π Introduction
Setting up a VPS for production is essential for deploying applications efficiently and securely. This guide provides a detailed, step-by-step process to configure your VPS, ensuring optimal performance and security.
π Choose the Right VPS Provider
Selecting a reliable VPS provider is crucial. Consider factors such as available resources (CPU, RAM, storage, bandwidth), scalability, customer support, and pricing.
For this guide, Iβll be using OVH as the VPS provider. You can choose any provider that suits your requirements.
Here are my recommendations for VPS providers:
π VPS Setup
π Connect to Your VPS
Once your VPS is set up, connect to it using SSH with your favorite SSH client. Iβll be using Windows Terminal.
ssh root@your-vps-ipYour provider may create a default user for you, so you might need to use that instead of root.
Once you are connected, use: sudo su to switch to the root user if your default user is not root.
π Change Root Password
Itβs crucial to change the root password to a strong, unique password. Run the following command:
passwdπ Update the System
Before installing any software, update the system to ensure you have the latest security patches and software updates. Run the following commands:
sudo apt update && apt upgrade -y && apt full-upgrade -yπ¦ Install Essential Packages
Install essential packages that are recommended for any VPS server:
sudo apt install build-essential lsb-release software-properties-common apt-transport-https ca-certificates curl wget git zip nanoπ§ Install Linux Headers
Linux headers are necessary for building certain software packages. Install them with:
sudo apt-get install linux-headers-$(uname -r)π€ User Management
π₯ Create a New User
For security reasons, avoid using the root user for everyday tasks. Create a new user with sudo privileges:
adduser username
usermod -aG sudo usernameπ Configure Sudo
To run sudo commands without entering a password, edit the sudoers file:
sudo visudoAdd the following line just before @includedir /etc/sudoers.d:
username ALL=(ALL) NOPASSWD: ALLLog out and log back in with the new user:
exit
ssh username@your-vps-ipπ Secure Your VPS
π Setup SSH Keys
Using SSH keys for authentication enhances security. No more need to enter passwords every time you connect to your VPS. Generate an SSH key pair on your local machine:
ssh-keygen -t ed25519Set up your SSH keys on your VPS:
mkdir ~/.ssh
chmod 700 ~/.sshEdit the authorized_keys file and paste your public key:
nano ~/.ssh/authorized_keysSet the correct permissions:
chmod 600 ~/.ssh/authorized_keysYou can now connect to your VPS using your SSH keys instead of your password:
ssh username@your-vps-ipπ Harden SSH Configuration
Hardening the SSH configuration is essential to prevent unauthorized access. Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_configChange to the following settings:
Port 2222
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 3
MaxSessions 2
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
UsePAM noRestart the SSH service:
sudo /etc/init.d/ssh restartIf you changed the SSH port, make sure to add -p 2222 to the SSH command when connecting to your VPS since by default the SSH command will use port 22 by default.
π₯ Configure Firewall
To secure your VPS, configure a firewall using UFW, allowing you to control network traffic and protect your server from unauthorized access.
sudo apt install ufwSet default policies:
sudo ufw default deny incoming
sudo ufw default allow outgoingAllow SSH:
sudo ufw allow 2222/tcpEnable UFW:
sudo ufw enableπ‘οΈ Setup Fail2ban
Fail2ban protects your server from brute-force attacks. Install and configure Fail2ban:
sudo apt install fail2banCreate a new configuration file:
sudo nano /etc/fail2ban/jail.localAdd the following content and edit according to your needs:
[DEFAULT]
ignoreip = 127.0.0.1/8 # Add your home IP address here
bantime = 2d
findtime = 1d
maxretry = 3
backend = auto
usedns = warn
[sshd]
enabled = true
port = 2222
backend = systemd
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
banaction = ufwRestart Fail2ban:
sudo systemctl restart fail2banCheck if Fail2ban is running:
/etc/init.d/fail2ban statusπ Domain Name Setup
π Setting Up Domain
If you donβt have/need a domain name, you can skip these steps.
To set up a domain name, point your domain to your VPS IP address by adding an A record in your domain registrarβs DNS settings.
Assume you want your server accessible at server.yourdomain.com. Add the following A record:
You can change server to any subdomain you prefer.
server in A your-vps-ipDNS propagation can take up to 24 hours. Use DNS Checker to check the propagation status.
π·οΈ Setting Up Hostname
Edit the hostname file:
sudo nano /etc/hostnameReplace the content with your desired hostname:
serverEdit the hosts file:
sudo nano /etc/hostsAdd the following line at the end of the file:
127.0.1.1 server.yourdomain.com serverRestart your VPS:
sudo rebootNow, your VPS should be accessible at server.yourdomain.com, and you can connect with ssh username@server.yourdomain.com.
π Conclusion
Congratulations! You have successfully set up your VPS for production. Your VPS is now secure, optimized, and ready for deploying applications and websites. If you will use Docker, check out my guide Installing Docker Stack.
π ΚΙͺα΄ ΙͺΙ΄Ι’ ΙͺΙ΄ α΄ α΄ ΙͺΚα΄α΄α΄Κ α΄‘α΄ΚΚα΄ .