Setting up and securing your new Ubuntu VPS

So you have just got yourself a new VPS and want to start using it? Perhaps you want to host your own website. Whatever the reason you will want to make sure that your VPS is set up correctly and it is secure before you start using it.

Where do I start?

Unless you are already experienced in setting up servers you probably won't know where to start.

It is always useful to find a good starting point online. This will give you the ability to make a start whilst helping you realise what kind of things you need to look for and what to research to improve and develop the process for your own use.

Setting up your VPS

Rather than list everything here I have created a simple BASH script which can be found at https://scripts.philipstone.co.uk/. Once you have downloaded the 'Setting up Ubuntu' script you will want to look through the script to see what you need to add, remove or alter with your own information.

Most of the script is based on Setting up your Linux VPS: Initial steps but there are some further developments.

Looking through the script

The first thing you might want to change in the script may be the timezone. It is currently set to UK.

The script adds a public key to the user it creates. You will need to set up a key pair before using the script and make sure to add your public key here. Future development may mean the script creates a keypair for you but this way you can use the same key on multiple machines.

Next you have the choice of using either the UFW or CSF firewall. The CSF firewall is the default choice but this can be commented out and the UFW section uncommented depending on preference. Either way the ports you allow through will need updating to suit your own needs.

Later on in the script there is also the option to either use Postfix or SSMTP to send email from your server (as a relay). Postfix is the default but this can be changed simply by commenting out this section and uncommenting the SSMTP section if you prefer it.

You will also need to add the details of the email server that actually sends the email out (whether that be a free account or one of the email delivery services you can purchase online).

Further on there is a section for Zabbix that is commented out. I used to run a Zabbix server but currently do not do so. If you do have a Zabbix server then feel free to uncomment this section. It will install the Zabbix agent which will communicate with the server you have elsewhere.

Finishing off

To run the script type sudo chmod +x UbuntuSetup.sh && ./UbuntuSetup [FQDN] [user] where FQDN is the fully qualified domain name for this system and [user] is the name of the user you wish the script to create.

The script will ask for your input every now and then and is not fully automated. However, it should get you started and will give you some ideas of how to improve the security of your server.