Personal Server with Forge

Yea you can. There was a change in the way you provision a server a couple of months ago. You can set up a "custom vps". It will give you a command line to run on your server and provisioning will start. This is the way you have to do it for Amazon AWS and I have also done it for other ubuntu boxes.

Take a look here at the script that creates the Homestead environment:

https://github.com/laravel/settler

Agree with what @sitesense linked to. If you are going to be responsible for a physical machine, and you have security concerns, then roll your own install. If you want to match it to forge and homestead as much as possible follow what the settler script does and you will be 99% or the way there. I set up my boxes more or less the same way with just a few changes in the stack.

Just be careful about some of the settings there. The scripts there are for Development, so some settings should be changed/turned off for production. But at least it will get you on the right track.

@noeldiaz, (and others who have) would you be willing to share your setup script?

@JonasWeigert and @sitesense thx for the input. While I was browsing digital ocean saw landscape. Anybody has experience with that service. it costs $320/yr for single server. Not sure from browsing their website what I get for that. Trying to understand what are my options

@MThomas, I don't have a master script, but I do have a small collection of scripts and notes that I use to provision new machines. Just recently started moving our servers from RHEL to Ubuntu so haven't had time to fully automate the process. Used shell scripts and Puppet with the RHEL ones.

I could put them up as Gists in GitHub. Is there a particular setup you are gunning for? I have not used Digital Ocean, but have 5 servers in Linode and 5 in AWS (for consulting jobs) so I have experience with those. Plus our local 3 server VMware setup (for my day job) has like 45 other vms of various flavors.

My current Ubuntu 14.04 setup is very similar to what Homestead/Forge has with a few differences like MariaDB 10 (with custom config) instead of MySQL and Nginx unstable for the SPDY support. I do that and tweak SSHd settings (port, allowed users), set up Iptables for firewall, and the rest (PHP 5.6, Redis, etc). I'll pull that up tomorrow and you can take a look. Nothing too fancy. Actually should back this up somewhere anyways, until I can sit down and make some Puppet manifests.

@noeldiaz, It would be wonderful if you would share those snippets.

My problem (like many others will have) is that I am not a server admin, so setting up PHP, Nginx, MySQL, PhpMyAdmin, Beanstalkd and for example MongoDB is not the problem but that leaves you with a pretty vulnerable server. DO offers a lot of tutorials to enhance security (for example on IP tables) but that often is very limited. It shows how to do it, but it does not cover how to do it for a full stack.

I could do this with Forge, and it is not that I don't want to pay for an forge account, but I am one of those people who wants to know how it works, whats behind it and how to do it yourself. Snippets like settler provide insight in how others do it, but settler is only a development setup, it does not cover IP tables for example.

So what I'm gunning for, and this might sound a bit idealistic, in insight in a secure web server setup, from which I can learn how others do it and copy parts to do it for myself.

Funny that you mention Puppet, I looked in it numerous times, and it seems like a good interface to set things up, but that still leaves the question what should I do to get a secure setup. That is what I hope to learn from those snippets.

For most sites, doing a few things to lock down the OS is all that's needed. If you require higher security, main things are SSH access, Firewall (open ports, protocols, limiting access to services), Attack types like SYN (Layer 4), Layer 7, UDP flood etc. Even getting hardware Firewall and network protection could be used.

User permissions have a big play in security as one wrong setting could allow for some process or hole to be able to read/write somewhere and thus opening a backdoor for an attack/hack.

Take a look at this for more attack methods used https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf

I, for one, use Ajenti on Ubuntu servers. Lets you setup most things you need for a web server, runs on a secure connection.

That's similar to Webmin and isn't that great. It's good for managing sections of your server but I wouldn't say it helps you keep it secure or finds misconfigurations.