Jianghu Panel - Security Basics

12006

1. Server Security Management

Network security is a fundamental issue that any website needs to pay attention to. Proper server security management plays a key role in protecting sensitive data, maintaining system stability, and preventing cyber attacks.

Server security management typically involves multiple layers of security measures. In this course, the main aspects include the following:

Network Level: Control access through firewall rules on the cloud service provider's cluster, ensuring that only authorized traffic can pass through specific ports (such as ports 80, 443, 22, etc.).
Host Level: Ensure that the server's security configuration allows legitimate requests through specific ports.
Application Level: Implement security controls at the application level, such as websites and databases, for example, by setting specific user permissions and password protection to ensure that only authorized users can access the corresponding applications and data.

2. Jianghu Panel - Security

At the host level, the Jianghu Panel provides server security management functions. You can manage server security in the "Security" interface on the left side of the panel.

![Jianghu Panel Security Page.png](/doc/doc/upload/articleMaterial/12602/Jianghu Panel Security Page.png)

In the security interface of the Jianghu Panel, you can view the open ports and also open or close specified ports. The following ports are typically open on the server:

Port 80: Used for HTTP protocol
Port 443: Used for HTTPS protocol
Port 22: Used for SSH remote management service
Port 3306 or 33067: Used for MySQL database connections
Port 10744: Used for logging into the Jianghu Panel

Note: To further enhance server security, we usually change the SSH remote management service port from 22 to 10022. This step can be performed in the Jianghu Panel.

3. Jianghu Panel - Website SSL Certificate Configuration, Renewal, and Closure

At the application level, a common security measure is to configure SSL certificates for websites, allowing users to access the site via HTTPS protocol.

SSL (Secure Sockets Layer) is a communication protocol that protects the security of data transmission. Through the SSL protocol, data is encrypted during transmission, preventing it from being eavesdropped, tampered with, or impersonated.

SSL Certificate is an electronic certificate issued by a trusted certification authority to verify the identity of a website accessed over the Internet, certifying the ownership and security of the site. The certificate contains various information, including the issuing authority, the certificate holder's information, and the certificate's validity period. The main purpose of an SSL certificate is to provide security authentication and secure transmission for the website.

The main functions and reasons for using SSL certificates include:

Data Encryption: SSL certificates can encrypt data, protecting sensitive information from being leaked during transmission.
Security Verification: SSL certificates can perform identity verification, ensuring the authenticity of both parties in communication.
Trust Establishment: SSL certificates can establish a trusted communication link, increasing user trust and enhancing website security.
Compliance Requirements: According to national and industry regulations, certain websites must use SSL certificates to meet compliance requirements, such as some financial institutions and e-commerce sites.
SEO Optimization: Google, as the largest search engine, announced that it would give weight to HTTPS sites, so websites that adopt SSL certificates will rank higher in search engines, benefiting SEO optimization.
Compatibility: SSL certificates can support various mainstream browsers, allowing users to enjoy the best browsing experience.

Applying for an SSL Certificate:

Choose Certificate Type: Understand the different types of certificates and select one suitable for your website.
Choose Brand: Select a trusted certificate brand, such as Symantec, GeoTrust, Comodo, Let's Encrypt, etc.
Generate CSR: Generate a Certificate Signing Request (CSR) file on the host or server.
Submit CSR: Use the online application page of the certificate brand to submit the generated CSR file.
Domain Verification: The certificate brand will send an email to the website owner or verify domain ownership through WHOIS information.
Download Certificate: After verifying domain ownership, the certificate authority will send a signed SSL certificate file to the website owner, which needs to be downloaded and saved.
Install Certificate: Use the instructions provided by the certificate brand to install the SSL certificate file on the host or server.
Configure Server: Perform the corresponding SSL configuration operations based on the type of server used by the website.
Test: After installing and configuring the SSL certificate, test whether the SSL environment is functioning properly.
Update Certificate: SSL certificates need to be renewed after expiration, usually requiring a new SSL certificate application.

Configuring SSL Certificates for Websites on the Jianghu Panel:

The steps to configure SSL certificates on the Jianghu Panel are as follows:

Log in to the Jianghu Panel, select the website list, choose the website that needs SSL certificate configuration, and click SSL -> Let's Encrypt.
On the SSL certificate management page, fill in the SSL parameters: select the domain name to be bound, set the email address, choose options for automatic renewal, etc.
Click Apply and wait for the certificate application to complete; the Jianghu Panel will automatically bind the SSL certificate to the website.
After the certificate binding is complete, return to the website list to check whether the SSL certificate has been successfully bound.
Enter the website domain name or IP address in the browser to check whether the SSL certificate has taken effect; if the SSL/TLS icon appears, it indicates that the SSL certificate is valid.
If the automatic renewal function is set, the SSL certificate will be automatically renewed after a certain period. If not set, the certificate needs to be manually renewed before expiration.

Note: The above steps are for using the Jianghu Panel; if using other panels or configuring the server manually, corresponding steps will need to be followed.

Assignments

Change the SSH remote management service port of the server to 10022
Attempt to apply for a free SSL certificate
Create a new site and configure SSL for the website

## 1. Server Security Management

Network security is a fundamental issue that any website needs to pay attention to. Proper server security management plays a key role in protecting sensitive data, maintaining system stability, and preventing cyber attacks.

Server security management typically involves multiple layers of security measures. In this course, the main aspects include the following:

- Network Level: Control access through firewall rules on the cloud service provider's cluster, ensuring that only authorized traffic can pass through specific ports (such as ports 80, 443, 22, etc.).  
- Host Level: Ensure that the server's security configuration allows legitimate requests through specific ports.  
- Application Level: Implement security controls at the application level, such as websites and databases, for example, by setting specific user permissions and password protection to ensure that only authorized users can access the corresponding applications and data.

## 2. Jianghu Panel - Security

At the host level, the Jianghu Panel provides server security management functions. You can manage server security in the "Security" interface on the left side of the panel.

![Jianghu Panel Security Page.png](/__appId__/__appId__/upload/articleMaterial/12602/Jianghu Panel Security Page.png)

In the security interface of the Jianghu Panel, you can view the open ports and also open or close specified ports. The following ports are typically open on the server:

- Port 80: Used for HTTP protocol  
- Port 443: Used for HTTPS protocol  
- Port 22: Used for SSH remote management service  
- Port 3306 or 33067: Used for MySQL database connections  
- Port 10744: Used for logging into the Jianghu Panel

**Note:** To further enhance server security, we usually change the SSH remote management service port from 22 to 10022. This step can be performed in the Jianghu Panel.

## 3. Jianghu Panel - Website SSL Certificate Configuration, Renewal, and Closure

At the application level, a common security measure is to configure SSL certificates for websites, allowing users to access the site via HTTPS protocol.

**SSL (Secure Sockets Layer)** is a communication protocol that protects the security of data transmission. Through the SSL protocol, data is encrypted during transmission, preventing it from being eavesdropped, tampered with, or impersonated.

**SSL Certificate** is an electronic certificate issued by a trusted certification authority to verify the identity of a website accessed over the Internet, certifying the ownership and security of the site. The certificate contains various information, including the issuing authority, the certificate holder's information, and the certificate's validity period. The main purpose of an SSL certificate is to provide security authentication and secure transmission for the website.

The main functions and reasons for using SSL certificates include:

1. Data Encryption: SSL certificates can encrypt data, protecting sensitive information from being leaked during transmission.  
2. Security Verification: SSL certificates can perform identity verification, ensuring the authenticity of both parties in communication.  
3. Trust Establishment: SSL certificates can establish a trusted communication link, increasing user trust and enhancing website security.  
4. Compliance Requirements: According to national and industry regulations, certain websites must use SSL certificates to meet compliance requirements, such as some financial institutions and e-commerce sites.  
5. SEO Optimization: Google, as the largest search engine, announced that it would give weight to HTTPS sites, so websites that adopt SSL certificates will rank higher in search engines, benefiting SEO optimization.  
6. Compatibility: SSL certificates can support various mainstream browsers, allowing users to enjoy the best browsing experience.

**Applying for an SSL Certificate:**

1. Choose Certificate Type: Understand the different types of certificates and select one suitable for your website.  
2. Choose Brand: Select a trusted certificate brand, such as Symantec, GeoTrust, Comodo, Let's Encrypt, etc.  
3. Generate CSR: Generate a Certificate Signing Request (CSR) file on the host or server.  
4. Submit CSR: Use the online application page of the certificate brand to submit the generated CSR file.  
5. Domain Verification: The certificate brand will send an email to the website owner or verify domain ownership through WHOIS information.  
6. Download Certificate: After verifying domain ownership, the certificate authority will send a signed SSL certificate file to the website owner, which needs to be downloaded and saved.  
7. Install Certificate: Use the instructions provided by the certificate brand to install the SSL certificate file on the host or server.  
8. Configure Server: Perform the corresponding SSL configuration operations based on the type of server used by the website.  
9. Test: After installing and configuring the SSL certificate, test whether the SSL environment is functioning properly.  
10. Update Certificate: SSL certificates need to be renewed after expiration, usually requiring a new SSL certificate application.

**Configuring SSL Certificates for Websites on the Jianghu Panel:**

The steps to configure SSL certificates on the Jianghu Panel are as follows:

1. Log in to the Jianghu Panel, select the website list, choose the website that needs SSL certificate configuration, and click SSL -> Let's Encrypt.  
2. On the SSL certificate management page, fill in the SSL parameters: select the domain name to be bound, set the email address, choose options for automatic renewal, etc.  
3. Click Apply and wait for the certificate application to complete; the Jianghu Panel will automatically bind the SSL certificate to the website.  
4. After the certificate binding is complete, return to the website list to check whether the SSL certificate has been successfully bound.  
5. Enter the website domain name or IP address in the browser to check whether the SSL certificate has taken effect; if the SSL/TLS icon appears, it indicates that the SSL certificate is valid.  
6. If the automatic renewal function is set, the SSL certificate will be automatically renewed after a certain period. If not set, the certificate needs to be manually renewed before expiration.

**Note:** The above steps are for using the Jianghu Panel; if using other panels or configuring the server manually, corresponding steps will need to be followed.

## Assignments  
- Change the SSH remote management service port of the server to 10022  
- Attempt to apply for a free SSL certificate  
- Create a new site and configure SSL for the website