Where to Get a ‘Cloud’ Server For $5/month

So you’re playing with setting up a cool project or web application (like the one I show you how to set up in my new Udemy course), and you want it to be accessible for your friends, your family, and yourself (while traveling away from your home network). How do you set that up?

Buckle up; I’m about to explain all the things.

Read more

Course Launch: Hands-on Linux: Self-Hosted WordPress for Linux Beginners

It’s taken me several months but I’ve finally done it: this weekend, I’m launching the first tutorialinux course on the Udemy learning platform. The course is called “Hands-on Linux: Self-Hosted WordPress for Linux Beginners.”

https://www.udemy.com/hands-on-linux-self-hosted-wordpress-for-linux-beginners/
It’s a project-based course which teaches the basics of Linux system administration using a practical, real-life project to lead you through the material. In the course, I walk beginning Linux sysadmins through setting up a fully-featured, production-grade WordPress hosting platform on their own server.

Of course, you can run other PHP applications on this platform, too. I chose WordPress because it’s so insanely popular right now, and because I know the platform relatively well after spending a year working as a security consultant doing malware cleanups and security overhauls on compromised WordPress sites.

The course itself follows the project-based learning approach I’ve been talking about recently. Although I think theory is important (and occasionally even fun), people just seem to learn much faster when they work on a practical project that ties together 10 or 20 individual skills and gives them a usable artifact at the end (in this case, a hosting platform).

I supply a slow drip of theory in this course — just enough to keep students making progress on the project while still understanding what’s going on.

 

More than a “Basics” Tutorial

The course is much more than just basic application setup and configuration, though. I’ve made sure to cover “real sysadmin” stuff; the things that sysadmins actually spend their time doing in real life (not just “apt-get install -y somesoftware && nano /etc/configfile”). Topics like:

  • system monitoring
  • performance optimization and caching
  • security hardening
  • creating and restoring website backups (filesystem backups and MySQL backups)
  • HTTP protocol basics

The course features 71 videos right now; about 8 hours of video content. There’s more coming, too: I’ll be continuing to improve and add material to the course as it grows and I get feedback from students.

Plus, you’ll have something to ‘take home with you’ when you finish the course: it’s always cool to have a robust, performant hosting platform at your fingertips, ready to do your bidding, host your friends’ websites, make you millions of dollars, etc.

I’ve marked a bunch of the videos as being ‘free previews,’ so there’s about an hour of viewing to be had for free on the “course curriculum” page.
All the links in this post include a coupon for $7 off the retail price (just over 15%). Have a look at the course curriculum, and check out some of the free preview videos from the course!

Get over there and check it out!

Want to Succeed? You Need Project-Based Learning

If you’re trying to learn System Administration, Software Development, or any other complex technical skill, you’re probably going about it in the wrong way: lots of theory study, and very little practical work. In this article, I’ll show you the right way: a faster and more effective way to learn, backed by the latest scientific research on learning.

This is just how most Linux and programming courses are structured. After all, there’s a huge theoretical foundation that you need before you can become an effective professional in those highly technical fields. Why not start with lots of theory right away, to get it out of the way and enable students to understand the concepts which are built on top of those theoretical foundations? Wrong.

Read more

Want to keep your Eyes healthy? Use Redshift

If you’re spending a lot of time looking at a screen, you’ll probably want to turn down the blues, to give your eyes a chance: http://jonls.dk/redshift/.

To install, just use your operating system’s package manager (apt, pkg, pacman, etc.) to install redshift. On Ubuntu and Debian, this would be:

apt-get install redshift

Try a few of the following commands, and see which you like better (just run these in a terminal, and kill one before trying the other. It’ll take a few seconds to actually shift the colors on your screen; be patient):

Read more

New tutorialinux guide: Getting Started with Linux Containers (LXC)

A while back, I did a YouTube series on Linux Containers (LXC). If you are (or want to be) a sysadmin or software developer, you need to know about Linux Containers, and understand how to use them. I’ve just written a ~45-page guide to getting started with this useful skill — check it out here! For those of you that want more details (or a link to the original playlist), read on:

Read more

HTTP Strict Transport Security

I’m excited for this post, because I get to introduce one of my best friends (and favorite coworkers) to the tutorialinux horde. I’ve been working with Christian in some form or another for several years now. We met while working at a startup in 2012, where he is the lead developer, and have worked on several projects since then. Although right now he gets paid mostly for programming work, he’s a longtime sysadmin and has been a huge influence on my growing taste for using FreeBSD systems in production.

You know those people who seem to have started in IT when they were still in diapers? That’s Christian. It’s my pleasure to welcome him as a contributor to tutorialinux. He’s got some fantastic stuff to share, and a huge amount of real-world experience to back up everything he teaches.

Lately, Christian and I have become a bit obsessed with encryption and HTTPS (going to far as to write a mini e-book about it, teaching people to set up TLS on their websites). Can you blame us? With the recent Internet security scares and the enormous push for TLS by organizations like Firefox, Tor, Google, Let’s Encrypt, and others, it’s definitely at the forefront of many system administrators’ and developers’ minds.

In these conversations about website security and HTTPS, you’ll often hear people talk about HTTP Strict Transport Security (HSTS for short). But what exactly is HTTP Strict Transport Security? How does it work? And how can you set it up in a few simple steps?

You’re about to find out.

Read more

Protecting Your Website With HTTPS (SSL/TLS)

I’ve just released the first tutorialinux ebook. For those of you who want a sneak-peek, this post is basically a command-line-instructions only version of the practical content from the e-book. These instructions will get you a working configuration for serving HTTPS traffic to your website visitors.

Disclaimer: This post leaves out most of the background, theory, explanations, security and performance tuning, and additional considerations like backups, security, etc. All of this extra content is found in the e-book. If you want to support tutorialinux, buying the e-book is a great way to ensure that there’s a constant stream of new content coming out on YouTube and this website.

Okay, that being said, let’s get started!

If you’re a sysadmin, chances are that you feel strongly about the adoption of widespread encryption. Advertising companies, governments, and criminals are trying to track and record every move you and your website visitors make, every interest you show, and every thought you hint at. People are finally beginning to fight back by encrypting web traffic, even for pages that don’t absolutely require it, such as login or payment pages.

In this post, I’ll show you how.

Read more

How to Browse the Web through a Proxy Server

One question I often see has to do with setting up proxies and browsing from a different IP address. While this tutorial isn’t about how to browse the web anonymously, it explains how to tunnel your traffic through a web proxy. This can be used for:

  • circumventing some types of censorship,
  • slightly more private surfing,
  • bypassing stateful packet inspection and content-filtering firewalls,
  • accessing your instaFaceTwitSnap from work,
  • getting around IP-based geo-blocking, and
  • otherwise rebelling against the man.

To outside observers, it will seem as if you’re browsing from that remote machine. Here’s my ASCII-art version of what this looks like:

(You) <====== [encrypted tunnel] ======> (your server) <====> [your web browsing traffic, going to the sites you visit].

The whole thing takes about 3 minutes to set up; here’s how:

 

Read more

The Top 10 WordPress Security Mistakes

Sooner or later, we all deploy a PHP web application (Joomla, WordPress, Magento, etc.). I’m currently doing some security work, and I deal with a huge number of sites that have been hacked. The crazy thing is that 90+ percent of these compromises could have been prevented by a few security precautions. Here’s a list of the most common misconfigurations and security holes (from a System Administrator’s perspective), along with how to fix them.

We also look at some of the most popular goals of the attackers (‘consequences’).

Read more

Securing SSH with SSHGuard

We all love SSH (Secure SHell). It lets us connect to our remote servers, circumvent firewalls, confuse stateful packet inspection and network monitoring, and otherwise keep nosy entities in the dark about what kind of data we’re shuffling around between machines. However, every server you run SSH on is experiencing hundreds or thousands of attacks every day — most are just brute-force login attempts, but some are more sophisticated attacks.

Here, I’ll show you how to set up SSHGuard, which is a cleverly designed, easy way to harden your SSH installation and decrease the amount of resources that attackers can soak up. It also conveniently works for other services, not just SSH (more on that later). Let’s get started!

Read more