ip address
i.e 127.0.0.1 - internet protocol
DNS
- maps ip addresses to domains - (Domain name system
) 216.58.223.110=== google.com
DNS works with caches a lot. it uses the local cache, LAN DNS server and the ISP DNS server to find the shortest route to a domain.
DNS cache poisoning
can be prevented by using https. DNS cache poisoning tampers with the cache such that a domain name is pointed to the wrong ip.
traceroute
shows you the number of hops it takes to get to a domain name, while ping just shows you if the server is live. traceroute uses (ICMP)
internet control message protocol(ICMP)
- An error reporting protocol, used by routers, hosts and network devices to generate error messaages when there are problems delivering ip packets. it's an extension of (ICMP)
SSh
- a way of connecting to remote devices.
you can either log into a server either using a username and a password or via ssh keys(more secure).
there are two types of ssh keys: private and public. The private key stays in your local machine while the public key is stored in the server.
ssh-keygen
- generate for you a private key.
A server can be a web server, database server or a storage server
Dedicated server
- completely under your control, very expensive. one site get's like all the resources. it's a physical box.
Vps
- A dedicated server is broken into parts and shared among different users.i.e can host multiple websites, cheap, runs on a virtual machine like hypervisor
Advantages of the cloud:
- flexible
- scalable
- on demand(use it when you need it.)
most unix-like system useopenSSH
as the ssh client. alternatively you can use putty. add public key to a serverssh-copy-id -i ~/.ssh/key.pub user@host
. useprivate key
to log in to a serverssh -i ~/.ssh/privatekey user@host
-i
stands for identity. theknown_hosts
file is used to authenticate servers. it is created when you ssh into a server and it contains both the copies of the private key and public keys. the authorised key files is used to authenticate users before they are looged into a server and it contains a copy of thepublic key
added to the server.
it is good not safe to use root user to log into your server always. so it is advisable to create a normal user, and then add them to the sudo user group so that the user can have acces to some superuser powers.
creating a new user with sudo previleges:
adduser $USERNAME
adding the user to the sudo group: usermod -aG sudo $USERNAME
sudo !!
run the previous command as root
to create ssh access for the new user you have just added do the following:
log into the server as root user and then:
su $USERNAME
- switch the user.
mkdir ~/.ssh
- create an ssh folder
nano ~/.ssh/authorized_keys
- create a file called athouried_keys and then copy the contents of your public key into this file.
chmod 600 ~/.ssh/authorized_keys
- restrict the permissions of authorized_keys
file.
now you can ssh into the server into your new user account.
TODO: CHange my server username.
mkdir -p somefolder- the p flag means create the directory if it does not exist.
the sshd_config file contains ssh configuration rules. it located in /etc/ssh/sshd_config
.
to disable root login, go into the file above and set PermitRootLogin to no
. and the restart the ssh service using sudo service ssh restart
the www
host name means that i.e www.brianmituka.com will take you to the correct ip and @hostname
allows you to use brianmituka.com and it will still take you to the correct ip. this is when setting up your domain from a domain registrar. i.e godaddy.
the A
record maps a name to one or more IP addresses, when the ip are known and stable
the CNAME
record maps a name to another name.
you can use a CNAME
to create a subdomain
NGINX is a high‑performance, highly scalable, highly available web server, reverse proxy server, and web accelerator (combining the features of an HTTP load balancer, content cache, and more). NGINX offers a highly scalable architecture that is very different from that of Apache (and many other open source and commercial products in the same category). NGINX has a modular, event‑driven, asynchronous, single-threaded architecture that scales extremely well on generic server hardware and across multi-processor systems. NGINX uses all of the underlying power of modern operating systems like Linux to optimize the usage of memory, CPU, and network, and extract the maximum performance out of a physical or virtual server. The end result is that NGINX can often serve at least 10x more (and often 100–1000x more) requests per server compared to Apache – that means more connected users per server, better bandwidth utilization, less CPU and RAM consumed, and a greener environment too.
NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers.
a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.
A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server. Reverse proxies forward requests to one or more ordinary servers which handle the request. The response from the proxy server is returned as if it came directly from the original server, leaving the client with no knowledge of the origin servers.
sudo apt install nginx
- install nginx
sudo service nginx start
- start nginx service
/etc/nginx/sites-available/default
contains default nginx settings. i.e it's the configuration file.
sudo service nginx restart or sudo service nginx reload
- restart nginx server.
rmdir foldername*
- remove all the folders that start with foldername
sudo chown -R $USER:$USER /exampledirectory
- make the current user the owner of a directory
create a location block like this:
location /example {
proxy_pass http://127.0.0.1:3001/;
}
the location /example
block means that when someone goes to http://site.com/example
, the request will be redirected to the application that is listening on port 3001;
there are several process managers for node:
-
Forever
-
PM2
-
Strong loop process
installing forever: npm install -g forever
start an app: forever start app.js
forever stop all apps: forever stopall
create a directory for logs: sudo mkdir -p /var/log/forever
change the owner of that directory to the current user: chown -R $USER:$USER /var/log/forever
log output of the app being run by forever: forever start app.js >> /var/log/forever/forever.log