VPS Setup and Security Checklist: Complete Self-Hosting Guide for 2025

submitted by

bhargav.dev/blog/VPS_Setup_and_Security_Checkli…

A good guide on initial server setup for users, ssh hardening and firewall settings. Not just useful for VPS it is basically the same steps on a home linux install too.

6
48
1

Log in to comment

Hot Top New Old

I'd be cautious following simple commands and configs without explanation or knowing what they do. And when someone copies public keys via clipboard I'm skeptic. Use ssh-copy-id or at least scp. And with Hetzner you can add your public key to their panel and it will be automatically added to every installation.

As it is stated, this is just a journal / checklist for someone and made publicly available. Don't blindly follow such things without understanding what you are doing.

 reply
6

Good call, I don't want to know how my clipboard history in KDE Plasma looks like

 reply
1

It's the public key so it's not bad for security reasons. For me it just feels wrong to copy the content of a file to another using the clipboard. It can cause problems and one day you'll do it out of habit with something you shouldn't.

 reply
3

Thiiiiis is what I've been looking for, thank you

 reply
3

Coolify is mentioned in the title but never in the article, unless I missed it

 reply
1

It would be really nice to have ansible playbooks with the instructions

 reply
1

Comments in Selfhosted@lemmy.world

good summary.

two thoughts

  • can any expert mention any disadvantages here?
  • what does coolify has to do with this guide?
 reply
7

This isn't so much a guide as it is one person's list of setup steps.

 reply
8

well.

guide definition:

A structured, often comprehensive document that provides step-by-step instructions to help users complete a task

whats the difference?

 reply
1

I'm far from an expert, but I've been using Hetzner for close to 20 years at this point. Both their VPSes and the actual rent-a-server.

I skimmed the article and I didn't notice anything blatantly bad in the approach. So they have my approval.

 reply
5

I personally don't enable automated upgrades anywhere, but I'm 25yrs into sysadmin and I have a pathological aversion to services being down.

I use some automation with ansible, but I like manual triggering so that a problem can manifest when I want it to (like a change window) and I can respond appropriately.

I also would include steps to back up the ssh public keys or have an alternate console available.

But as someone else mentioned, these seem to be someone's step guide to installs.

 reply
2