In the last weeks I did some work to tune my Ubuntu VPS server where my blog is hosted at. I will describe the steps I did and what problems I did face.
Ubuntu upgrade from 22.04 to 24.04
I followed this guide for the upgrade. When I ran do-release-upgrade -d to start the upgrade, I faced this error:This was likely caused by: * Unofficial software packages not provided by Ubuntu.Please use the tool 'ppa-purge' from the ppa-purge package to remove software from a Launchpad PPA and try the upgrade again.
The simple solution was to remove two old packages, which I got hinted at by running cat /var/log/dist-upgrade/main.log | grep ERROR:apt-get remove postgresql-10 postgresql-12
Then I was able to perform the update, reboot and everything was fine.
All in all I can just recommend to stay up to date with your packages & operating system
SSH Audit
Another thing I had on my list for a long time was to fine tune my SSH server settings. It wasn't a lot of work needed, I just modified the HostKeyAlgorithms to only allow ssh-ed25519, the Key Exchange Algorithms (KexAlgorithms) and the Message Authentication Codes (MACs).
You can test your SSH server configuration easily on ssh-audit.com.
Additionally I can recommend to use another port than 22 for the SSH server and to use fail2ban.
SSL Server Audit
Another important thing is to have up to date SSL certificates that your web server is using. I will not go into detail about this, but ssllabs.com has a good site to test this.
