How to setup a Virtual Private Server?
Before we understand how to setup a Virtual Private Server (VPS), let us understand what a VPS is in the first place.
What is a VPS?
Let's imagine an extremely powerful physical computer hosted in a datacenter with 128 GB RAM, 100 TB SSD storage, with 64 cores (pretty powerful, isn't it?). Now, you as a consumer would like to rent a small piece out of it to host your websites and python applications, you "rent" a server virtually (you don't rent the physical computer, you just rent a slice of it from your home) that is private for you (you get dedicated RAM, storage, and CPU cores). Therefore, this becomes a Virtual Private Server for you.
How to set it up?
In this article, let us look at a minimalistic way to setup a VPS. This is mostly offered as a must-do, must-happen checklist rather than an exhaustive guide covering various use-cases and scenarios.
This guide assumes that you already have your VPS access ready.
Step 1 - Connect to the VPS
Connecting to the VPS requires you to have the IP address, and the VPS password. Typically, the IP address and your VPS password would be in your welcome email right after you pay for your VPS. Assuming you have that ready, let's connect to the VPS using Secure Shell (SSH) access:
ssh root@<vps-ip> Enter your root password and voila! You're not connected to the VPS.
Step 2 - Update and upgrade your VPS
Update and upgrade packages. Let us understand each of the commands entered here:
apt updateapt update simply refreshes package list from the configured repositories; it does not install anything
apt upgradeapt upgrade on the other hand installs newer versions of the already-installed packages, only when it can do so without removing packages.
apt full-upgradeapt full-upgrade is more aggressive in the sense of upgrading packages even if that requires installing new dependencies or removing conflicting packages.
Together, we can execute both apt update and upgrade in the following way:
sudo apt update && sudo apt full-upgrade -yStep 3 - Create new user
sudo adduser <username> allows creating a user. This is important because we are about to disable root access to our VPS.
We can elevate the new user to become a sudo user by doing:
sudo usermod -aG sudo <username>Step 4 - Disable root login
It is never a good idea to leave root login access on your VPS. This can be disabled by editing the sshd_config file in:
nano etc/ssh/sshd_configLook for the line `PermitRootLogin` and change it to:
PermitRootLogin noSave and exit the file, and restart SSH.
sudo systemctl restart sshdStep 5 - Configure your firewall
Let's setup our firewall to only allow very specific types of network traffic. For now, we'll stick to allowing only web and SSH access.
Allow SSH
ufw allow OpenSSHAllow standard web traffic
ufw allow 80
ufw allow 443Port 80 is typically HTTP traffic (insecure, plain-text) and 443 is HTTPS traffic (secure).
Enable the firewall
ufw enableStep 6 - Install Fail2Ban
Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easily configured to read any log file of your choosing, for any error you wish.
apt install fail2ban -yAt this point, we have the basic VPS setup with minimal security. You might want to do more than this depending on your use-case but this is absolute minimum that you MUST do.
Thank you for reading this post! Happy to help with any troubleshooting or challenges you encounter along the way.
A little bit about me: I like writing about general computer science, software, web, machine learning, and python. These topics fascinate me the most.