1. Architecture
Domain deltasoftware.frl registered by Snel.com.
Domain delta-software.frl registered by Snel.com.
Domain deltasoftwarelabs.frl registered by Snel.com.
Domain delta-software-labs.frl registered by Snel.com.
Offline CA (Certificate Authority) server.
Offline CA server hostname: delta-ca-wsl
VPS (Virtual Private Server) hosted by Snel.com.
VPS hostname: delta-web-vps
-
Apache web server to host Delta Software Labs website.
-
Certbot installation for SSL certificate(s) for Delta Software Labs website.
-
Credential server to retrieve passwords and private/public keys from delta.kdbx password file.
-
Dropbox installation to sync delta.kdbx password file.
-
Firewall installation using ufw.
-
SSH server with key-based authentication.
-
Password authentication is disabled.
-
Port 22 is blocked.
-
Port 22222 is for regular login.
-
Port 22223 is for setting up a reverse SSH tunnel.
-
Ports 22000-22099 are used for reverse SSH tunnels.
-
Use host and user SSH certificates.
-
-
Use an offline CA (Certificate Authority) server.
-
Make sure that any private/public keys are backed up in delta.kdbx password file.
-
See https://medium.com/@martin.hodges/introduction-to-creating-a-ca-on-debian-11-094bde1c676a.
-
See https://arminreiter.com/2022/01/create-your-own-certificate-authority-ca-using-openssl.
-
2. Domain
deltasoftware.frl Registration Date: 2025/10/02 Expiry Date: 2026/10/02 ns1.snel.com 89.207.128.251 ns2.snel.com 89.207.130.251 ns3.snel.com 77.72.147.249
3. SMTP Relay
4. Reverse DNS
5. SSH
-
See https://www.snel.com/nl/support/leer-hoe-je-via-ssh-verbinding-kunt-maken-met-je-server.
-
Use PuTTY to log in at 185.62.58.28.
uname -aLinux delta-web-vps 6.12.74+deb13+1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.74-2 (2026-03-08) x86_64 GNU/Linux
6. VPS
https://my.snel.com Server name: s45256.hosted-by-snel.com Server name: delta-web-vps.deltasoftware.frl Username: client_29431_1 Passsord: AMkH3bF7RD IP: 185.62.58.28, 2a00:7b80:452:2000::28 Operating System: Debian 12 Disk Space: 50 GB Memory: 2 GB CPU(s): 1 Cores Network Interfaces This page lists all IP addresses that belong to you. When you use an IP address other than listed below your server will be suspended! Nameserver / Resolver 1: 89.207.128.252 / 2a00:7b80:476:ffff::1 Nameserver / Resolver 2: 89.207.130.252 / 2a00:7b80:478:ffff::1
7. VPS Configuration
-
Browse to https://my.snel.com.
-
Type
dhkiestra@protonmail.comin the Email Address field. -
Type the Snel.com password in the Password field.
-
Click Submit.
-
Select My Dashboard.
-
Select the Domains tab.
-
Select the right arrow icon.
-
Select More > DNS Management.
-
Click Add New Record | A | Add.
-
Type
delta-web-vpsin the Name field. -
Type
185.62.58.28in the Content field. -
Click Submit.
-
Select My Dashboard.
-
Select the Snel VPS tab.
-
Select the right arrow icon.
-
Select s45256.hosted-by-snel.com | Edit.
-
Type
delta-web-vps.deltasoftware.frlin the Server name field. -
Click Save.
-
Click Refresh.
8. User Password
-
Browse to https://my.snel.com.
-
Type
dhkiestra@protonmail.comin the Email Address field. -
Type the Snel.com password in the Password field.
-
Click Submit.
-
Select My Dashboard.
-
Select the Snel VPS tab.
-
Select the right arrow icon.
-
Select Rebuild.
-
Select Debian 12 for the Installed OS.
-
Type the Delta Level 2 password in the Password field.
-
Click Re-Install VPS.
-
Click OK to confirm.
-
Wait for the task to finish.
-
Note: It may take some additional time before the server allows you to log in.
9. Configuration.
-
Enter the following commands at a Command Line with root privileges.
apt-get update apt-get upgrade apt-get dist-upgrade apt-get autoremove apt-get autoclean cat /etc/debian_version # 13.4apt-get install git apt-get install openssh-server apt-get install rsyslog apt-get install sudo apt-get install ufw apt-get install vim # Optional. folder="/etc" && if [ ! -d "${folder}.org" ]; then command cp -a "${folder}" "${folder}.org"; fi mkdir -p /root/github cd /root/github git clone https://github.com/delta-software-labs/linux-toolbox.git cd linux-toolbox ./remove-symlinks ./create-symlinks config-bash config-cron config-date config-editor config-rsyslog config-sudo config-ufw config-vim git remote --verbose git-incoming git status -s git pull revert-bash revert-cron revert-date revert-editor revert-rsyslog revert-sudo revert-ufw revert-vim
-
Restart the computer.
10. Apache Configuration
-
Log in as delta@delta-web-vps.deltasoftware.frl.
-
Enter the following commands at a Command Line.
sudo apt-get install apache2 sudo mkdir -p /var/www/html/docs sudo mkdir -p /var/www/deltasoftware sudo ln --symbolic /var/www/html/docs/general/delta-portal.html /var/www/deltasoftware/index.html sudo ln --symbolic /var/www/html/docs /var/www/deltasoftware/docs cat /etc/apache2/sites-available/000-default-le-ssl.conf # Change DocumentRoot twice from "/var/www/html" into "/var/www/deltasoftware". # Append "ServerAlias www.deltasoftware.frl" after the "ServerName deltasoftware.frl" line. cat /etc/apache2/sites-available/000-default-le-ssl.conf sudo systemctl reload apache2 sudo systemctl status apache2 sudo ufw allow http sudo ufw allow https sudo ufw status verbose
11. SSL Certificate
-
Install and configure Apache.
-
Note: Make sure to have a DNS A record with name deltasoftware.frl and content 185.62.58.28.
-
Note: Make sure to have a DNS CNAME record with name www.deltasoftware.frl and content deltasoftware.frl.
-
Note: Make sure to have a firewall rule to allow incoming http (port 80) requests.
-
Note: Make sure to have a firewall rule to allow incoming https (port 443) requests.
-
See https://www.snel.com/support/lets-encrypt-on-debian-9-with-apache-webserver.
-
Log in as delta@delta-web-vps.deltasoftware.frl.
-
Enter the following commands at a Command Line.
sudo apt-get install certbot sudo apt-get install python3-certbot-apache sudo certbot --apache # Type "delta@deltasoftware.frl" for the email address and press Enter. # Type "Yes" to agree to the Terms of Service and press Enter. # Type "No" to skip sharing the email address with the Electronic Frontier Foundation and press Enter. # Type "deltasoftware.frl www.deltasoftware.frl" for the domain names and press Enter. sudo certbot certificates sudo apachectl configtest sudo systemctl reload apache2 sudo systemctl status apache2 sudo certbot renew --dry-run cat /etc/cron.d/certbotSuccessfully received certificate. Certificate is saved at: /etc/letsencrypt/live/www.deltasoftware.frl/fullchain.pem Key is saved at: /etc/letsencrypt/live/www.deltasoftware.frl/privkey.pem This certificate expires on 2026-02-20. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for www.deltasoftware.frl to /etc/apache2/sites-available/000-default-le-ssl.conf Congratulations! You have successfully enabled HTTPS on https://www.deltasoftware.frl - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --no-random-sleep-on-renew
12. Jump Host
-
See https://askubuntu.com/questions/50064/reverse-port-tunnelling.
-
See https://www.reddit.com/r/linux/comments/1ak27fb/how_to_forward_any_service_over_a_reverse_ssh.
-
Enter the following commands at a Command Line.
apt-get install openssh-server apt-get install ufw config-jumphost -
Restart the computer.
Show-RemoteComputers Stop-PowerShellWithReverseSshTunnel Start-PowerShellWithReverseSshTunnel
-
Enter the following commands at a Command Line.
ssh-copy-id delta@delta-web-vps.deltasoftware.frl ssh-copy-id root@delta-web-vps.deltasoftware.frl # Fails due to "PermitRootLogin prohibit-password" in /etc/ssh/sshd_config. # Instead copy the contents of the id_ed25519-auto.pub file manually to the /root/.ssh/authorized_keys file. # And do: chmod 600 /root/.ssh/authorized_keys sudo cat /home/delta/.ssh/authorized_keys sudo cat /root/.ssh/authorized_keys sudo systemctl restart ssh sudo systemctl restart ufwssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINtXBPrORya2hUrspLPaB/cjH0fgN59R8A2Ek1Fe1c0n smru@HOMENB-FRL01 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINtXBPrORya2hUrspLPaB/cjH0fgN59R8A2Ek1Fe1c0n smru@HOMENB-FRL01
-
Enter the following commands at a Command Line.
# Get ports of reverse SSH tunnels. sudo lsof -i4tcp | grep ^ssh.*:[2-3][2-3]0.*LISTEN
sshd 49898 delta 7u IPv4 868918 0t0 TCP *:22029 (LISTEN) sshd 49898 delta 10u IPv4 868922 0t0 TCP *:33029 (LISTEN) sshd 50699 delta 7u IPv4 882550 0t0 TCP *:22009 (LISTEN) sshd 50699 delta 10u IPv4 882554 0t0 TCP *:33009 (LISTEN) sshd 51052 delta 7u IPv4 888664 0t0 TCP *:22030 (LISTEN) sshd 51052 delta 10u IPv4 888668 0t0 TCP *:33030 (LISTEN) sshd 53431 delta 7u IPv4 929832 0t0 TCP *:22002 (LISTEN) sshd 53431 delta 10u IPv4 929836 0t0 TCP *:33002 (LISTEN)
-
Enter the following commands at a Command Prompt.
# Use password authentication. ssh.exe -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -p 22222 -R :22000:127.0.0.1:22 delta@delta-web-vps.deltasoftware.frl # Use SSH key authentication. ssh.exe -i C:\Users\Douwe\id_ed25519-auto -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 -p 22222 -R :22000:127.0.0.1:22 delta@delta-web-vps.deltasoftware.frl ssh.exe -i C:\Users\Douwe\id_ed25519-auto delta@delta-web-vps.deltasoftware.frl # Get ports of reverse SSH tunnels. ssh.exe -i C:\Users\Douwe\id_ed25519-auto -t delta@delta-web-vps.deltasoftware.frl "sudo lsof -i4tcp | grep ^ssh.*:[2-3][2-3]0.*LISTEN" # Get ports of reverse SSH tunnels. ssh.exe -i C:\Users\Douwe\id_ed25519-auto root@delta-web-vps.deltasoftware.frl "lsof -i4tcp | grep ^ssh.*:[2-3][2-3]0.*LISTEN" -
Note: Make sure the default shell of OpenSSH server on the remote computer is set to the default Command Prompt.
reg.exe query HKLM\SOFTWARE\OpenSSH /v DefaultShell reg.exe delete HKLM\SOFTWARE\OpenSSH /v DefaultShell /f
DefaultShell REG_SZ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe The operation completed successfully.
13. Latest
Fingerprint: SHA256:qktqfWSvHmCW4bzn3tJjEQu21ssK3wyz0Aq3moAtLoc 2026-04-04 SHA256:qktqfWSvHmCW4bzn3tJjEQu21ssK3wyz0Aq3moAtLoc
delta-web-vps.deltasoftware.frl / 185.62.58.28 delta delta@delta-web-vps.deltasoftware.frl
Disabled port 22 on 2025-12-04 using:
sudo ufw delete allow 22/tcp sudo systemctl restart ufw
Can now only log in using port 22222. No, cannot log in with port 22 nor 22222. Because port 22222 is forwarded to port 22 which is now blocked. However, can still log in using the Console at Snel.com - My Panel. Instead should reconfigure ssh server to use port 22222 instead of port 22 in /etc/ssh/sshd_config. Also, disable password login and use public/private keys instead. And only allow SSH port 22222 access from known static IP addresses.
-
Note: Check /var/log/auth.log for failed login’s.
ln -s /var/www/html/docs/general/delta-portal.html general/index.html