What if we could also guarantee that any ssh requests had to also go through Cloudflare? In other words, what if we didn’t accept ssh requests to the server IP but could force those through Cloudflare as well? This post describes options for just that through Cloudflare’s `cloudflared` service.
If you use Cloudflare, this post walks you through how to limit traffic to only their IP addresses, forcing access to your server to be subjected to Cloudflare security features.
At this point, you’ve set up your Ubuntu server and added some initial security. There are three more things I like to do when setting up an Ubuntu server. Add a firewall with IP Tables, install fail2ban, and set up email alerts for anytime a user invokes sudo.
In this step we’ll create a new user, setup ssh, and configure it to not allow root user logins. There’s also a brief discussion of some of the sshd_config settings we used.
In this series of posts in the journey to set up LAMP server using Ubuntu 20.04 LTS, Apache 2.4, MySQL 8, and PHP 7.4.