The extended setup | [Part 2]

Continuation of Part 1 Intro Summary from the Lock it down series

So we’ve laid out the basic fundamentals of what we’re trying to achieve: “Create a Webserver that’s separate from it’s Database, gear it to be scalable, and lock it down as much as possible yet fully functioning. Now, this isn’t a webserver setup to have clients on, atleast not clients that are to manage their own website / need access to the server. To allow that, we’d have to open up ourselves for FTP or SSH over the network, whereas right now I removed FTP and locked SSH down to require VPN.

  • Servers
    • Create them as Cloud S’s (1vCore, 512MB Ram, 30GB SSD) with CentOS 6 64bit
    • Connect them to Private Network
  • Web Server
    • Lock down firewall
      • Allow only SMTP, IMAP, HTTP, HTTPS, Plesk
    • SSH can only come over VPN*
    • Controlled by Plesk
    • Internal IP of (i use the 10.0.0.x already)
  • Database Server
    • Mysql 5.5 MariaDB
    • SSH requires VPN*
    • Internal IP of


Our current setup:


servers setup





Database Firewall has everything but ICMP shutdown. This is so that if I want to monitor it with just a simple ping server I can. It’s also a monitoring policy ;D


Webserver’s allows a bit more, but still follows what I explained.

2015-10-30 17_52_11-1&1 Control Panel

Private Network:

Simple Network. I use for my current servers, but i’ll use for the WebServers and for Databases.



Now head on to Part 3 for your Private Networking setup

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

One thought on “The extended setup | [Part 2]”