1) Atualizações e pacotes base
sudo apt update && sudo apt upgrade -y
sudo apt install git curl unzip ufw fail2ban ca-certificates gnupg -yConfiguração da VPS
Hardening básico, Docker/Compose e subida do stack (n8n + Evolution + PostgreSQL).
Nota: usuários, senhas, tokens e chaves desta página são exemplos fictícios para documentação.
2) Criar usuário e chave SSH
sudo adduser sdr
sudo usermod -aG sudo sdr
sudo mkdir -p /home/sdr/.ssh
sudo chmod 700 /home/sdr/.ssh
sudo nano /home/sdr/.ssh/authorized_keys
sudo chmod 600 /home/sdr/.ssh/authorized_keys
sudo chown -R sdr:sdr /home/sdr/.sshEntre com o novo usuário antes de desabilitar login por senha ou root.
3) Hardening SSH (sshd_config)
sudo nano /etc/ssh/sshd_configPermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
AllowUsers sdr
ClientAliveInterval 300
ClientAliveCountMax 2sudo systemctl reload sshd4) Firewall (UFW)
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow OpenSSH
sudo ufw allow 5678/tcp # n8n
sudo ufw allow 8080/tcp # Evolution API
sudo ufw enable
sudo ufw status verboseExponha o PostgreSQL apenas se precisar acesso remoto; no Docker ele pode ficar interno.
5) Fail2Ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local[sshd]
enabled = true
maxretry = 5
bantime = 1h
findtime = 10msudo systemctl enable fail2ban --now
sudo fail2ban-client status sshd6) Docker Engine e Compose
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USERdocker --version
docker compose version7) Estrutura de pastas
sudo mkdir -p /opt/sdr/{data/postgres,data/n8n,logs,backups}
sudo chown -R $USER:$USER /opt/sdr8) Arquivo .env
cd /opt/sdr
nano .envPOSTGRES_USER=sdr_user
POSTGRES_PASSWORD=sdr_password
POSTGRES_DB=sdr_virtual
N8N_ENCRYPTION_KEY=chave_segura_aqui
N8N_HOST=seu_dominio_ou_ip
N8N_PROTOCOL=https
WEBHOOK_URL=https://seu_dominio_ou_ip/
EVOLUTION_API_KEY=chave_evolution_aqui
9) docker-compose.yml (stack completo)
cd /opt/sdr
nano docker-compose.ymlservices:
postgres:
image: postgres:15
container_name: sdr-postgres
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
volumes:
- ./data/postgres:/var/lib/postgresql/data
restart: unless-stopped
n8n:
image: n8nio/n8n:latest
container_name: sdr-n8n
environment:
N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY}
DB_TYPE: postgresdb
DB_POSTGRESDB_HOST: postgres
DB_POSTGRESDB_PORT: 5432
DB_POSTGRESDB_DATABASE: ${POSTGRES_DB}
DB_POSTGRESDB_USER: ${POSTGRES_USER}
DB_POSTGRESDB_PASSWORD: ${POSTGRES_PASSWORD}
N8N_HOST: ${N8N_HOST}
N8N_PROTOCOL: ${N8N_PROTOCOL}
WEBHOOK_URL: ${WEBHOOK_URL}
ports:
- "5678:5678"
volumes:
- ./data/n8n:/home/node/.n8n
depends_on:
- postgres
restart: unless-stopped
evolution:
image: evolutionapi/evolution-api:latest
container_name: sdr-evolution
environment:
EVOLUTION_API_KEY: ${EVOLUTION_API_KEY}
ports:
- "8080:8080"
restart: unless-stoppedConfirme o nome da imagem e variáveis da Evolution API no repositório oficial.
10) Subir e validar os serviços
cd /opt/sdr
docker compose up -d
docker compose ps
docker compose logs -f n8n