VPS setup terms / Digital Ocean Flashcards

1
Q

If you don’t already have an SSH key, generate one using the following command:

A

ssh-keygen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Once generated, SSH keys are stored in the SSH directory at the r.._ of your user account

A

Once generated, SSH keys are stored in the SSH directory at the root of your user account .~/.ssh

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When you generate an SSH key, it creates two files:
- A p____ key, which remains securely stored on your machine.
- A p____ key, which you provide to DigitalOcean or other services. This will have the .p___ file extension.

A

When you generate an SSH key, it creates two files: - A private key, which remains securely stored on your machine. - A public key, which you provide to DigitalOcean or other services. This will have the .pub file extension.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Use the following command to display your public key:

A

cat ~/.ssh/id_rsa.pub

Note: The file name id_rsa.pub is a default for many setups, but the actual file name may differ based on how you generated your SSH key. If a different file was created, adjust the cat command accordingly (e.g., cat ~/.ssh/your-key-name.pub)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

command to connect to the server:

A

ssh root@’ip address or domain name’
ssh root@chasephilpot.com
ssh root@123:456:789

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Command to give the new user ‘username’ sudo privileges

A

usermod -aG sudo ‘username’

the -a argument stands for append
The -G argument tells usermod to change a user’s group settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A utility to efficiently transfer and synchronize files and directories between two locations. It can operate locally or remotely.

A

rsync

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

(part of larger command)
‘–archive A’ is shorthand for -rlptgoD, which means:

-r: recursively copy d_________s

-l: copy symbolic l____s as symbolic l____s
-p: Preserve file p________s
-t: Preserve modifcation ________s
-g: Preserve g________ ownership
-o: Preserve o______
-D: Preserve d__________ and special files

A

-r: recursively copy directories.
-l: Copy symbolic links as symbolic links.
-p: Preserve file permissions
-t: Preserve modification times
-g: Preserve group ownership
-o: Preserve owner (only if run as a superuser).
-D: Preserve device and special files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

(part of larger command)
Changes the ownership of the files to the specified user (ralph) and group (ralph) after they are transferred to the destination.

A

–chown=ralph:ralph

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

command to enable ufw

A

sudo ufw enable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

command for deleting rules in ufw:

A

sudo ufw delete allow rulename

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

command to confirm NGINX is running

A

systemctl status nginx

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

command to enable the ufw ‘Nginx Full’, which allows HTTP and HTTPS traffic

A

sudo ufw enable ‘Nginx Full’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

command to remove any redundant configuration

A

sudo ufw delete allow ‘redundant_config’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

command to check ufw status

A

sudo ufw status

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

To remove any configuration from ufw we can use the command:

A

sudo ufw delete allow ‘rule_name’
Example:
sudo ufw delete allow ‘Nginx HTTP’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

command to initialize certbot:

A

sudo certbot –nginx -d www.domainname.com -d domainname.com

(optionally you can use the -v command to debug issues if they arise)

NOTE: certbot now upgrades http to https by default (this is the desired behavior)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The a__ command is a package management tool in Ubuntu and other Debian-based Linux distributions

A

The apt command is a package management tool in Ubuntu and other Debian-based Linux distributions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

command to install node:
command to install NPM:

A

sudo apt install nodejs
sudo apt install npm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

command to install PM2
(a Production Process Manager for Node.js applications PM2 is going to make sure that our application is always running)

A

sudo npm install pm2@latest -g

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

test the nginx config file for typos with the command:

A

sudo nginx -t

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

An _ record maps a domain to the physical IP address of the computer hosting that domain.

A

An A record maps a domain to the physical IP address of the computer hosting that domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Internet traffic uses the _ record to find the computer hosting your domain’s DNS settings.

A

Internet traffic uses the A record to find the computer hosting your domain’s DNS settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The value of an _ record is always an IP address, and multiple _ records can be configured for one domain name.

A

The value of an A record is always an IP address, and multiple A records can be configured for one domain name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
restart Nginx so that it can pick up the new configuration with the command:
sudo **systemctl reload** nginx
26
This will allow us to automate the app process
**Pm2** makes it easy to start/stop our app and even restarts it if the server crashes and restarts
27
command to tell pm2 to run whenever our server is **up**
pm2 **startup systemd**
28
command for installing certbot:
sudo **snap** install certbot **--classic**
29
A VPS can be thought of as being functionally equivalent to a dedicated p_____ s______ (although usually a lot cheaper)
A VPS can be thought of as being functionally equivalent to a dedicated **physical server** (although usually a lot cheaper)
30
DigitalOcean Droplets are L____-based virtual machines (VMs) that run on top of virtualized h_____. Each Droplet you create is a new server you can use, either standalone or as part of a larger, cloud-based infrastructure.
DigitalOcean Droplets are **Linux**-based virtual machines (VMs) that run on top of virtualized **hardware**. Each Droplet you create is a new server you can use, either standalone or as part of a larger, cloud-based infrastructure.
31
A V____ P_____ C_____ (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are inaccessible from the public internet and other VPC networks, and traffic on them doesn’t count against bandwidth usage
A **Virtual Private Cloud** (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are inaccessible from the public internet and other VPC networks, and traffic on them doesn’t count against bandwidth usage
32
VPC p____ing allows you to join two VPC networks with a secure, private connection.
VPC **peering** allows you to join two VPC networks with a secure, private connection.
33
we can connect to a VPS via its __ address
we can connect to a VPS via its **IP address**
34
we use a firewall to disable traffic to the server except for ___ (so we can still connect to is securely)
we use a firewall to disable traffic to the server except for **ssh** (so we can still connect to is securely)
35
S_______s are on-demand Droplet and volume images. They’re useful to manually back up or reproducibly create Droplets.
**Snapshots** are on-demand Droplet and volume images. They’re useful to manually back up or reproducibly create Droplets.
36
UFW stand for ____ Firewall
**Uncomplicated** Firewall
37
the service allowing you to connect to your server that has a profile registered within UFW
OpenSSH
38
Run the following command to get a list of all current available profiles (re: firewall):
ufw app list
39
you can check your current UFW ruleset with the command:
sudo ufw **status** or sudo ufw status verbose
40
To block all network connections that originate from a specific IP address, run the following command
sudo ufw **deny from** 203.0.113.100
41
Once you have Nginx installed and enabled as a service, run the following command to identify which profiles are available
sudo ufw **app list** | **grep Nginx**
42
The following command will allow both HTTP and HTTPS traffic on the server (ports 80 and 443):
sudo ufw allow **"Nginx Full"**
43
PostgreSQL listens for client connections on port 5___
PostgreSQL listens for client connections on port **5432**
44
For more detailed information about each command parameter and available modifiers, you can use the __ utility to check UFW’s **manual**
the **man** utility ufw **man**
45
PM2 is a d_____ process manager widely used in production for Node.js applications
PM2 is a **daemon** process manager widely used in production for Node.js applications
46
PM2 makes it possible to d____ize applications so that they will run in the background as a service.
PM2 makes it possible to **daemonize** applications so that they will run in the background as a service.
47
It is possible to add multiple records for the same DNS entry, each pointing to a different IP address. This supports a load distribution and balancing strategy known as R____ R____ DNS.
It is possible to add multiple records for the same DNS entry, each pointing to a different IP address. This supports a load distribution and balancing strategy known as **Round Robin** DNS.
48
An AAAA record, also called a Q___ A record, maps an IPv6 address to a domain name. This determines where to direct requests for a domain name in the same way that an A record does for IPv4 addresses.
An AAAA record, also called a **Quad** A record, maps an IPv6 address to a domain name. This determines where to direct requests for a domain name in the same way that an A record does for IPv4 addresses.
49
A CNAME record defines an a___ for an A record and points one domain to another domain instead of an IP address
A CNAME record defines an **alias** for an A record and points one domain to another domain instead of an IP address
50
S____ P____ F____ (SPF) records contain lists of email servers that are authorized to send email on behalf of your domain
**Sender Policy Framework** (SPF) records contain lists of email servers that are authorized to send email on behalf of your domain
51
CAA records specify which c____ a_____s are permitted to issue certificates for a domain.
CAA records specify which **certificate authorities** are permitted to issue certificates for a domain.
52
most domain owners make their web servers accessible through the bare domain (example.com) and also through the “h___” definition “www” (www.example.com).
most domain owners make their web servers accessible through the bare domain (example.com) and also through the **“host”** definition “www” (www.example.com).
53
A z___ file is a simple text file that contains the mappings between domain names and IP addresses. This is how the DNS system finally finds out which IP address should be contacted when a user requests a certain domain name. Z___ files reside in name servers and generally define the resources available under a specific domain, or the place that one can go to get that information.
A **zone** file is a simple text file that contains the mappings between domain names and IP addresses. This is how the DNS system finally finds out which IP address should be contacted when a user requests a certain domain name. **Zone** files reside in name servers and generally define the resources available under a specific domain, or the place that one can go to get that information.
54
Every domain that a name server knows about is stored in a z___ file
Every domain that a name server knows about is stored in a **zone** file
55
The more z___ files that a name server has, the more requests it will be able to answer authoritatively.
The more **zone** files that a name server has, the more requests it will be able to answer authoritatively.
56
The S___ of A____, or SOA, record is a mandatory record in all zone files
The **Start of Authority**, or SOA, record is a mandatory record in all zone files
57
MX records are used to define the m____ ex_____s that are used for the domain. This helps email messages arrive at your mail server correctly.
MX records are used to define the **mail exchanges** that are used for the domain. This helps email messages arrive at your mail server correctly.
58
The command line tool d__ with the -x flag can be used to look up the reverse DNS name of an IP address.
The command line tool **dig** with the -x flag can be used to look up the reverse DNS name of an IP address. dig -x 8.8.4.4 +short (The +short is appended to reduce the output to the reverse DNS name.)
59
t____r____ is a simple tool to show the pathway to a remote server.
**traceroute** is a simple tool to show the pathway to a remote server. traceroute google.com
60
when using traceroute, the maximum number of hops can be adjusted with the -_ flag. If the host you are trying to route to is over 30 hops away, you may need to specify a larger value here. The maximum value you can set is 255.
traceroute **-m** 255 obiwan.scrye.net
61
A dynamic alternative to the traceroute program is m__
A dynamic alternative to the traceroute program is **mtr** Unlike traceroute, mtr is not installed by default on most systems. You can get it by typing the following commands. Ubuntu / Debian: ```sudo apt-get install mtr```
62
CAA records are used to specify which Certificate Authorities (CAs) are allowed to issue S../T.. certificates for your domain
CAA records are used to specify which Certificate Authorities (CAs) are allowed to issue **SSL/TLS** certificates for your domain
63
__ is a utility for transferring and synchronizing files between a computer and a storage drive and across networked computers by comparing the modification times and sizes of files
rsync
64
A "server b____" is a configuration section within a web server like Nginx that defines how to handle requests for a specific domain or group of domains, essentially allowing you to host multiple websites on a single server by specifying different settings and behaviors for each domain based on the incoming request's domain name; in simpler terms, it's like a virtual server within a server, enabling distinct configurations for different websites on the same machine.
A "server **block**" is a configuration section within a web server like Nginx that defines how to handle requests for a specific domain or group of domains, essentially allowing you to host multiple websites on a single server by specifying different settings and behaviors for each domain based on the incoming request's domain name; in simpler terms, it's like a virtual server within a server, enabling distinct configurations for different websites on the same machine.
65
Let’s Encrypt is a C____ A_____ (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted _____ on web servers
Let’s Encrypt is a **Certificate Authority** (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted **HTTPS** on web servers