A VPS from start to finish
Tutorial – Setting Up a VPS
If managing a server on your own network doesn't appeal to you, then a virtual private server might be the answer.
There is hardly any need to extol the benefits of having your own server. From storing and sharing your data to self-hosting useful web applications, a server is a versatile platform that can make your computing life easier. Opting for a network-attached storage (NAS) appliance that comes with pretty much everything you need and requires very little tinkering seems like a no-brainer. But running your own server on a local network is not without drawbacks. To access the server from the outside world, you need to punch a hole in your network, which leads to a whole new set of problems you have to deal with. Plus, your Internet connection may or may not be up to scratch in terms of reliability and speed.
If you are only interested in running web-based applications, shared web hosting might look like a sensible option. Most providers have plans that include a web server, PHP, and a MySQL database – all configured and ready to go. Some providers even offer easy-to-use installers for popular web applications. However, ease of use comes with serious limitations. Can you Install PHP additional libraries? No. Can you run non-PHP applications? Forget about it. Some providers don't even offer SSH access.
A virtual private server (VPS) provides a middle ground between managing your own server and opting for shared web hosting. A VPS is a virtual Linux server system that you can manage yourself. Because you are the admin for your VPS, you have more control over it than you would with a basic web hosting arrangement. And, because the VPS is a virtual machine that shares the hardware with other VPS systems, it is much less expensive than leasing a dedicated server.
A VPS gives you a complete Linux server, without any of the drawbacks of having it on your own network. But that's not the only benefit. You can have a modest VPS instance for as little as a couple of euros or dollars a month. More importantly, you can create and discard VPS systems on demand. So you can easily and cheaply spin a VPS for testing and experimenting, or you can have several VPS instances for different workloads. Better still, you can have a beefier VPS configuration from a reputable provider for running mission-critical tools and applications. Of course, running a VPS means that the responsibility to keep your VPS instance secure and the data on it safe rests squarely on your shoulders. But that's a small price to pay for the sheer convenience and flexibility a VPS gives you. If you have no experience setting up a VPS, despair not: This article will get you up and running in no time.
First Steps
The very first step is to find a VPS provider and a VPS configuration that fits your needs. The good news is that there is a myriad of VPS providers to choose from, and they offer a seemingly infinite number of VPS configurations. While it may be tempting to go for the lowest price possible, it's better to do some research and opt for a reputable service instead. Most VPS providers offer a choice of different Linux distributions. For obvious reasons, Ubuntu or Debian is a sensible choice for a VPS in most situations (the rest of the instructions assume that your VPS is running Ubuntu). Most VPS providers offer a web-based administration interface that allows you to initiate your VPS instance and install a Linux distribution on it. Usually, you can also reboot the VPS and reinstall the system via the administration interface.
If you want your VPS to have its own domain name, the next step is to procure one. You can use a domain name registrar like Namecheap [1] to register the desired domain name. When you have the VPS up and running, note its IP address: You'll need it when setting up an A Record through the domain registrar. To do this in Namecheap, log in and switch to the Domain List section. Click the Manage button, and switch to the Advances DNS section. Click Add new record, select A Record from the drop-down list, and configure the record so it looks similar to Figure 1. Once the record has been updated (it may take a while), you can reach the VPS by its domain name instead of the IP address.
Automate and Protect
At this point, you have a VPS up and running, and it has a domain name associated with it. But the VPS can't do much until you install the required software and specify a basic configuration. At the very least, you need to add a non-privileged user, add the user to sudoers
, install a web server, configure a virtual host, and enable SSL. Completing all these tasks is not particularly difficult, but it does require some manual work. It can quickly become a chore if you regularly spin new VPS instances and reset the existing ones. This is where the VPS Express package [2] cobbled together by yours truly can come in rather handy. The package includes a Bash shell script that does the following:
- Updates software repositories and installs the required packages
- Sets up and configures a virtual host (an Apache configuration that basically redirects a domain name to the dedicated directory in the document root of the server)
- Enables SSL HTTP connections
- Sets up MariaDB
- Creates a new MariaDB user with administrative privileges
- Creates a MariaDB database
Run the script, and you have a ready-to-go VPS, running the Apache/MariaDB/PHP stack. The most straightforward way to run the script directly on the VPS is to use the following command as root:
curl -sSL https://raw.githubusercontent.com/dmpop/vps-express/main/vps-installer.sh | bash
However, if you'd prefer to study and modify the script before running it, clone the project's repository using the command:
git clone https://github.com/dmpop/vps-express.git
Note that the script is designed to work on Ubuntu, so if your VPS is running a different Linux distribution, you have to adjust the script before you run it.
Of course, you can extend the script to perform additional tasks, if needed. For example, if you want the script to automatically fetch the Adminer [3] tool for working with popular database engines, you can add the following command to the script (replace the example values with the actual version number and document root):
wget https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php -O /var/www/html/hello.xyz/adminer.php
Next, you need to make the VPS instance more secure. Linux hardening is a complex topic that warrants a separate article, but as the bare minimum, you want to enable automatic upgrades as well as configure and enable the Fail2ban tool.
Enabling automatic upgrades ensures that your VPS runs the latest software that includes all security fixes. Enabling this feature on Ubuntu is a matter of installing the unattended-upgrades package and enabling it:
apt install unattended-upgrades dpkg-reconfigure unattended-upgrades
The Fail2ban tool makes it possible to ban an IP address after a specified number of unsuccessful login attempts, which makes brute force attacks less effective. The VPS installer script installs Fail2ban automatically, so you only need to configure and enable the tool. First, create a new configuration file by copying the supplied template:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Open the new configuration file for editing using the command:
nano /etc/fail2ban/jail.local
Scroll down to the [sshd]
section, and add the following options:
enabled = true maxretry = 3
This enables Fail2ban for the incoming SSH connection and sets the number of unsuccessful login attempts to 3
. Save the changes, and then enable and start the Fail2ban service:
systemctl enable fail2ban systemctl start fail2ban
Run the systemctl status fail2ban command to check whether the service is up and running.
Safe Landing
Whenever you point a browser to the domain name assigned to the VPS, you're greeted with the default Apache page. If you want to replace the default page with something more useful, you might want to give the landing page template that comes with VPS Express a try. Written in PHP, the landing page provides basic information about the VPS it's running on, a five-day weather forecast for the specified location, a section with user-defined links, and a feed section where you can add your favorite RSS feeds (Figure 2). To configure the available settings, open the index.php
file for editing and adjust the user-defined settings. Most of these settings are self-explanatory, so you shouldn't have problems figuring out what they do and how to configure them. To be able to use the weather forecast functionality, you need to obtain an OpenWeatherMap API key. Once you're done editing the settings, save the changes and upload the index.php
file along with the fonts
and css
folders into the document root of the server.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.