Installation Best Practices

The manual states that the default install is relatively insecure in so many words. I take it mainly because it doesn’t employ HTTPS, and uses the root SQL user by default and etc. So what are some best practices for a secure install?
For example I am not using the “root” user but a am using a user that has sudo capabilities, should I be using just a standard user with no sudo capabilities?
I am not using the root user for my DB.
I deploy HTTPS.
I use the script provided with fail2ban.
Am I missing something?

Not one piece of advice…

  1. Which script are you referring to (with fail2ban)? There are hundreds of scripts in the internet.

  2. Why don’t you try this tutorial from saljut7? Tutorial for Seafile CE + Nginx + dynamic DNS (on ARM / Cubietruck / RaspberryPi)
    It’s the most complete one and you will have all control about your installation (fail2ban and e.g. ufw firewall can be set up seperately).

  3. The benefit using this tutorial is that you know then what you are doing/what’s going on on your server and additionally you can show up questions / improvement suggestions by commenting the thread.

Did my installation based on saljut7’s tutorial and because of following his steps I could inform myself about every step: e.g. I’ve decided to install a newer nginx version than that provided by debian jessie because I can use http/s then and so on. This also helps the community, because new suggestions and additions are improving the tutorial for everybody.

1 Like