you provide to DigitalOcean or other services. This will have the .p___ file extension.

Answer 3

When you generate an SSH key, it creates two files: - A private key, which remains securely stored on your machine. - A public key, which you provide to DigitalOcean or other services. This will have the .pub file extension.

Question 4

Use the following command to display your public key:

Answer 4

cat ~/.ssh/id_rsa.pub

Note: The file name id_rsa.pub is a default for many setups, but the actual file name may differ based on how you generated your SSH key. If a different file was created, adjust the cat command accordingly (e.g., cat ~/.ssh/your-key-name.pub)

Question 5

command to connect to the server:

Answer 5

ssh root@’ip address or domain name’
ssh root@chasephilpot.com
ssh root@123:456:789

Question 6

Command to give the new user ‘username’ sudo privileges

Answer 6

usermod -aG sudo ‘username’

the -a argument stands for append
The -G argument tells usermod to change a user’s group settings.

Question 7

A utility to efficiently transfer and synchronize files and directories between two locations. It can operate locally or remotely.

Answer 7

rsync

Question 8

(part of larger command)
‘–archive A’ is shorthand for -rlptgoD, which means:

-r: recursively copy d_________s

-l: copy symbolic l____s as symbolic l____s
-p: Preserve file p________s
-t: Preserve modifcation ________s
-g: Preserve g________ ownership
-o: Preserve o______
-D: Preserve d__________ and special files

Answer 8

-r: recursively copy directories.
-l: Copy symbolic links as symbolic links.
-p: Preserve file permissions
-t: Preserve modification times
-g: Preserve group ownership
-o: Preserve owner (only if run as a superuser).
-D: Preserve device and special files.

Question 9

(part of larger command)
Changes the ownership of the files to the specified user (ralph) and group (ralph) after they are transferred to the destination.

Answer 9

–chown=ralph:ralph

Question 10

command to enable ufw

Answer 10

sudo ufw enable

Question 11

command for deleting rules in ufw:

Answer 11

sudo ufw delete allow rulename

Question 12

command to confirm NGINX is running

Answer 12

systemctl status nginx

Question 13

command to enable the ufw ‘Nginx Full’, which allows HTTP and HTTPS traffic

Answer 13

sudo ufw enable ‘Nginx Full’

Question 14

command to remove any redundant configuration

Answer 14

sudo ufw delete allow ‘redundant_config’

Question 15

command to check ufw status

Answer 15

sudo ufw status

Question 16

To remove any configuration from ufw we can use the command:

Answer 16

sudo ufw delete allow ‘rule_name’
Example:
sudo ufw delete allow ‘Nginx HTTP’

Question 17

command to initialize certbot:

Answer 17

sudo certbot –nginx -d www.domainname.com -d domainname.com

(optionally you can use the -v command to debug issues if they arise)

NOTE: certbot now upgrades http to https by default (this is the desired behavior)

Question 18

The a__ command is a package management tool in Ubuntu and other Debian-based Linux distributions

Answer 18

The apt command is a package management tool in Ubuntu and other Debian-based Linux distributions

Question 19

command to install node:
command to install NPM:

Answer 19

sudo apt install nodejs
sudo apt install npm

Question 20

command to install PM2
(a Production Process Manager for Node.js applications PM2 is going to make sure that our application is always running)

Answer 20

sudo npm install pm2@latest -g

Question 21

test the nginx config file for typos with the command:

Answer 21

sudo nginx -t

Question 22

An _ record maps a domain to the physical IP address of the computer hosting that domain.

Answer 22

An A record maps a domain to the physical IP address of the computer hosting that domain.

Question 23

Internet traffic uses the _ record to find the computer hosting your domain’s DNS settings.

Answer 23

Internet traffic uses the A record to find the computer hosting your domain’s DNS settings.

Question 24

The value of an _ record is always an IP address, and multiple _ records can be configured for one domain name.

Answer 24

The value of an A record is always an IP address, and multiple A records can be configured for one domain name.

Question 25

restart Nginx so that it can pick up the new configuration with the command:

Answer 25

sudo **systemctl reload** nginx

Question 26

This will allow us to automate the app process

Answer 26

**Pm2** makes it easy to start/stop our app and even restarts it if the server crashes and restarts

Question 27

command to tell pm2 to run whenever our server is **up**

Answer 27

pm2 **startup systemd**

Question 28

command for installing certbot:

Answer 28

sudo **snap** install certbot **--classic**

Question 29

A VPS can be thought of as being functionally equivalent to a dedicated p_____ s______ (although usually a lot cheaper)

Answer 29

A VPS can be thought of as being functionally equivalent to a dedicated **physical server** (although usually a lot cheaper)

Question 30

DigitalOcean Droplets are L____-based virtual machines (VMs) that run on top of virtualized h_____. Each Droplet you create is a new server you can use, either standalone or as part of a larger, cloud-based infrastructure.

Answer 30

DigitalOcean Droplets are **Linux**-based virtual machines (VMs) that run on top of virtualized **hardware**. Each Droplet you create is a new server you can use, either standalone or as part of a larger, cloud-based infrastructure.

Question 31

A V____ P_____ C_____ (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are inaccessible from the public internet and other VPC networks, and traffic on them doesn’t count against bandwidth usage

Answer 31

A **Virtual Private Cloud** (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are inaccessible from the public internet and other VPC networks, and traffic on them doesn’t count against bandwidth usage

Question 32

VPC p____ing allows you to join two VPC networks with a secure, private connection.

Answer 32

VPC **peering** allows you to join two VPC networks with a secure, private connection.

Question 33

we can connect to a VPS via its __ address

Answer 33

we can connect to a VPS via its **IP address**

Question 34

we use a firewall to disable traffic to the server except for ___ (so we can still connect to is securely)

Answer 34

we use a firewall to disable traffic to the server except for **ssh** (so we can still connect to is securely)

Question 35

S_______s are on-demand Droplet and volume images. They’re useful to manually back up or reproducibly create Droplets.

Answer 35

**Snapshots** are on-demand Droplet and volume images. They’re useful to manually back up or reproducibly create Droplets.

Question 36

UFW stand for ____ Firewall

Answer 36

**Uncomplicated** Firewall

Question 37

the service allowing you to connect to your server that has a profile registered within UFW

Answer 37

OpenSSH

Question 38

Run the following command to get a list of all current available profiles (re: firewall):

Answer 38

ufw app list

Question 39

you can check your current UFW ruleset with the command:

Answer 39

sudo ufw **status** or sudo ufw status verbose

Question 40

To block all network connections that originate from a specific IP address, run the following command

Answer 40

sudo ufw **deny from** 203.0.113.100

Question 41

Once you have Nginx installed and enabled as a service, run the following command to identify which profiles are available

Answer 41

sudo ufw **app list** | **grep Nginx**

Question 42

The following command will allow both HTTP and HTTPS traffic on the server (ports 80 and 443):

Answer 42

sudo ufw allow **"Nginx Full"**

Question 43

PostgreSQL listens for client connections on port 5___

Answer 43

PostgreSQL listens for client connections on port **5432**

Question 44

For more detailed information about each command parameter and available modifiers, you can use the __ utility to check UFW’s **manual**

Answer 44

the **man** utility ufw **man**

Question 45

PM2 is a d_____ process manager widely used in production for Node.js applications

Answer 45

PM2 is a **daemon** process manager widely used in production for Node.js applications

Question 46

PM2 makes it possible to d____ize applications so that they will run in the background as a service.

Answer 46

PM2 makes it possible to **daemonize** applications so that they will run in the background as a service.

Question 47

It is possible to add multiple records for the same DNS entry, each pointing to a different IP address. This supports a load distribution and balancing strategy known as R____ R____ DNS.

Answer 47

It is possible to add multiple records for the same DNS entry, each pointing to a different IP address. This supports a load distribution and balancing strategy known as **Round Robin** DNS.

Question 48

An AAAA record, also called a Q___ A record, maps an IPv6 address to a domain name. This determines where to direct requests for a domain name in the same way that an A record does for IPv4 addresses.

Answer 48

An AAAA record, also called a **Quad** A record, maps an IPv6 address to a domain name. This determines where to direct requests for a domain name in the same way that an A record does for IPv4 addresses.

Question 49

A CNAME record defines an a___ for an A record and points one domain to another domain instead of an IP address

Answer 49

A CNAME record defines an **alias** for an A record and points one domain to another domain instead of an IP address

Question 50

S____ P____ F____ (SPF) records contain lists of email servers that are authorized to send email on behalf of your domain

Answer 50

**Sender Policy Framework** (SPF) records contain lists of email servers that are authorized to send email on behalf of your domain

Question 51

CAA records specify which c____ a_____s are permitted to issue certificates for a domain.

Answer 51

CAA records specify which **certificate authorities** are permitted to issue certificates for a domain.

Question 52

most domain owners make their web servers accessible through the bare domain (example.com) and also through the “h___” definition “www” (www.example.com).

Answer 52

most domain owners make their web servers accessible through the bare domain (example.com) and also through the **“host”** definition “www” (www.example.com).

Question 53

A z___ file is a simple text file that contains the mappings between domain names and IP addresses. This is how the DNS system finally finds out which IP address should be contacted when a user requests a certain domain name. Z___ files reside in name servers and generally define the resources available under a specific domain, or the place that one can go to get that information.

Answer 53

A **zone** file is a simple text file that contains the mappings between domain names and IP addresses. This is how the DNS system finally finds out which IP address should be contacted when a user requests a certain domain name. **Zone** files reside in name servers and generally define the resources available under a specific domain, or the place that one can go to get that information.

Question 54

Every domain that a name server knows about is stored in a z___ file

Answer 54

Every domain that a name server knows about is stored in a **zone** file

Question 55

The more z___ files that a name server has, the more requests it will be able to answer authoritatively.

Answer 55

The more **zone** files that a name server has, the more requests it will be able to answer authoritatively.

Question 56

The S___ of A____, or SOA, record is a mandatory record in all zone files

Answer 56

The **Start of Authority**, or SOA, record is a mandatory record in all zone files

Question 57

MX records are used to define the m____ ex_____s that are used for the domain. This helps email messages arrive at your mail server correctly.

Answer 57

MX records are used to define the **mail exchanges** that are used for the domain. This helps email messages arrive at your mail server correctly.

Question 58

The command line tool d__ with the -x flag can be used to look up the reverse DNS name of an IP address.

Answer 58

The command line tool **dig** with the -x flag can be used to look up the reverse DNS name of an IP address. dig -x 8.8.4.4 +short (The +short is appended to reduce the output to the reverse DNS name.)

Question 59

t____r____ is a simple tool to show the pathway to a remote server.

Answer 59

**traceroute** is a simple tool to show the pathway to a remote server. traceroute google.com

Question 60

when using traceroute, the maximum number of hops can be adjusted with the -_ flag. If the host you are trying to route to is over 30 hops away, you may need to specify a larger value here. The maximum value you can set is 255.

Answer 60

traceroute **-m** 255 obiwan.scrye.net

Question 61

A dynamic alternative to the traceroute program is m__

Answer 61

A dynamic alternative to the traceroute program is **mtr** Unlike traceroute, mtr is not installed by default on most systems. You can get it by typing the following commands. Ubuntu / Debian: ```sudo apt-get install mtr```

Question 62

CAA records are used to specify which Certificate Authorities (CAs) are allowed to issue S../T.. certificates for your domain

Answer 62

CAA records are used to specify which Certificate Authorities (CAs) are allowed to issue **SSL/TLS** certificates for your domain

Question 63

__ is a utility for transferring and synchronizing files between a computer and a storage drive and across networked computers by comparing the modification times and sizes of files

Answer 63

rsync

Question 64

A "server b____" is a configuration section within a web server like Nginx that defines how to handle requests for a specific domain or group of domains, essentially allowing you to host multiple websites on a single server by specifying different settings and behaviors for each domain based on the incoming request's domain name; in simpler terms, it's like a virtual server within a server, enabling distinct configurations for different websites on the same machine.

Answer 64

A "server **block**" is a configuration section within a web server like Nginx that defines how to handle requests for a specific domain or group of domains, essentially allowing you to host multiple websites on a single server by specifying different settings and behaviors for each domain based on the incoming request's domain name; in simpler terms, it's like a virtual server within a server, enabling distinct configurations for different websites on the same machine.

Question 65

Let’s Encrypt is a C____ A_____ (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted _____ on web servers

Answer 65

Let’s Encrypt is a **Certificate Authority** (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted **HTTPS** on web servers