← Back to Blog

Secure VPS setup script, run step-by-step on a fresh Ubuntu server

Here is a secure VPS setup script that you can run step-by-step on a fresh Ubuntu server. This script:

  • Adds a new sudo user
  • Secures SSH
  • Sets up UFW firewall
  • Installs Nginx + Certbot with HTTPS
  • Configures automatic security updates

🛡️ Secure VPS Setup Script for Ubuntu

✅ Step 1: Create a new sudo user

# Replace 'yourusername' with your preferred username
adduser yourusername
usermod -aG sudo yourusername

✅ Step 2: Secure SSH Access

A. Copy your public SSH key from your local machine:

On your local machine:

cat ~/.ssh/id_rsa.pub

Copy that key.

B. On the VPS, paste your key for the new user:

su - yourusername
mkdir -p ~/.ssh
nano ~/.ssh/authorized_keys

Paste the key, save, then:

chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

C. Edit SSH config (as root or with sudo):

sudo nano /etc/ssh/sshd_config

Make sure these lines exist and are not commented out:

PermitRootLogin no
PasswordAuthentication no

Then restart SSH:

sudo systemctl restart ssh

Test SSH login with:

ssh yourusername@your_vps_ip

✅ Step 3: Enable and Configure Firewall (UFW)

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable
sudo ufw status

✅ Step 4: Install and Secure Nginx with HTTPS

sudo apt update
sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx

Install Certbot for HTTPS:

sudo apt install certbot python3-certbot-nginx -y

Get SSL Certificate:

Make sure you’ve pointed your domain (e.g., example.com) to your VPS IP.

sudo certbot --nginx

Follow prompts to automatically configure HTTPS.

✅ Step 5: Enable Automatic Security Updates

sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure unattended-upgrades

✅ Step 6 (Optional): Install Fail2Ban to Block Brute-Force Attacks

sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

🚀 Final Tips

  • Always use sudo with your new user—avoid logging in as root.

  • Backup your SSH key securely.

  • Keep your software updated:

    sudo apt update && sudo apt upgrade -y

Would you like me to package this into a single bash script file you can run on a fresh VPS?

PARTNER WITH US TO CREATE A COMPELLING NARRATIVE
FOR YOUR BRAND!

Let's bring your ideas to life, start collaborating with our creative agency and turn your vision into reality.