How to Secure Your New Linux Server VPS for Website and Software Deployment

How to Secure Your New Linux Server VPS for Website and Software Deployment

When you first install a brand new VPS with Linux, every developer or webmaster is on a high. But this raises the bar: you definitely need to keep your VPS secure and keep your data and applications safe from possible threats. We'll run through the core and the way to secure your VPS and get yourself prepared for deployment for your websites and software.

Step 1: Initial Server Setup and Access

1.1 Update and Upgrade Your System

After your first login to your VPS, it is good practice to update the system packages to their latest versions in order to stay at ease with the most recent software updates and security patches available.

sudo apt update
sudo apt upgrade -y

1.2 Create a New User

Running everything as the root user is risky. Create a new user with administrative privileges.

adduser yourusername
usermod -aG sudo yourusername

1.3 Secure SSH Access

Change the default SSH port from 22 to something less common to reduce the risk of automated attacks.

sudo nano /etc/ssh/sshd_config

Find the line #Port 22 and change it to something like Port 2222. Then restart SSH.

sudo systemctl restart sshd

1.4 Disable Root Login

To prevent brute-force attacks on the root account, disable root login over SSH.

sudo nano /etc/ssh/sshd_config

Set PermitRootLogin to no. Save and exit, then restart SSH.

sudo systemctl restart sshd

Step 2: Firewall Configuration

2.1 Install and Configure UFW

UFW (Uncomplicated Firewall) is an easy-to-use tool to manage your firewall rules.

sudo apt install ufw

Allow only necessary ports (e.g., your custom SSH port, HTTP, and HTTPS).

sudo ufw allow 2222/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Step 3: Install Fail2Ban

Fail2Ban helps protect your VPS from brute-force attacks by monitoring log files and banning IPs that show malicious signs.

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Configure Fail2Ban to protect SSH and other services.

sudo nano /etc/fail2ban/jail.local

Add or modify the following:

[sshd]
enabled = true
port = 2222
logpath = /var/log/auth.log
maxretry = 5

Restart Fail2Ban to apply changes.

sudo systemctl restart fail2ban

Step 4: Secure Your Web Server

4.1 Install and Configure a Web Server

Depending on your preference, install either Apache or Nginx. Here’s how to install Nginx:

sudo apt install nginx
sudo systemctl enable nginx
sudo systemctl start nginx

4.2 Set Up SSL/TLS

Secure your website with SSL/TLS. You can use Let’s Encrypt for free SSL certificates.

sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx

Follow the prompts to configure SSL for your domain.

4.3 Harden Your Web Server Configuration

Edit your web server’s configuration file to improve security. For Nginx, you can add the following:

sudo nano /etc/nginx/nginx.conf

Add or modify:

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name your_domain;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl;
    server_name your_domain;
    ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        try_files $uri $uri/ =404;
    }
}

Restart Nginx:

sudo systemctl restart nginx

Step 5: Regular Maintenance and Monitoring

5.1 Set Up Automatic Updates

Keep your system secure by enabling automatic updates.

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

5.2 Monitor Logs

Regularly check your server logs to monitor for any suspicious activity.

sudo tail -f /var/log/auth.log
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log

5.3 Backup Your Data

Regular backups are crucial. Use tools like rsync, tar, or cloud services to backup your data.

Conclusion

It's important to secure your new Linux VPS so that data and applications remain safe and unaffected. With all these steps being taken, you can lay a strong foundation for security and be worry-free when developing and deploying your websites and software. Note: Because security is a dynamic process, better be cautious and keep your system up-to-date.

Happy coding!

Vibe Plus 1

Sajad Rahimi (Sami)

Innovate relentlessly. Shape the future..

Recent Comments

Post your Comments (first log in)

Next Post to Read

How to Install and Configure MariaDB on a Linux Server

Install and Configure MariaDB

MariaDB is an open-source, community-developed, drop-in replacement for MySQL. It is loved for its robustness, scalability, and ease of use. This guide will walk through the steps to install and configure MariaDB on a Linux server.