VPS Quick start

This pages contains a small summary of the default configuration of our systems. Please read this page carefully to get started with a Greenhost VPS smoothly.

Contents

• Installed applications
• Accessing your system
• Firewall
  • Installed firewall software
  • Standard configuration
• Kernel

Installed applications

Greenhost VPSs come with a minimal amount of pre-installed software. We made this choice because we do not want to provide you with bloated systems. You can easily install the required software for your specific use.

In contrast to many other cloud providers, there is also no Greenhost software installed on the systems. There is no outside interference with the configuration or access rights of your system.

As with every provider, there are some specific configurations on our platform. This short guide should help you with the basics of our setup.

Examples in the helpdesk page concentrate on Debian/Ubuntu based systems.

Accessing your system

The primary way of accessing your system will be SSH. Although we do provide a graphical user interface to your system, this is only meant for emergency access. We strongly recommend using a terminal and SSH for operating your VPS.

By default we do NOT provide password access and only allow access with the use of an SSH key. This improves security. It is assumed you already have a SSH key or are capable of creating one. As this is very platform specific, this is not part of this manual. There are many great manuals about creating an SSH key pair on the internet.

During creation of the VPS from our Service Centre, the SSH public key of your choice will be installed. After first boot, and if you want to change/remove/add the access keys, this can be done on the system itself by editing the SSH key file, which can be found in ~/.ssh/authorized_keys.

Firewall

Installed firewall software

Linux uses standard iptables to manage the firewall. This command controls the firewall settings. However, these settings are not persistent. So after a reboot, those settings are forgotten.

To make a persistent configuration, VPSs are pre-installed with the applications iptables-persistent and netfilter-persistent. This pair of applications makes it possible to read/write the firewall configuration from disk and load it during boot time.

If you are planning to use a different firewall manager, it can be advisable to remove those packages.

For security reasons a default firewall configuration is installed.

Standard configuration

Standard the system is configured as follows:

• Outgoing traffic: All traffic allowed
• Incoming traffic: The default policy is DROP. Only port 22 (SSH), 80 (HTTP) and 443 (HTTPS) are allowed

If you want to open ports to allow traffic, a simple iptables command can be executed. For example: to open port 8080 on TCP, you could execute:

1
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT

Please note, this change is not persistent and will not survive a reboot. After changing the firewall we advise you to test the desired configuration and if you are satisfied, save the configuration.

1
iptables-save > /etc/iptables/rules.v4

Kernel

The kernel of your system is loaded outside of the VPS. You can configure the desired kernel in the configuration panel of the VPS. We advice to keep this to the default setting.

Kernel modules are placed in /lib/modules/{kernel_version} during boot. This is a tmpfs and always contains the latest kernel modules.

Kernels are by default compatible with docker, wireguard, aufs and other common server applications.

It is possible to migrate to management of the kernel from within the VPS. You can do this by selecting the special kernel pyGrub. You will also need to install grub and other kernel tools in your system for this.

However, we do not advise this as it will break some features of our platform (Encrypted VPS, API interface for VPS).