

Ask HN: Guidelines/steps to setup a secure Linux server for static site? - bikamonki

Any info&#x2F;links are welcome.
Gracias!
======
Someone1234
In addition to caw's list:

* Disable all modules/extensions on the web-server you aren't using (e.g. don't need PHP? Disable it). This more often have exploits than the web-servers themselves.

* Automate patching and updates (this can be done on both Linux and Windows fairly easily)

I'd also mirror fnom's suggestion. Why not just use something like S3? I just
entered details for a basic site on S3 and the calculator suggests it would
cost less than $1/month(!). That's with 10-20,000 requests, 1 GB of low
redundancy storage, and 1 GB in each direction for data.

------
caw
* Disable everything that's not the web server

* Turn on the firewall to only allow 80/443 and SSH in case you turn something else on

* only use passwordless SSH

* Use the latest version of (apache | nginx | other web server)

* subscribe to a mailing list for exploits for the software you're using

* Patch monthly, if not sooner for critical bugs

------
guiambros
Do yourself a favor and do NOT host a static website on a full Linux server.
It's more expensive, worse performance, more work to maintain, and a lot less
safe than the alternative.

The best approach for a pure static website is to host entirely using a CDN.
It's cheap, scalable, and zero maintenance. You don't even need a full CDN;
just an object data storage (like Amazon S3) is enough.

There are many tutorials online. Just Google " _hosting static website on S3_
". You may optionally use CloudFront on top of S3, if latency/performance
(particularly for international visitors) is important to you.

------
fnom
is there a reason that you are serving the site from a server and not from
something like s3/cloundfront/etc?

~~~
bikamonki
Everything is on a CDN, but don't I need at least the index.html file hosted
on a server where the domain resolves?

~~~
fnom
a least S3 has an option to turn a bucket into a static web host. i run
multiple angularjs apps directly from S3 via cloudfront without any servers.

------
2close4comfort
install/conf fail2ban and tripwire along with caw's list

------
bikamonki
Great answers thanks!

