đź’» <nicdun.dev/>

Setting Up Your Own VPS: A Technical Guide and Its Advantages

#docker #vps #virtual machine #ssh #firewall
Sun, March 30, 2025 - 4 min read

Virtual Private Servers (VPS) have become a critical component in modern IT infrastructure, offering unmatched flexibility, scalability, and enhanced control over your hosting environment. While cloud services are popular for their simplicity, managing your own VPS can substantially improve security, allow for customized environments, and often reduce costs. This detailed technical guide will walk you through securely configuring your VPS and clearly highlight the benefits of managing your own hosting infrastructure.

Furthermore, for entrepreneurs and startups navigating the early stages of business growth, VPS hosting offers an ideal balance of performance, flexibility, and cost-effectiveness that aligns perfectly with their unique needs.

Why Set Up Your Own VPS?

Control and Customization

  • Enjoy full administrative access and complete system control.
  • Customize software stacks precisely tailored to your project’s specific needs.
  • Freedom to install, manage, and configure software without vendor-imposed limitations.

Enhanced Security

  • Direct management of firewall rules, SSH access, and user permissions.
  • Ability to implement advanced security measures like Fail2Ban and custom intrusion detection setups.

Cost Efficiency

  • Generally more affordable than fully-managed hosting services.
  • Eliminate unnecessary overhead fees associated with managed hosting.

Technical Understanding and Data Security

  • Understand what you are actual implementing and using to host your services.
  • Be the owner of your server - make sure where and how to host your data and services.

Detailed Step-by-Step VPS Setup

1. Creating a New User with Sudo Permissions

To enhance security, avoid using the root account directly, as it poses a higher risk if compromised. Instead, create a dedicated user with administrative privileges:

  1. Log in to your server as the root user:
ssh root@your-server-ip
  1. Create a new user:
adduser newuser

You’ll be prompted to set a password and optionally provide additional user details.

  1. Add the new user to the sudo group to grant administrative privileges:
usermod -aG sudo newuser
  1. Verify the new user’s permissions by switching to the newly created user and testing sudo privileges:
su - newuser
sudo apt update

2. Configuring SSH Authentication

Secure your server further by using SSH keys instead of passwords, greatly reducing the risk of brute force attacks:

  1. Generate an SSH key pair on your local machine (if you don’t already have one):
ssh-keygen -t ed25519 -C "[email protected]"

You’ll be prompted to choose a location and optionally set a passphrase.

  1. Securely transfer your public key to your server, allowing key-based authentication:
ssh-copy-id -i ~/.ssh/id_ed25519.pub newuser@your-server-ip
  1. Test the key-based SSH login to confirm successful setup:
ssh newuser@your-server-ip

3. Hardening SSH Configuration

To further enhance your VPS security, modify your SSH server configuration to prevent direct root login and disable password-based authentication:

  1. Edit the SSH configuration file:
sudo vim /etc/ssh/sshd_config
  1. Find and modify these settings:
PermitRootLogin no
PasswordAuthentication no

This ensures only users with valid SSH keys can log in and completely disables root user access.

  1. Apply the changes by restarting the SSH service:
sudo systemctl restart ssh
  1. Immediately confirm that the changes have been correctly applied by attempting to reconnect via SSH:
ssh newuser@your-server-ip

4. Setting Up UFW Firewall

A firewall is essential for protecting your VPS from unwanted traffic and potential intrusions:

  1. Install UFW (Uncomplicated Firewall) if it’s not already available:
sudo apt install ufw
  1. Configure default firewall policies to ensure all incoming connections are denied by default, while allowing outgoing traffic:
sudo ufw default deny inbound
sudo ufw default allow outbound
  1. Allow essential ports and protocols required for basic server operations:
sudo ufw allow OpenSSH
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

These rules enable SSH access and common web service ports (HTTP/HTTPS).

  1. Activate your firewall and verify that the rules are correctly applied:
sudo ufw enable
sudo ufw status

Resolving Docker and Firewall Compatibility Issues

Docker Compose can conflict with firewall rules due to explicit port mappings. To resolve this:

  • Remove direct port mappings in your Docker Compose configuration.
  • Implement a reverse proxy like Traefik or Caddy to internally route domain-specific traffic.
  • Manage TLS certificates centrally via the reverse proxy for secure encrypted communication.

Conclusion

Managing your own VPS is both empowering and practical for developers and IT teams looking to maximize control, security, and cost efficiency. This guide has equipped you with essential knowledge to confidently set up, secure, and manage your own VPS for production deployments.

Further Reading & Resources

see other templates 🚀