🛠️ VitNode is still in development! You can try it out, but it is not recommended to use it now in production.
🛠️ Get Started
Secure Server

Secure Server

Secure in the most important part of the server. In this guide, we will cover the basic steps to secure your server.

Fail2Ban

Install Fail2Ban

apt install fail2ban -y

Config Fail2Ban

echo -e "[sshd]\nbackend=systemd\nenabled=true" | tee /etc/fail2ban/jail.local

Enable Fail2Ban

systemctl enable fail2ban

Start Fail2Ban

systemctl start fail2ban

Verify status of Fail2Ban

systemctl status fail2ban

Status should be Active: active (running).

fail2ban status

Disable IPv6

Open the Configuration File

nano /etc/sysctl.conf

Add the following lines to the file

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Save and Exit

Press Ctrl + X, then Y, then Enter to save and exit the file.

Apply the changes

sysctl -p

Verify the changes

cat /proc/sys/net/ipv6/conf/all/disable_ipv6

If you see 1, then IPv6 has been disabled.

Create a non-root user

In this part of the guide, we will create a new user and give them sudo privileges. Please replace {username} with the name of the user you would like to create.

Create a new user

adduser {username}

Add user to Sudo Group

usermod -aG sudo {username}

Generate SSL

For more secure connections, you can generate an SSL certificate. We using Termius (opens in a new tab) to generate the certificate.

Generate SSH Key

In Termius (opens in a new tab) open "Settings => Keychain" and click on the "Generate" button on SSH Key section.

Keychain Settings in Termius

Fill the form

Form Keychain in Termius

Save public key generated by Termius.

Create SSL folder

Open the terminal your server and create a folder for the SSL certificate.

mkdir /home/{username}/.ssh && cd /home/{username}/.ssh

Create authorized_keys file

nano authorized_keys

Paste the public key

Now paste the public key generated by Termius into the authorized_keys file.

Save and Exit

Press Ctrl + X, then Y, then Enter to save and exit the file.

Restart SSH Service

systemctl restart sshd

Test the connection

Now try to connect to your server using the private key and the username you created without password. If you can connect, then the SSL certificate has been successfully generated.

From here we will be using the new user for the rest of the guide.

Edit Configuration File

Open the Configuration File

sudo nano /etc/ssh/sshd_config

Change the Default SSH Port

Locate the line that reads #Port 22 and change it to Port X where is is a different port number.

Disable Root Login

Locate the line that reads PermitRootLogin yes and change it to PermitRootLogin no.

Disable Password Authentication

Locate the line that reads #PasswordAuthentication yes and change it to PasswordAuthentication no.

Save and Exit

Press Ctrl + X, then Y, then Enter to save and exit the file.

Firewall (UFW)

Install

sudo apt install ufw -y

Deny all incoming connections

sudo ufw default deny incoming

Allow all outgoing connections

sudo ufw default allow outgoing

Allow SSH

sudo ufw allow ssh

Allow Nginx

sudo ufw allow 'Nginx Full'

Allow the new SSH port

sudo ufw allow {port}

Replace {port} with the port number you set in the SSH configuration file.

Enable

sudo ufw enable

Restart SSH Service

sudo systemctl restart sshd

Set permissions

git config --global --add safe.directory /home/vitnode &&\
 sudo chmod 775 /home/vitnode &&\
 sudo chown -R {username}:{username} /home/vitnode

Replace {username} with your username.