How to setup a Virtual Private Server?

How to setup a Virtual Private Server?
Virtual Private Server is a slice of a physical computer, typically hosted in a data center

Before we understand how to setup a Virtual Private Server (VPS), let us understand what a VPS is in the first place.

What is a VPS?

Let's imagine an extremely powerful physical computer hosted in a datacenter with 128 GB RAM, 100 TB SSD storage, with 64 cores (pretty powerful, isn't it?). Now, you as a consumer would like to rent a small piece out of it to host your websites and python applications, you "rent" a server virtually (you don't rent the physical computer, you just rent a slice of it from your home) that is private for you (you get dedicated RAM, storage, and CPU cores). Therefore, this becomes a Virtual Private Server for you.

How to set it up?

In this article, let us look at a minimalistic way to setup a VPS. This is mostly offered as a must-do, must-happen checklist rather than an exhaustive guide covering various use-cases and scenarios.

This guide assumes that you already have your VPS access ready.

Step 1 - Connect to the VPS

Connecting to the VPS requires you to have the IP address, and the VPS password. Typically, the IP address and your VPS password would be in your welcome email right after you pay for your VPS. Assuming you have that ready, let's connect to the VPS using Secure Shell (SSH) access:

ssh root@<vps-ip> 

Enter your root password and voila! You're not connected to the VPS.

Step 2 - Update and upgrade your VPS

Update and upgrade packages. Let us understand each of the commands entered here:

apt update

apt update simply refreshes package list from the configured repositories; it does not install anything

apt upgrade

apt upgrade on the other hand installs newer versions of the already-installed packages, only when it can do so without removing packages.

apt full-upgrade

apt full-upgrade is more aggressive in the sense of upgrading packages even if that requires installing new dependencies or removing conflicting packages.

Together, we can execute both apt update and upgrade in the following way:

sudo apt update && sudo apt full-upgrade -y

Step 3 - Create new user

sudo adduser <username> allows creating a user. This is important because we are about to disable root access to our VPS.

We can elevate the new user to become a sudo user by doing:

sudo usermod -aG sudo <username>

Step 4 - Disable root login

It is never a good idea to leave root login access on your VPS. This can be disabled by editing the sshd_config file in:

nano etc/ssh/sshd_config

Look for the line `PermitRootLogin` and change it to:

PermitRootLogin no

Save and exit the file, and restart SSH.

sudo systemctl restart sshd
💡
At this point, do not exit your VPS as you've disabled root access. Wait until you setup SSH access for your new user

Step 5 - Configure your firewall

Let's setup our firewall to only allow very specific types of network traffic. For now, we'll stick to allowing only web and SSH access.

Allow SSH

ufw allow OpenSSH

Allow standard web traffic

ufw allow 80
ufw allow 443

Port 80 is typically HTTP traffic (insecure, plain-text) and 443 is HTTPS traffic (secure).

Enable the firewall

ufw enable

Step 6 - Install Fail2Ban

Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easily configured to read any log file of your choosing, for any error you wish.

apt install fail2ban -y

At this point, we have the basic VPS setup with minimal security. You might want to do more than this depending on your use-case but this is absolute minimum that you MUST do.

Thank you for reading this post! Happy to help with any troubleshooting or challenges you encounter along the way.

A little bit about me: I like writing about general computer science, software, web, machine learning, and python. These topics fascinate me the most.