====== Virtual Private Server @ OVH ======

[[https://www.ovh.co.uk/vps/vps-ssd.xml|OVH VPS]] seem good value, they offer unlimited bandwidth which is pretty useful if you're looking to setup your own VPN.  Choose whatever level of VPS you desire and your operating system of choice.  I have opted for [[https://www.archlinux.org/|ArchLinux]] so thats what the instructions in this guide follow with regards to installing software, configuration of software is somewhat independent, although files may be located in different locations depending on the distribution.

====== Initial Setup ======

Once you've got your VPS details you can log in, by default this is done using the ''root'' account and password you are provided.

===== Version Control =====

Its simple to version control all of your configuration files, using [[http://www.git-scm.com/|Git]] and place the ''/etc/'' directory under version control (as ''root'').

<code bash>
cd /etc
git config --global user.name "Your Name"
git config --global user.email "your.email@address"
git config --global core.editor "nano"
git init
git add --all
echo 'passwd' > .gitignore
git add .gitignore
git commit -m "Added .gitignore"
</code>

==== etckeeper ====

An alternative it to use [[https://etckeeper.branchable.com/|etckeeper]] to place your ''/etc/'' directory under version control, there are several options as to which content manager to use, you can set it in the file ''/etc/etckeeper/etckeeper.conf'' after installation which is simple...

<code bash>
pacman -Syu etckeeper
</code>


===== Security =====

It is prudent to change the password for the ''root'' and the default user account (which is ''arch'').

<code bash>
ssh root@vps####.ovh.net
passwd
New password: 
Retype new password: 
passwd: password updated successfully
passwd arch
New password: 
Retype new password: 
passwd: password updated successfully
</code>

==== Securing sshd ====

Disable ''root'' login by editing ''/etc/ssh/sshd_config'' to prevent ''root'' login.  Optionally you can change the port on which [[|SSH]] connections are made.  If you change the port be sure to make a note of it as you will need to explicitly specify it when SSHing to the machine (you can edit ''~/.ssh/config'' on your local computers to hold these details to make your life easier).

<code bash>
PermitRootLogin no
Port ****
</code>

...then restart the ''sshd'' using the following systemd command...

<code bash>
systemctl restart sshd.service
</code>

Sample user-configuration on local computer ''~/.ssh/config'' and after doing so you can ssh by simply referring to the hostname, which in this case would be ''ssh vps_ovh''...

<code bash>
Host vps_ovh
     HostName vps*******.ovh.net
     Port ****
     User arch
</code>

===== Installing Software =====

This will depend on what you want to do with your VPS, I wish to host [[https://nextcloud.com/|NextCloud]] run my own [[https://openvpn.net/|OpenVPN]] and host some [[https://www.dokuwiki.org/DokuWiki|DokuWiki]], but I also want to use editors such as [[https://www.gnu.org/software/emacs/|Emacs]] and run [[https://www.r-project.org|R]] sometimes.  Under ArchLinux installing software is pretty simple using the [[https://wiki.archlinux.org/index.php/Pacman|pacman]] package manager.

<code bash>
pacman -Syu nextcloud openvpn dnscrypt-proxy emacs r rsync
</code>

==== AUR Software ====

Longer term I wish to get a [[https://www.rstudio.com/products/shiny/shiny-server/|Shiny Server]] and use [[https://ess.r-project.org/|Emacs Speaks Statistics]] neither of which are in the official repository but is available from the [[https://aur.archlinux.org/|ArchLinux User Repository]].

  * [[https://aur.archlinux.org/packages/emacs-ess/|AUR emacs-ess]]
  * [[https://aur.archlinux.org/packages/emacs-color-theme/|AUR emacs-color-theme]]
  * [[https://aur.archlinux.org/packages/shiny-server-git/|AUR shiny-server-git]]
  * [[https://aur.archlinux.org/packages/rc-local/|AUR rc-local]]

It is recommended that you read the [[https://wiki.archlinux.org/index.php/Arch_User_Repository#Installing_packages|ArchLinux Wiki : Arch User Repository - Installing Packages]].  Initially I had problems...

  1 Cloning git repositories,  I had to update the ''ca-certificates-utils''.
  2 No build system installed by default, I needed to install the ''base-devel'' packages
So before I could proceed, as ''root''...

<code bash>
pacman -Syu ca-certificates-utils base-devel
</code>

Now as the user ''arch'' run the following to clone the package and build it...

<code bash>
cd
mkdir aur && cd aur
git clone https://aur.archlinux.org/package_name.git
cd package_name
makepkg -si
</code>

Repeat these steps (heading the warning about checking files) for any AUR package you wish to install.


=== Add shiny-server config files to Git ===

Having installed Shiny-server the configuration files which reside in ''/etc'' they need adding to the git version control, as ''root''...

<code bash>
cd /etc
git add --all shiny-server
git commit -m "Adding shiny-server/ dir"
</code>
===== System Administration =====

ArchLinux uses [[https://wiki.archlinux.org/index.php/Systemd|systemd]], you can list processes using ''systemctl'' and then start/stop/restart/status and many other things besides.

====== Configuring OpenVPN ======

I used the [[https://github.com/Angristan/OpenVPN-install|OpenVPN install]] script since its supports ArchLinux.  Follow the instructions to install and configure OpenVPN.  Its preferable to my previous recommendation since its puts everything in the right place by virtue of correctly supporting Arch Linux.


===== DNS =====

A good choice is those provided by the [[https://www.opennic.org/|OpenNIC Project]], visit there and you'll be shown a selection of geographically local DNS servers.  You can not explicitly define [[https://en.wikipedia.org/wiki/Domain_Name_System|DNS]] servers by simply modifying the ''/etc/resolv.conf'' since ArchLinux autogenerates this file and it will be over-written.  There are [[https://wiki.archlinux.org/index.php/Resolv.conf#Preserve_DNS_settings|methods of avoiding this though]] in your VPS.

<code bash>
nameserver 31.3.135.232
nameserver 51.255.48.78
nameserver 146.185.176.36
</code>

This can also be achieved by modifying the ''/etc/openvpn/server/server.conf'' that was created above.

<code bash>
push "dhcp-option DNS 31.3.135.232"
push "dhcp-option DNS 51.255.48.78"
push "dhcp-option DNS 146.185.176.36"
</code>


====== Adblocking ======

You can block adds so that any client connected to the VPN doesn't see them using [[https://wiki.archlinux.org/index.php/Privoxy#Ad_Blocking_with_Privoxy|Privoxy Ad Blocking]].
====== Configuring NextCloud ======


====== Configuring Shiny Server ======