This Tech Talk is free and open to everyone. Register below to get a link to join the live stream or receive the video recording after it airs.
February 25, 2021, 11:00 a.m.–12:00 p.m. ET
About the Talk
Keeping your users’ data safe is important in the digital age. People’s entire lives are now online in some way. One of the first things you can do to ensure your users’ safety is to ensure their data is transmitted to you and back securely, and for that, we use SSL. SSL is the tool responsible for HTTPS and the little safe green lock in your browser telling your user that any data they transmit to your site will be done securely.
In this Tech Talk, I’ll go over SSL, its history and how it works, and how to secure your sites with SSL so that you can keep your users’ data safe.
What You’ll Learn
What SSL is, its history, how it works, and why we need it
Securing your Sites with Certbot
Modern web servers with SSL on by default (Caddy)
This Talk is Designed For
Systems administrators, DevOps engineers, first-time web developers, students.
Knowledge of how to install packages on a Linux operating system and deploy a website to a server using Nginx, Apache, or Caddy. Ubuntu is used in this talk.
About the Presenter
Mason Egger is currently a Developer Advocate at DigitalOcean, specializing in cloud infrastructure, distributed systems, and Python. Prior to his work at DigitalOcean, he was an SRE (Site Reliability Engineer), helping build and maintain a highly available hybrid multi-cloud PaaS. He is an avid programmer, speaker, educator, and writer/blogger. He is a maintainer of the DigitalOcean Terraform provider and contributes to random open source projects here and there. In his spare time, he enjoys reading, camping, kayaking, and exploring new places.
When you first start using a fresh Linux server, adding and removing users is often one of first things you’ll need to do. In this guide, we will cover how to create user accounts, assign sudo privileges, and delete users on a CentOS 8 server.
This tutorial assumes you are logged into a CentOS 8 server with a non-rootsudo-enabled user. If you are logged in as root instead, you can drop the sudo portion of all the following commands, but they will work either way.
Throughout this tutorial we will be working with the user sammy. Please susbtitute with the username of your choice.
You can add a new user by typing:
Next, you’ll need to give your user a password so that they can log in. To do so, use the passwd command:
You will be prompted to type in the password twice to confirm it. Now your new user is set up and ready for use!
Note: if your SSH server disallows password-based authentication, you will not yet be able to connect with your new username. Details on setting up key-based SSH authentication for the new user can be found in step 5 of Initial Server Setup with CentOS 8.
Granting Sudo Privileges to a User
If your new user should have the ability to execute commands with root (administrative) privileges, you will need to give them access to sudo.
We can do this by adding the user to the wheel group (which gives sudo access to all of its members by default).
Use the usermod command to add your user to the wheel group:
sudo usermod -aG wheel sammy wheel
Now your new user is able to execute commands with administrative privileges. To do so, append sudo ahead of the command that you want to execute as an administrator:
You will be prompted to enter the password of the your user account (not the root password). Once the correct password has been submitted, the command you entered will be executed with root privileges.
Managing Users with Sudo Privileges
While you can add and remove users from a group with usermod, the command doesn’t have a way to show which users are members of a group.
To see which users are part of the wheel group (and thus have sudo privileges), you can use the lid command. lid is normally used to show which groups a user belongs to, but with the -g flag, you can reverse it and show which users belong in a group:
The output will show you the usernames and UIDs that are associated with the group. This is a good way of confirming that your previous commands were successful, and that the user has the privileges that they need.
If you have a user account that you no longer need, it’s best to delete it.
To delete the user without deleting any of their files, use the userdel command:
If you want to delete the user’s home directory along with their account, add the -r flag to userdel:
With either command, the user will automatically be removed from any groups that they were added to, including the wheel group if applicable. If you later add another user with the same name, they will have to be added to the wheel group again to gain sudo access.
You should now have a good grasp on how to add and remove users from your CentOS 8 server. Effective user management will allow you to separate users and give them only the access that is needed for them to do their job.
You can now move on to configuring your CentOS 8 server for whatever software you need, such as a LAMP or LEMP web stack.
Use promo code DOCS10 for $10 credit on a new account.
Linode’s Classic Manager will be retired on January 31, 2020. At that time, all users will be migrated to the new Cloud Manager when logging in to manage your infrastructure on Linode.
There have been substantial updates to Cloud Manager since it was introduced back in 2014. Cloud Manager has many new features, including an updated look-and-feel, modern user-interface, mobile support, and easy access to our recently released products. It’s also implemented solely atop our public APIv4.
Development work for Cloud Manager will continue beyond January 31, 2020. As always, your feedback for Cloud Manager or any other aspect of our platform is welcome at [email protected]
We will continue to support APIv3 and the APIv3-based CLI beyond January 31, 2020.
In this Guide
If you are a Classic Manager user, this guide will provide an overview of the features and services available in Linode’s Cloud Manager. Some of the topics that will be discussed are:
An introduction to each section of the Cloud Manager, including links to related guides throughout our documentation library.
Specific features that you may need help finding due to differences in location between Classic Manager and Cloud Manager
Settings that might make your overall Cloud Manager experience better
The Linodes section of Cloud Manager allows you to create and manage your Linodes. Each Linode instance in Cloud Manager includes:
Summary information about your Linode, like CPU usage, IPv4 and IPv6 traffic, and Disk IO
Access to any of your Linode’s attached Volumes and the ability to create a Volume
Networking information and features, including the ability to add IPv4 and IPv6 addresses, IP transfer and IP sharing
The ability to resize your Linode, boot your Linode into Rescue Mode, and rebuild your Linode
Access to Linode’s Backup service
An Activity Feed that displays any relevant events related to this Linode
Settings that allow you to update your Linode’s label, reset your Linode’s root password, manage system usage email notifications, manage Watchdog (Linode’s automatic reboot feature), and delete your Linode
An area to manage and create disks and configuration profiles
Cross data center migrations
Find Your Disks
In Classic Manager, Disks were located in the Linode Dashboard tab. In the Cloud Manager, Disks are now in the Disks/Configs tab of the Linode.
Click the Linodes link in the sidebar menu and select the Linode whose disks you’d like to see.
Then click the Disks/Configs tab. The disks are located in the Disks panel. Here you can add a disk, or for each individual disk, you can click the more options ellipses to get a drop down menu which will allow you to choose options such as Rename, Resize, Imagize, Clone, and Delete.
Reboot Your Linode
You can reboot a Linode from two places within the Cloud manager.
From your Linodes listing page, click the More Options Ellipses and select Reboot.
If you have more than one Configuration Profile, a panel will appear to allow you to select which Configuration to boot. Select a Config and click the Submit button. Otherwise, a confirmation dialog will appear.
You can also reboot your Linode from within any Linode detail screen by clicking on the Status Icon. A drop down menu will appear, select Reboot.
Again, if you have more than one Configuration Profile, a panel will appear to allow you to select which Configuration to boot. Select a Config and click the Submit button. Otherwise, a confirmation dialog will appear.
Delete a Public IP Address
You can delete public IP addresses in both Classic and Cloud managers. In Classic Manager, this was done under the Remote Access tab from the Linode you wished to modify. In Cloud Manager it is done in the Networking tab.
Click Linodes from the sidebar menu.
Choose the Linode you wish to modify to enter the Linode detail screen. Then, click on the Networking tab. Your IPv4 and IPv6 addresses will be listed here.
Next to the public IPv4 address you wish to delete, click on the more options ellipses. Select the option to Delete IP from the drop down menu.
A confirmation popup will appear where you can confirm the operation.
You must have at least one public IP on a Linode. If you attempt to delete the last public IP on a Linode you will receive an error message after you confirm the deletion.
The Volumes section of Cloud Manager gives you access to Linode’s Block Storage service. To learn how to create, and manage Block Storage volumes using Cloud Manager, see our How to Use Block Storage with Your Linode guide.
In Classic Manager, Volumes were found within a Linode’s Dashboard tab. In Cloud Manager, Volumes are their own top-level menu item in the sidebar.
The Object Storage section of Cloud Manager gives you access to Linode’s Object Storage service which is a globally-available, S3-compatible method for storing and accessing data. The Object Storage service is not available in Classic Manager.
To learn how to begin using Object Storage, view our How to Use Linode Object Storage guide. To access all available Object Storage guides, see the Object Storage section of our documentation site.
Linode’s NodeBalancers service provides load balancing for your applications and services ensuring that they are highly available for users. To learn how to get started with NodeBalancers using Cloud Manager, see our Getting Started with NodeBalancers guide.
Domains (DNS Manager)
The DNS Manager allows you to control and manage your domains. In Cloud Manager, the DNS Manager is located in the Domains link in the sidebar.
For more information on Cloud Manager’s DNS Manager, see the following guides:
Cloud Manager does not include the Check Zone and Zone File features, since it automatically ensures that your Domain’s zone file does not contain any errors:
When creating a Zone File for a Domain, the Linode API v4 checks for any errors that may exist. If an error is found, the Cloud Manager will respond with the corresponding error. This means that the Cloud Manager will not allow you to create an invalid zone file.
Once your Domain and corresponding Zone File is created, you can use the dig command to further verify that each domain record contains the information you expect, for example:
dig example.com MX
See the Use dig to Perform Manual DNS Queries guide for more details on the dig command.
The Longview section of Cloud Manager gives you access to Linode’s system data graphing service. It tracks metrics for CPU, memory, and network bandwidth, both aggregate and per-process, and it provides real-time graphs that can help expose performance problems. The Longview service offers both free and paid plan tiers.
Longview is still being actively developed to reach parity with Classic Manager. To get started using Longview in Cloud Manager, see the Understanding Linode Longview guide.
The One-Click Apps section of Cloud Manager gives you access to apps that make it easy to deploy and configure software on a Linode. Some popular One-Click Apps are WordPress, Minecraft, and GitLab. We are actively adding new and useful One-Click apps. When a One-Click App is deployed, a new Linode is created and the appropriate software is installed with the configurations you provide. One-Click Apps are not available in Classic Manager.
See How to Use Linode’s One-Click Apps to get started using One-Click Apps in Cloud Manager.
The Kubernetes section of Cloud Manager gives you access to our managed Kubernetes service, the Linode Kubernetes Engine (LKE). LKE is a fully-managed container orchestration engine for deploying and managing containerized applications and workloads. LKE combines Linode’s ease of use and simple pricing with the infrastructure efficiency of Kubernetes. LKE is not available in Classic Manager.
To get started using LKE, see our Tutorial for Deploying and Managing a Cluster with Linode Kubernetes Engine.
StackScripts provide Linode users with the ability to automate the deployment of custom systems on top of our default Linux distribution images. StackScripts are usually Bash scripts, stored in the Linode Cloud Manager, and can be accessed when you deploy a Linode. Linodes deployed with a StackScript run the script as part of the first boot process.
To get started using StackScripts in Cloud Manager, see the Automate Deployment with StackScripts guide.
In Classic Manager, access to StackScripts was found under the Linodes tab. In Cloud Manager, StackScripts are their own top-level menu item in the sidebar.
The Images section of Cloud Manager gives you access to Linode Images which allow you to take snapshots of your disks, and then deploy them to any Linode under your account. This can be useful for bootstrapping a master image for a large deployment, or retaining a disk for a configuration that you may not need running, but wish to return to in the future.
To get started using Images with Cloud Manager, see Linode Images.
In Classic Manager, access to image management was found in the Linodes tab. In Cloud Manager, Images are their own top-level menu item in the sidebar.
Account (Management and Billing)
The Account section of Cloud Manager allows you to manage your account’s billing information and users, and to configure various account-wide settings.
You can manage the following account and billing settings in the Account section of Cloud Manager:
Find Credit Remaining
In the Cloud Manager, to find the amount of available credit that you have:
Click on the Account link from the sidebar menu.
On the right hand side of the screen you’ll see the Billing Information section. If you have credit stored on your account, it’ll appear in green under the Current Balance field.
Printing an Invoice
In Cloud Manager you can download a printable PDF of your invoice from your list of invoices or from within an individual invoice.
Navigate to your Account by clicking on Account in the sidebar.
Click on the Recent Invoices menu item in the Billing section. This will expand to show you a list of your recent invoices. Each invoice has a Download PDF link next to it.
You can also click on any invoice to view it within the Cloud Manager. At the top of the invoice there is a Download PDF button.
Import Display Groups
If you have used the Display Groups feature in the Classic Manager, you can import your Display Groups to the Cloud Manager as tags:
Navigate to the Account page in the sidebar links menu, then click on the Settings tab.
Expand the panel labeled Import Display Groups as Tags and then click Import Display Groups:
A form will appear that lists your Display Groups and asks you to confirm the import action. To proceed, click the Import Display Groups Now button in this form.
Importing your Display Groups is a one-time operation. If you don’t have any Display Groups configured in the Classic Manager this feature will not appear in the Cloud Manager.
The Cloud Manager does not support forcing password expirations. Forcing password resets on a schedule is bad practice from a security perspective. Current security research indicates that forced password changes do more harm than good. If you want to force password resets for users of your Linode account, we recommend using a password manager for this purpose.
The My Profile section of Cloud Manager provides access to various settings related to your Linode account’s profile. This area of Cloud Manager contains access to the following features and settings:
API Keys / API Tokens
API Keys from Classic Manager do not transfer. This means that if you have keys generated in Classic, you will not see them in Cloud Manager. In Cloud Manager, API Keys are called API Tokens (personal access tokens) and can be used for a variety of different uses.
To generate a new personal access token, navigate to your profile by clicking on your username and select My Profile from the drop down menu. Then click on the API Tokens tab.
Click Add a Personal Access Token. A panel will display allowing you to give this token a label and choose the access rights you want users authenticated with the new token to have.
When you have finished, click Submit to generate a new Personal Access Token. Copy the token and save it to a secure location before closing the popup. You will not be able to view this token through the Cloud Manager after closing the popup.
Manage Email Event Notifications
Email event notifications alert you when new events such as booting, shutting down, or updates to a Linode occur on your account. You can enable or disable email event notifications using the Cloud Manager.
In Classic Manager email events notifications were managed in the Notifications tab under my profile. In Cloud Manager this is done in the Settings tab from My Profile.
User Interface Enhancements
Compact Mode and Dark Mode
Cloud Manager by default uses more whitespace on the screen. However, there is a Compact Mode which compresses this extra space and allows more information to be displayed on the screen. This setting is located at the bottom left hand corner of the screen when the gear icon is clicked. This is also where you can toggle on Dark Mode.
The Linode Cloud Manager has been built with accessibility in mind. Currently, the Cloud Manager is actively being developed to achieve WCAG 2.0 Level AA.
We have received a lot of helpful feedback from our users regarding accessibility. While we have addressed a lot of your feedback, this is still a work in progress and will be iterated upon with time. Please contact [email protected] with any comments or requests regarding accessibility.
See the following guides for more features of Cloud Manager:
If you still need help finding features in or using Cloud Manager, please contact Linode Support.
This guide is published under a CC BY-ND 4.0 license.