Welcome to the Secure VPS Setup repository! This project focuses on hardening your Virtual Private Server (VPS) with essential tools and configurations. We cover a variety of topics to ensure your server runs securely and efficiently. You can find the latest releases here. Download and execute the files as needed.
- Introduction
- Features
- Topics Covered
- Installation
- Configuration
- Usage
- Monitoring
- Backup Strategy
- SSL Setup
- Firewall Configuration
- Database Setup
- Web Server Configuration
- Contributing
- License
Setting up a secure VPS is crucial for any online application. This repository provides a comprehensive guide to help you implement best practices in server security. With the right setup, you can protect your data and ensure your applications run smoothly.
- SSH hardening
- Automated backups
- SSL certificate management with Certbot
- Fail2ban for intrusion prevention
- Firewall setup
- Database management with MariaDB
- Monitoring tools
- Web server configuration with Nginx
- PHP and Redis support
- Swap file management
This repository addresses the following topics:
- Backups: Ensure your data is safe with regular backups.
- Certbot: Automate SSL certificate issuance and renewal.
- Fail2ban: Protect your server from unauthorized access.
- Firewall: Configure a firewall to block unwanted traffic.
- MariaDB: Manage your databases securely.
- Monitoring: Keep an eye on server performance.
- Nginx: Set up a reliable web server.
- PHP: Run your applications smoothly.
- Redis: Use caching for improved performance.
- SSH Hardening: Secure your SSH connections.
- SSL: Implement secure connections.
- Swap: Manage memory efficiently.
- Webserver: Optimize your web server setup.
To get started, clone this repository to your local machine:
git clone https://github.com/Krakenovo/secure-vps-setup.git
cd secure-vps-setupYou can also download the latest release from the Releases section and execute the necessary scripts.
After cloning the repository, you will find configuration files for each service. Follow the instructions in each directory to set up the services according to your needs.
To harden your SSH configuration, modify the /etc/ssh/sshd_config file. Some key changes include:
- Disable root login:
PermitRootLogin no - Change the default SSH port:
Port 2222 - Use key-based authentication.
Use UFW (Uncomplicated Firewall) to set up your firewall. Here are some basic commands:
sudo ufw allow 2222/tcp # Allow SSH on custom port
sudo ufw allow 'Nginx Full' # Allow HTTP and HTTPS
sudo ufw enableOnce your server is configured, you can start using the services. For example, after setting up Nginx, you can place your web files in the /var/www/html directory.
Monitoring is essential for maintaining server health. Consider using tools like:
- htop: For real-time system monitoring.
- Netdata: For detailed performance metrics.
- Prometheus: For metrics collection and monitoring.
To install htop, run:
sudo apt install htopImplement a robust backup strategy. Use tools like rsync or tar for file backups. Schedule backups with cron to automate the process.
To run a backup every day at 2 AM, add the following line to your crontab:
0 2 * * * /path/to/backup-script.shUsing Certbot makes SSL management straightforward. Install Certbot and run:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginxFollow the prompts to secure your domain with SSL.
A well-configured firewall is your first line of defense. Regularly review and update your firewall rules. Consider using tools like fail2ban to automatically block suspicious IP addresses.
To install Fail2ban, run:
sudo apt install fail2banConfigure it by editing the /etc/fail2ban/jail.local file.
For database management, use MariaDB. Install it with:
sudo apt install mariadb-serverSecure your installation by running:
sudo mysql_secure_installationFollow the prompts to set up your database securely.
Nginx is a powerful web server. Configure your server blocks in /etc/nginx/sites-available/. Remember to test your configuration with:
sudo nginx -tAnd reload Nginx to apply changes:
sudo systemctl reload nginxContributions are welcome! If you have suggestions or improvements, please open an issue or submit a pull request.
This project is licensed under the MIT License. See the LICENSE file for details.
For more information, visit the Releases section to stay updated with the latest changes and improvements.