Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How To Deploy/Send Settings Configs from Local VirtualBox Debian/CentOS into Remote VPS/KVM ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How To Deploy/Send Settings Configs from Local VirtualBox Debian/CentOS into Remote VPS/KVM ?

atErikatErik Member
edited March 2017 in Help

Hi LET/LEB Community.

Please help LET/LEB users with your ideas/suggestions, who want to DEPLOY/send/UPLOAD SETTINGS, configs, etc from local (Oracle)-VirtualBox based Debian/CentOS VM into remote VPS/KVM instance.

This type of data/info will make it easier to start new VPS/KVM.

What other SIMPLE/simpler options users can use locally instead of VirtualBox based Debian/CentOS ? or, what simple options in remote machine users can use ?

And, what can users use to BACKUP/Download the (configurations, settings, database, files, etc) changes from remote VPS/KVM into a local VirtualBox Debian/CentOS ?

Do users need to install a specific kernel locally for such to work better ?

These type of info/data should help many users.

Thanks in advance, for your help/ideas/suggestions.
--Erik.

Comments

  • atErikatErik Member
    edited March 2017

    Using a script on remote VPS, to configure VPS:

    1. LowEndBox has released a script to configure Debian VPS, here:
      LowEndBox - LowEndScript.

      Also see this fork of that, here: XeonCross-LowEndScript, and here is LET discussion on XeonCross LowEndScript LET

    2. Webpage shown here: JarrodTaylor-Dev-VPS-Build-Script, described how to quickly setup a remote VPS for software development purpose by using a Github user chosen pre-configured script:
      (1) SSH into your VPS as root,
      (2) then do these:

    wget https://raw.githubusercontent.com/jarrodtaylor/dev-vps-build-scripts/master/setup.sh
    chmod +x setup.sh
    sudo ./setup.sh

    A user can download any of those script, and can re-configure with his/her own chosen configurations, then, it can be used for quick VPS-setup purpose.

    But these scripts by-default does not exactly transfer a local VM's configurations or settings into a remote VPS. And these scripts cannot backup remote VPS's changed file's into a local VM.

  • These tools allow to: Automate VPS setup, configuration/settings management, application deployment, etc into VPS/KVM/Cloud/etc remotely:

    1. Puppet: view these Puppet-docs, view Puppet-Wikipedia.

    2. Chef: view these Chef-docs, view these Chef-Tutorials, and view Chef-Wikipedia.

    3. Saltstack: view these Saltstack-docs, view Saltstack-Wikipedia.

    4. Ansible: view these Ansible-docs. View Ansible-Wikipedia.

    5. And view Comparison Of Open-Source Configuration Management Software.

    These tools also have+can load Backup modules/addons, for making backup.

  • • The script at VPSSIM, has many many options with different apps/tools choices, to quickly setup CentOS based VPS. Here is a discussion thread/topic on VPSSIM - LET.

    • For Ubuntu based VPS, which does not allow Docker, prepare it quickly with this script: Dockerless Install Script - pl3bs.

    • For quickly setup a Debian/Ubuntu based VPS as your mail/email server, you may try this script: mailcow - andryyy. Here is LET discussion page: mailcow - LET.

    • For quickly setup CentOS based VPS as webserver, you may try: Centmin Mod Project.

    • For Ubuntu based VPS, you may try EasyEngine, to install WordPress, NGINX, PHP, MySQL, Postfix, etc.

    • For Debian/Ubuntu based VPS, you may try: TuxLite. LAMP and LNMP stacks (Linux, Apache/Nginx, MySQL/MariaDB/Percona, PHP), Postfix, Varnish cache.

    • For Debian based VPS/KVM/HVM/etc, you may try: Minstall.

    • For Debian based VPS, you may try: LempStack - atishnn, and a better fork of that: LempStack - mdPlusPlus.

    • A discussion on List all the easy-vps-setup scripts with platform support, here at LET: https://www.lowendtalk.com/discussion/85833/

    • A discussion on Script for LAMP/LNMP Stack, here at LET: https://www.lowendtalk.com/discussion/86031/

  • atErikatErik Member
    edited March 2017

    If you have only few numbers of VPS/KVM/HVM/nodes/servers for your small project/business, then individual configuration/customization based on CONTROL-PANELS (CP) software might be better option for your case, than using more powerful CONFIGURATION-MANAGEMENT (CM) software/solution.


    (1a) Create & Install a VM=VirtualMachine (with same OS/Linux/Unix/Windows as your remote VPS OS) inside the local VirtualBox/VMWare/etc hypervisor software in your computer. Then configure the OS inside VM, and keep track/record/note of all filenames which you're editing.

    or, •(1b) Obtain at-least one or few remote VPS/KVM/HVM/node/etc. Then configure it, and keep track/record/note of all filenames which you're editing. If you want to use advanced DNS configurations & want to fully control your own domain-name/space, then you will need at-least 2 IP-addresses for name-DNS-servers, and those 2 IP-address can also be used for email server. Either 1 server will need to have at-least 2 publicly routable IP-address, or 2 different servers where each has at-least 1 publicly routable IP-address.

    (1c) you may have to do these steps in all of your VPS/VM initially if you want more security, (or else skip this step-1c), i.e: Secure VPS/VM's SSH server, load authentic software/package signing/verification GPG/PGP public-key files. See step-2d below.


    (2a) Install your choice of appropriate Control-Panel (CP) software, from here: Web-Hosting CONTROL-PANEL Comparison LIST -Wikipedia, inside the VPS/VM.

    (2b) Install same CP in all of your VPS/VM, which has same OS.

    (2c) Change settings of CP to use encrypted HTTPS based URL for configuration of VPS/VM, for you public IP-address in your VPS. (Local VM inside VirtualBox can be accessed via localhost). CP often use pre-defined & known fixed port, & CP software should allow you to change that port-number, Use your own choice of a different port for your CP, lets call it PortOfCP.

    (2d) If you want more security then follow this step or else skip: Configure CP to allow connection into SSH-server only from server's own localhost 127.0.0.1 / ::1. Localhost based CP can be configured only via SSH connection. So keep SSH-server enabled in VPS/VM. Do not use port 22 for SSH-Server, use something else. Use SSH key based auth, instead of password based auth. If VPS provider added/allowed bash-shell access option or temporary shell access option, securely over encrypted HTTPS connection, then use that for new & strong SSH keygen, & view its info & fingerprint, & write it down. See step-3c below.


    (3a) In your local/host computer's web-browser software, Open all VPS/VM Control-Panel (CP) URLs, each in separate browser-Tabs.

    (3b) 1st start to configure 1 VPS/VM, lets call it VPS-1 or VM-1. When you complete configuration/settings of a section in VPS-1 or VM-1, check if its working, then copy-paste the settings from VPS1/VM1's that section, into your other/remote VPS's same section, by using CP access via your web-browser software.

    (3c) If you want to configure more securely then you've already followed step 1c & 2d so now you need to follow this step-3c, or else skip this 3c & goto 4a: Start your local/host computer's SSH client software to connect with remote VPS/VM's SSH server. Dont forget to add a SSH port-forwarding for the remote PortOfCP (CP's configuration port), in your local/host computer's SSH client. For each VPS/VM you will need to create a separate SSH-client account inside your SSH client software. To connect with remote VPS/VM's CP via SSH, usually you will have to use https://127.0.0.1:PortOfCP/ url in your web-browser. So keep each VPS/VM's PortOfCP different, (so they do not conflict locally and to avoid extra SSH-client config). Do not use such SSH client software which has backdoors. Make sure your local SSH client connecting with correct SSH server using correct keys, check your notes, compare fingerprint, taken on step 2d. Use a 2nd web-browser for accessing your CPs, like: Portable-Firefox, etc. Configure web-browser to use stronger security. Do not visit any website from that web-browser, which you do not own, or you are unsure if its using script/codes to steal/copy your CP-access sessions/cookies/etc somehow.


    (4a) Now you may update each VPS/VM & configure different sections, via each (ControlPanel) CP-access opened in your web-browser. It is better to use at-least one VPS or a local VM as your primary server, and then copy/transfer that one's configs/settings into other/remote VPS/VM. (But you/user/admin/sys-admin/DevOps have to make sure that some data remains obviously different+unique or can re-adjust based on your script, like: VPS/VM's host name, VPS/VM's IP-address, Settings which depends+changes based on value of IP-address, SSH-keys, etc). Use such CP which allows CONFIGURATION MIRRORING or CLUSTERING into+with other VPS/VM. For more security, Find out earlier if the CP has support modules/plugins for enabling DNSSEC, LetsEncrypt/similar free SSL/TLS-Certificate obtain+integration with Apache/NGINX, DKIM, etc.


    Different person/group/business will need to use different CP based on their own benefits/factors, and based on resource capacity availability of their VPS/VM.


  • So, you will post every day ?? To answer your own question.

    Thanked by 1Lunar
  • LunarLunar Member

    Too lazy to read everything that you just posted. TLDR?

  • atErikatErik Member
    edited March 2017

    • If you have to control/deploy/deal with many many (few dozens to 100s, or 1000s of) VPS/KVM/HVM/nodes/servers/etc then consider to learn & use your choice of CONFIGURATION-MANAGEMENT (CM) software, see my previous post on CM software.

    • And if you have to control/deal with only small numbers of VPS/KVM/etc servers/nodes, then use WebHosting CONTROL-PANEL (CP) software. CPs usually have very user-friendly & easy webpage based user-interface. My previous post shows basic info on how to use CP.


    Other than CP or CM software, (or quick setup Scripts, then), below tools/apps may also be helpful or necessary for your purpose related to this thread:

    List & Comparison Of SSH-CLIENTS -Wikipedia, aka "ssh" clients. You will need one SSH-Client software in your-side computer. Use such SSH-client which allows multiple connections into multiple remote servers simultaneously, if you will work on multiple remote servers at same time. You may use this OpenSSH client for Windows -youngmug. Dropbear is a very light SSH client, most Linux/Unix repo includes Dropbear, just use your native pkg-manager to obtain it, then configure a frontend GUI or command-line or a script use that to initiate SSH connection. Unfortunately there is no direct binary for macOSX/Windows from original author. CygWin pkg-manager in Windows can install Dropbear or OpenSSH+SFTP+SCP client tools. Original source can be compiled in macOSX, (with assistance of XCode, etc). Another option in macOSX is, load package-management tool MacPorts, then it can install an uptodate OpenSSH (server, client, SFTP, SCP etc tools) or Dropbear, then you may use Fugu -fitterhappier frontend GUI for using that OpenSSH/Dropbear. Pallet is a frondend GUI for MacPorts. MacPorts is comparatively more secure than Homebrew. Many OS's builtin/native SSH client software have weaknesses/backdoors & have no credible auditing, so carefully choose a trustworthy one for more security. Its always best to obtain source-codes, verify, & then compile with trustworthy toolchains to create the binary/executable. Do not download this type of security software or source-code or file-author's/releaser's file-signing GPG/PGP pubkey or file's signature/digest/hash/signed code over non-encrypted HTTP connection, or from any 3rd-party website.


    • Here is a List Of SSH-FTP CLIENTS -Wikipedia (aka SFTP-CLIENTS) to transfer files, if the CP (ControlPanel) software does not support file-transferring. Use such SSH-FTP-client which allows multiple connections to multiple remote servers simultaneously, if you will transfer files in between multiple remote servers at same time. You may use this SFTP client on Windows: WinSCP. You may use Fugu -fitterhappier on macOSX - its a frontend GUI for SFTP/SCP & SSH tools. MacPorts on macOSX can install an uptodate OpenSSH & related SFTP/SCP tools, and Pallet is a frondend GUI for MacPorts. If you do not want MacPorts based OpenSSH or Fugu, then you may try Cyberduck on macOSX. You may also try FileZilla for macOSX (make sure to get FileZilla's installer-file & file's Hash/Digest code, only from source website over HTTPS encrypted connection/webpage, do not download FileZilla from a mirror or Download.com or CNet or any other websites). Many OS's builtin/native SSH SFTP/SCP tools software have weaknesses/backdoors & have no credible auditing, so carefully choose a trustworthy one for more security. Its always best to obtain source-codes, verify, & then compile with trustworthy toolchains to create the binary/executable. Do not download this type of security software or source-code or file-author's/releaser's file-signing GPG/PGP pubkey or file's signature/digest/hash/signed code over non-encrypted HTTP connection, or from any 3rd-party website.


    • For more security (on SSH-SERVER, aka "sshd"), make sure to:


    VirtualBox: use this to create a local VM (Virtual Machine) in a local computer. You may view VirtualBox -Wikipedia page or VirtualBox-docs. Obtain the minimal install or net-install ISO file of your choice of Linux/Unix disc, attach that ISO file with a virtual CD into a VM, configure VM to boot from virtual CD, install that linux/unix inside the VM. You may also view List & Comparison Of Platform Virtualization Software -Wikipedia, if you want something else other than VirtualBox.


    • You may obtain+use this Portable-Firefox -chriswombat for Windows. And you may obtain this Portable-Firefox -crgand for macOSX, and you may need LionPatch for macOSX Lion. For more security, make sure to obtain the hash/digest code by clicking on the "i"/info icon on SourceForge webpage over HTTPS connection, then you may get file from mirror websites. And compare digest/hash code of downloaded-file and code-shown on SourceForge webpage, before running the installer.


    • For more security, always obtain installer-file's HASH/DIGEST/CHECKSUM code shown on ORIGINAL author's or ORIGINAL file-releaser's webpage, then compare that code with the calculated hash/digest/checksum code of downloaded file. Always obtain hash/digest code from original author's/file-releaser's website, over HTTPS encrypted connection. Here is a List & Comparison Of File Verification Software -Wikipedia. On windows you may use CyoHash -calzakk, its a simple shell-extension for Windows-Explorer to calculate MD5, SHA1, CRC32 etc checksum/digest code of a file, just right-click on a file > Properties > CyoHash tab > use Calculate button to calculate & view checksum/digest code of the file. On macOSX, run the "Terminal", type "openssl dgst -sha256" & a type a space after that, then drag the downloaded file from macOSX "Finder"-window into the line where you typed "openssl...", release the file on that line, press enter, it will calculate & show SHA-256 digest/checksum code.


  • rsync

  • Also, Debian, Thx.

  • atErikatErik Member
    edited March 2017

    In search engines, search for "securing harden YourOSnameHere", 1st read webpages from your own "YourOSnameHere" website, then read from other trustworthy websites.

    CentOS do not have many new tools, so you may need to use Fedora for new tools/features. CentOS is based on RHEL (Red Hat Enterprise Linux). These (CentOS, RHEL, Fedora) have similar operating structures, that is, CentOS most command & codes will usually work on RHEL & Fedora. Fedora website uses more security. CentOS includes/supports & allows more "trustworthy" or more "secure" older tools/apps.

    Debian includes/supports new tools, features. Debian website has mixed security: though website's some sections/subdomains/webpages are DNSSEC signed, but often tools/files, ISO files, GPG/PGP pubkey code of author/releaser or Hash/Digest/Checksum/Signed codes/files, etc are neither shared/shown over an encrypted HTTPS connection/webpage, nor shared/shown from a DNSSEC signed subdomains ! inconsistent/incomplete basic security. Ubuntu is based on Debian.


    Security/Protection & Privacy & Democracy/Freedom etc items/factors are interconnected. But there are opposing entities/people, who want to profit more & profit quickly (and harm more, & harm quickly, and create more loss for others, & create massive loss quickly for others) by abusing/exploiting those, so such entities do not want users, people, software, data-network, etc to have any real security, privacy, freedom, etc, and they take powerful steps to achieve systematic abuse/exploit/backdoor. So if you are really worried & want to take care or do something about those item's protection & protection of people around you & your own & future of all, then you & others who cares, will have to read more, research & work to counter/undo their steps & do what protects/helps you & others fairly in long run, without destroying / abusing / exploiting / harming more things or others.


    CentOS : Securing SSH | Securing CentOS Protection | HowTo SELinux | Setup & Configure IPTables packet-filtering firewall | RHEL7 Security Guide | RHEL7 Hardening Checklist -Uni Texas | Securing CentOS sshd -CentOSHelp | Guide to the Secure Configuration of CentOS 7 -OpenScap | Securing CentOS with Bastille -HowToForge | Security Harden CentOS7 -Arr0way @ HighOnCoffee Mar-2015 | Securing Linux (RHEL4) -Puschitz 2007 | IPTables Examples For New SysAdmins -Vivek Gite @ CyberCiti Jan-2016 | Essential Skills With CentOS: Securing Firewall With IPTables & TCPWrappers, Rate-Limit, SSH, etc -Ray Heffer Sep-2015.


    Debian : Securing SSH -Debian Manuals | HowTo Secure Debian | Hardening Debian -DebianWiki | Debian GNU/Linux Security Checklist and Hardening -HardenedLinux Jun-2015 & same page over HTTPS webpage: Debian Security Checklist and Hardening | Guide to the Secure Configuration of Debian 8 -OpenScap | Steps To Secure Debian Server -ServerFault Feb-2015 | Harden the SSH Access Security On Debian -Pierre-Yves Landuré @ HowTo.Biapy last-updated Nov-2016 | Debian Firewall | Firewalls -Debian | IPTables -Debian | Securing Debian With Firewall | Setup Debian Firewall by using a Script -AboutDebian.


    • MIXED/VARIOUS : Secure Secure Shell SSH -Stribika Jan-2015 | GRSecurity & PaX Kernel Security Patch allows to secure Shared-Host/Container/OpenVZ/LXC/Linux-VServer | How To Harden & Secure OpenSSH Server & IPTables -Mohammed Noufal @ ErrorLogz last-update Mar-2016 | Linux Server Hardening Security Tips -nixCraft (CentOS/RHEL/Debian/Ubuntu) -Vivek Gite @ CyberCiti Last updated on Jan-2016 | Server Side TLS/SSL Security Configurations -Mozilla shows TLS/SSL Security recommendations by Mozilla for NGinX, Apache, Haproxy, Hitch/Stud, AWS ELB, HAProxy, Zeus Load Balancer (Riverbed Stingray), Citrix Netscaler, Go, F5 BIG-IP | HowTo Harden TLS & SSH -Charles Fisher @ LinuxJournal Nov 2015 | Apache Web Server Hardening & Security Guide -Chandan Kumar @ GeekFlare Nov-2016 | Fedora Security Guide | Basic Hardening Security Guide for Fedora19/Fedora17 | Linux Security Guide for Hardening IPv6 -Michael Boelen @ LinuxAudit Jan-2016 | Guide to the Secure Configuration of Fedora -OpenScap | An Introduction to Securing your Linux VPS -DigitalOcean Mar-2014 | Control Network Traffic With IPTables -Linode Feb-2017 | HowTo Edit IPTables Rules -FedoraProject | Securing Ubuntu/Debian VPS Using IPTables/NetFilter Firewall -RoseHosting Aug-2014 | RHEL/Fedora IPTables/Netfilter Firewall for IPv4/IPv6 -Vivek Gite @ CyberCiti Jun-2010/IPv4 Aug-2009/IPv6.


    These info posted here on Mar-7-2017.

Sign In or Register to comment.