- 🔒 Secure SSH configuration
- 🐍 Python environment with deadsnakes PPA
- 🚀 Nginx with UI management
- 🐳 Docker and Docker Compose
- 🔑 SSL/TLS with Let's Encrypt
- 📊 MongoDB Atlas integration
- 💾 Swap and system optimization
- 🔄 Auto-renewal and maintenance scripts
- ⏰ Custom MOTD with system stats
- 📝 Memory monitoring and management
Perfect for developers setting up a new VPS or standardizing their server configuration. Includes detailed step-by-step instructions and best practices for security and performance.
- Follow sections in order
- Copy-paste commands as needed
- Modify configurations according to your needs
- Ubuntu Server (Latest LTS recommended)
- Root or sudo access
- Basic command line knowledge
- Nginx UI accessible at port 9000
- Python versions: 3.8 through 3.12
- UV package manager for faster Python package installation
- Optimized for both web hosting and development
- Initial System Setup
- Security Configurations
- System Optimizations
- Development Environment Setup
- Web Server Setup
- Database Setup
- Docker Setup
- SSL Configuration
- Monitoring and Maintenance
Context: This section focuses on the preliminary steps required to set up your VPS. It will cover creating a new user, setting up SSH for secure access, and updating the system to ensure all packages are up to date.
Explanation: Creating a new user with sudo privileges enhances security by avoiding direct usage of the root user.
# Create a new user called satya
sudo adduser satya
# Add user to the sudo group to grant administrative privileges
sudo usermod -aG sudo satya
# Switch to the new user
su - satyaExplanation: Setting up SSH keys allows for passwordless login, which is more secure than using passwords.
# On local machine, generate a new SSH key pair if you don't already have one. Replace "[email protected]" with your email address.
ssh-keygen -t ed25519 -C "[email protected]"
# Copy the public key to the server
ssh-copy-id satya@server_ip
# On the server, ensure that the .ssh directory and its contents have proper permissions.
mkdir -p ~/.ssh
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*Explanation: This configures the SSH daemon for enhanced security and prevents certain vulnerabilities.
# Edit the SSH configuration file
sudo nano /etc/ssh/sshd_configPort 22
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
PermitEmptyPasswords no
X11Forwarding no
# Restart the SSH service for the changes to take effect
sudo systemctl restart sshdExplanation: Ensures all installed packages are up-to-date and includes some useful utilities.
# Update the package lists
sudo apt update
# Upgrade installed packages
sudo apt upgrade -y
# Install commonly used utilities
sudo apt install curl wget git htop neofetch net-tools -yExplanation: This customizes the message displayed upon SSH login with some helpful system information.
# Install figlet and lolcat
sudo apt install figlet lolcat -y
# Create a custom MOTD script
sudo nano /etc/update-motd.d/00-custom#!/bin/bash
echo
figlet "DevH Server" | lolcat
echo
echo "Welcome to $(hostname)"
echo "System Info: $(lsb_release -ds)"
echo "Kernel: $(uname -r)"
echo
echo "Memory Usage: $(free -h | awk '/^Mem:/ {print $3 "/" $2}')"
echo "Disk Usage: $(df -h / | awk 'NR==2 {print $3 "/" $2}')"
echo "Load Average: $(cat /proc/loadavg | awk '{print $1, $2, $3}')"
echo
if [ -f /var/run/reboot-required ]; then
echo "System restart required!"
fi
echo# Make the MOTD script executable
sudo chmod +x /etc/update-motd.d/00-customContext: This section is dedicated to security enhancements for your VPS. It will cover firewall setup, SSH hardening, and general security recommendations.
Explanation: Setting up a firewall is crucial for protecting the server from unauthorized access. ufw is used here for ease of use.
# Install ufw
sudo apt install ufw -y
# Allow SSH connections
sudo ufw allow ssh
# Allow HTTP connections
sudo ufw allow http
# Allow HTTPS connections
sudo ufw allow https
# Enable the firewall
sudo ufw enable
# Check firewall status
sudo ufw statusExplanation: SSH is a common target for attacks, so these steps will help further secure it.
# Edit the SSH configuration file.
sudo nano /etc/ssh/sshd_config# Disable password-based authentication.
PasswordAuthentication no
# Specify acceptable ciphers and MACs.
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256
# Restart the SSH service to apply the changes
sudo systemctl restart sshdContext: This section focuses on improving the performance and efficiency of your VPS. It will include swap space configuration and kernel parameter tuning.
Explanation: Swap space is used when the system runs out of RAM. It's created here and activated.
# Create a 4GB swap file
sudo fallocate -l 4G /swapfile
# Set appropriate permissions
sudo chmod 600 /swapfile
# Create swap space
sudo mkswap /swapfile
# Activate swap space
sudo swapon /swapfile
# Add the swap file to fstab to make it persistent
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstabExplanation: Kernel tuning optimizes network and memory usage, and improves performance.
# Edit the sysctl configuration file
sudo nano /etc/sysctl.conf# Memory Management
vm.swappiness=10
vm.vfs_cache_pressure=50
vm.page-cluster=0
vm.dirty_ratio=10
vm.dirty_background_ratio=5
# Network Optimization
net.core.somaxconn=65536
net.ipv4.tcp_max_syn_backlog=4096
net.core.netdev_max_backlog=4096
net.ipv4.tcp_fastopen=3
# Apply sysctl changes
sudo sysctl -pContext: This section sets up the Python development environment on your VPS, including the installation of multiple Python versions, development packages, and the uv package installer.
Explanation: The Deadsnakes PPA provides multiple versions of Python for development.
# Add the Deadsnakes PPA
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt update
# Install various Python versions
sudo apt install python3.8 python3.9 python3.10 python3.11 python3.12 -y
# Install development headers for python 3.11
sudo apt install python3.11-dev python3.11-venv -y
# Install pip
curl -sS https://bootstrap.pypa.io/get-pip.py | python3.11Explanation: uv is a fast alternative to pip for managing Python packages.
# Install uv
curl -LsSf https://astral.sh/uv/install.sh | sh
# Add uv to the PATH. The user is expected to be the satya user.
echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.bashrc
# Refresh the environment
source ~/.bashrcContext: This section covers the installation and basic configuration of Nginx as a web server, as well as the installation and setup of Nginx UI for easier management of your web server.
# Install Nginx
sudo apt install nginx -y# Edit the Nginx configuration file. The default is normally sufficient.
sudo nano /etc/nginx/nginx.confNote: The default Nginx config should work. If you have custom requirements, update this file appropriately.
# Download and run the Nginx UI installation script
curl -L -s https://raw.githubusercontent.com/0xJacky/nginx-ui/main/install.sh -o nginx-ui-install.sh
chmod +x nginx-ui-install.sh
sudo ./nginx-ui-install.sh install
rm nginx-ui-install.sh# Edit the Nginx UI configuration file
sudo nano /usr/local/etc/nginx-ui/app.ini[server]
http_port = 9000
debug = false
single_process = true
[database]
type = sqlite3
max_idle_conns = 2
max_open_conns = 5
[log]
level = warnContext: This section covers the setup of MongoDB Atlas, including the installation of the MongoDB shell and database tools. It presumes an external database is being used rather than one installed directly on the server.
Explanation: This section explains how to install the MongoDB shell and other relevant tools
# Add MongoDB GPG key
curl -fsSL https://pgp.mongodb.com/server-6.0.asc | \
sudo gpg -o /usr/share/keyrings/mongodb-server-6.0.gpg \
--dearmor
# Add MongoDB repository
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-6.0.gpg ] https://repo.mongodb.org/apt/ubuntu $(lsb_release -cs)/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
# Update the package list
sudo apt-get update
# Install the MongoDB shell
sudo apt-get install -y mongodb-mongosh
# Install MongoDB database tools
sudo apt-get install -y mongodb-database-toolsContext: This section details the installation of Docker and Docker Compose, which can be used for containerization of services.
# Add Docker's official GPG key
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# Add Docker repository
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Install Docker
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
# Add user to the docker group
sudo usermod -aG docker $USER
# Start and enable Docker
sudo systemctl enable docker
sudo systemctl start docker# Install using apt
sudo apt-get install docker-compose-plugin -y
# Verify installation
docker compose versionContext: This section covers how to install and configure SSL certificates for your domains using Let's Encrypt and Certbot.
# Install Certbot
sudo apt install certbot python3-certbot-nginx -y# For a single domain
sudo certbot --nginx -d example.com
# For multiple domains
sudo certbot --nginx -d example.com -d www.example.com
# For wildcard certificate
sudo certbot certonly --manual \
--preferred-challenges=dns \
--email [email protected] \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
-d *.example.com# Test auto-renewal
sudo certbot renew --dry-run
# Verify the auto-renewal timer created by certbot
systemctl list-timersContext: This section details how to set up system monitoring and includes regular maintenance tasks for your VPS, including memory monitoring and system updates.
# Create memory check script
sudo nano /usr/local/bin/memcheck.sh#!/bin/bash
THRESHOLD=85
MEMORY_USAGE=$(free | grep Mem | awk '{print int($3/$2 * 100)}')
if [ $MEMORY_USAGE -gt $THRESHOLD ]; then
sync; echo 3 > /proc/sys/vm/drop_caches
swapoff -a && swapon -a
systemctl restart nginx-ui
fi# Make the script executable
sudo chmod +x /usr/local/bin/memcheck.shExplanation: This sets up a cron job to run the memory monitoring script regularly.
# Edit the crontab file
sudo nano /etc/crontabAdd:
*/5 * * * * root /usr/local/bin/memcheck.sh > /dev/null 2>&1
Explanation: These final steps include important considerations for completing the server setup, such as setting the timezone and creating backups.
sudo timedatectl set-timezone Asia/Kolkatamkdir -p ~/backups- Access Nginx UI:
https://your-server-ip:9000 - Default credentials:
admin/admin - Change default passwords
- Configure firewall rules
- Set up regular backups
-
System Updates:
sudo apt update && sudo apt upgrade -y -
Docker Cleanup:
docker system prune -af
-
Log Rotation:
sudo logrotate -f /etc/logrotate.conf
-
Certificate Renewal:
sudo certbot renew
Note:
- You should have basic familiarity with Linux commands and command-line interfaces.
- You should have a domain name configured to point to the server.
- You should have a local machine with SSH capabilities.
- You should have a basic understanding of networking and web servers.
- My target is an Ubuntu server!
- I included Explanations and Context for each section for better understanding
What to do if you stuck? Go, get some help!