A newbie setting up a VPS without cPanel

So I'm thinking about grabbing a VPS to host my own stuff (mumble, maybe minecraft?, shoutcast, ftp, www) but cPanel costs way too much for what I want to do with a VPS.

What I don't know is how to actually set it up properly after I have the VPS and can login, and what I should/shouldn't be doing!

I tried webmin out before a long time ago and it was pretty damn confusing...

Are there any specific processes I should run or best-practices I should be aware of?

If a guide exists and you feel it's fairly comprehensive then by all means, link plz.

It depends on what you want to do be more specific than stuff.

What os are you wanting to use?

What will be the primapy use of the server?

Can you use linux via command line? How competently?

If you are more looking for how do I harden linux then dont bother the default is good enough for %80 of ppl.

Also dont install an ftp server they are insecure use ssh-ftp/scp instead it does every thing ftp does and its encrypted. it also means you dont have to install, setup, secure and mantian an aditional service.

Probably CentOS as that's the general default of most VPS, unless there's a specific reason to switch to another.

Main purpose would just be as a webhost for a few of my domains.  Probably email as well since google apps is not free anymore.

I'm comfortable with using linux via command line or using command line in general but I'm not very fluent at what linux commands exist aside from the common ones.

I guess I'm more or less asking if there are things I should never do since it's basically open to the internet!

I use CentOS alot for work im not sure I really like it the yum repos are old (All patches are back ported so they are secure just old) this creates problems if you want to use somithng that isnt in the yum repo like mumble. CentOS is fine for me because everything I use is in the yum repo but for you, you may want to consider using fedora because of its newer repo. While CentOS is for servers and Fedora is for more consumer home type stuff the diffrence is tiny being as they are both made by the same ppl.

Setting up a web host is piss easy if you can edit a text document with nano then you can setup a secure and fast webserver without the need of a control panel. There are generaly lots of good tutorials out there for nginx + php-fpm + apc + mysql just search google and also be weary of this bad nginx config then use phpmyadmin for your mysql interface.

Google apps isnt free anymore? Are you sure about that im fairly sure that im still using it for free i remeber when i signed up for it there was a paid version for buisneses and then hidden was a free version for personal use. Well setting up a secure email server is a massive pain in the ass if you can avoid it by useing hotmail or google or something else its worth it, if not there are pleanty of tutorials for postfix + dovecot and then just use squirrel mail for your web interface.

Their are 5 main things to do to keep your server secure.

Keep web interfaces secure.

Stuff like phpmyadmin and squirelmail are the main entry point for hackers they often have vulnerabilitys (unverified upload and sql injection are the two most dangerus and prevelent ones) are not updated automaticly and have bots scanning the net relentlessly for vulnerable versions. For userfaceing websites there isnt much you can do about this just keep them up to date, for admin interfaces however this is nice and simple just keep them behind an htaccess username and password and only use https (with a self signed cert) to access them.

Keep stuff upto date.

Second reason most servers get hacked is out of date services. This is nice and simple if you use yum to install everything just add a cron job that runs yum update -y every night.

Segragation.

Just because a hacker gets access to one service shouldent mean they get the whole server. Give each site on your server their own mysql username, password and database. Make sure each service runs under its own user one for nginx one for mysql and so on its tempting to run stuff you just installed like mumur under root but its so dumb. Run a seperate php-fpm under a unique username for each site if one gets hacked the hacker cant touch the other sites again runnig all sites under a single php user is just dumb.

Use secure passwords

Yea I really shouldent have to say this but I do, your server WILL get hammered with bots trying the username root and the password password hackers only do this because it actually gets them a lot of results. So yea your root account shouldent be accessable from ssh it should have a password over 20 characters and you should login to your server with a ssh key onto a wheel account. Also use sshguard. Some ppl change their ssh port its not really a form of security it just cuts down logs I find it annoying so I dont.

Limit the number of internet facing services/ports

IE you dont need ftp as ssh will do it with ssh-ftp so dont run an ftp service its just another entry point for a hacker. Dont have mysql php-fpm running on an open port they dont by default so you shouldent have to worrie about this but its a good concept i have seen ppl that write an irc bot that wants access to a sites mysql rather than using something like a php script that the bot connects to and then the php can clean and validate the input and give it to the mysql server they just open up their mysql server to the public the connection is unencrypted so any idiot with a sniffer can get the mysql password and have loads of access to a server they shouldent.

There is a whole bunch of other stuff you can do but this and some common sence will protect you from like 95% of attacks which is good enough for most stuff.

Thanks a bunch!  Very good advice

I'll see if Fedora is available, most likely is.  I never would have guessed to use different users for different processes as I've always just done everything on Windows as  admin.  Time to look up how that works.

Regarding google apps being not free anymore: http://googleenterprise.blogspot.ca/2012/12/changes-to-google-apps-for-businesses.html

Damn you google. You might want to give hotmail a go they have the same thing as google apps where you get an address under your domain but it all goes through hotmail. I havent used it myself but my friend has and it all seems decent. Seting up mail really is a nightmare you got to setup postfix to take in mail then setup tables for the mail to be passed to ClamAV (antivirus) then SpamAssasin then it goes through delivery filters and is passed to mail man to actualy deliver the mail and then dovecot for your imap and pop and you then setting up sasl for authentication and then you will probably want a web frontend like squirel mail. It takes like a week just to get the bloody thing to work and then another week making sure its secure. And after your long hard work you end up with something that lets more spam in than gmail with a webinterface thats not as good as hotmail.

I would recommend Debian if you want to host multiple sites on it.  It's so easy with the scripts they have setup.

Basically you put your Vhost configs in a file like /etc/apache2/sites-available/my.domain.com and then you use a2ensite my.domain.com to enable it (and then reload apache).  Don't want that site online anymore?  Do a2dissite my.domain.com and reload apache and it will be offline.

This makes stuff very easy to manage if you are using virtual hosts in Apache.  Even mods are easy to manage, a2enmod ssl turns on SSL, a2dismod ssl disables it.

I switched from Fedora to Debian for basically all mine and my clients servers and it makes the whole process so much more modular, which means it's easier to manage.  I still run Fedora on my desktop/laptop though.

The Debian repos also have more stuff in them (I think... at least it seems that way) and most of it is newer stuff.  If you need bleeding edge stuff you can add the sid repos and add software from there.

To secure it you can set it up so you get an email whenever someone logs onto the server.  I would also recommend learning and running IPTables to ensure that only traffic you want through the firewall gets through.

So I got a VPS running fedora17.  Tried my best to setup everything properly so far.  After looking at nginx vs apache.  I'd like to try out nginx but configuring nginx is so confusing, every website has a different config and doesn't really explain much of what the config does.  I'm not a big fan of just cut/pasting whole configs unless I have like a general understanding of the contents.

Guess it's off to the nginx wiki to slowly read about every parameter that I see being used.