The extended setup | [Part 2]

Continuation of Part 1 Intro Summary from the Lock it down series

So we’ve laid out the basic fundamentals of what we’re trying to achieve: “Create a Webserver that’s separate from it’s Database, gear it to be scalable, and lock it down as much as possible yet fully functioning. Now, this isn’t a webserver setup to have clients on, atleast not clients that are to manage their own website / need access to the server. To allow that, we’d have to open up ourselves for FTP or SSH over the network, whereas right now I removed FTP and locked SSH down to require VPN.

  • Servers
    • Create them as Cloud S’s (1vCore, 512MB Ram, 30GB SSD) with CentOS 6 64bit
    • Connect them to Private Network
  • Web Server
    • Lock down firewall
      • Allow only SMTP, IMAP, HTTP, HTTPS, Plesk
    • SSH can only come over VPN*
    • Controlled by Plesk
    • Internal IP of 10.0.1.1 (i use the 10.0.0.x already)
  • Database Server
    • Mysql 5.5 MariaDB
    • SSH requires VPN*
    • Internal IP of 10.0.2.1

 

Our current setup:

Servers:

servers setup

webserverspecs

dbserverspecs

 

Firewall:

Database Firewall has everything but ICMP shutdown. This is so that if I want to monitor it with just a simple ping server I can. It’s also a monitoring policy ;D

dbfirewall

Webserver’s allows a bit more, but still follows what I explained.

2015-10-30 17_52_11-1&1 Control Panel

Private Network:

Simple Network. I use 10.0.0.0/24 for my current servers, but i’ll use 10.0.1.0/24 for the WebServers and 10.0.2.0/24 for Databases.

privatenetworks

 

Now head on to Part 3 for your Private Networking setup

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

One thought on “The extended setup | [Part 2]”