The Great Firewalls of bava

Posted on January 4, 2020 by Reverend

Image of a failed metal detector
Luckily, installing both an internal and external firewall on the new bava setup was not nearly as difficult setting up the LEMP environment outlined in my previous post.  For the server-based firewall I used the same one we have on our 150+ servers at Reclaim Hosting, namely ConfigServer Security & Firewall (csf). It’s free, and it has been very handy for blocking and allowing IPs quickly and easily. Also, this guide for Centos or Ubuntu has a straightforward, step-by-step setup that worked a treat. So, that is now up and running.

Next, I added the external firewall service Bitninja as a preventative measure to preemptively identify and block any incoming attacks. They also do a preliminary malware scan during the first 8 hours after installation, which is nice. Bitninja has a been a life-saver for our servers at Reclaim Hosting, and we install it routinely on any new server we setup. So, following that logic, I installed it on the bava server. Installing it is dead simple to, I just use the following command:

curl https://get.bitninja.io/install.sh | /bin/bash -s - --license_key=********************

Keep in mind the license key is edited out given we pay $5 per month per server license for Bitninja, which has been worth it for us at Reclaim. This might be overkill for the bava, frankly, but in the end the costs of hosting this blog on its own cloud-based server are fairly reasonable. I’ll lay them out for you below, and you be the judge:

    1. The 2 GB 4 GB server through Digital Ocean with 50GB hard drive: $10 per month $20 per month
    2. Weekly backups on Digital Ocean: $2 per month
    3. bitninja license for external firewall: $5 per month $10 per month

I could probably do cheaper, and #3 is a bit of a luxury, but in the end $17 $32 per month to have the bava running like a top [crosses fingers] is a good investment in my eyes.

Update:  Bitninja is actually causing performance issues at the moment. There is some kind of conflict, so will be looking into that tomorrow. Maybe D’Arcy’s right, damn the detox hippies!

Update : There’s a MySQl memory leak I am tracking down, so for the time being I jump the server up to 4 GB.

Update #3: Bitninja reached out and they are gonna help me trouble shoot the issue, cause they are awesome. Additionally, the reminded me the license is $10 a pop, so my total cost has gone up to $32 per month for the 4 GB server and the Bitninja license, but it will go down to $22 once I figure out the MySQL memory leak.

This entry was posted in bavatuesdays, sysadmin and tagged . Bookmark the permalink.

2 Responses to The Great Firewalls of bava

  1. Pingback: Managing Mail on the bavaserver | bavatuesdays

  2. Pingback: Managing Mail on the bavaserver | bavatuesdays

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.