Setup And Secure Your First VPS
Let’s talk about your server hosting situation. I know a lot of you are still using a shared web host. The thing is, it’s 2015, shared hosting is only necessary if you really want unexplained site outages and over-crowded servers that slow to a crawl.
It’s time to break free of those shared hosting chains. It time to stop accepting the software stack you’re handed. It’s time to stop settling for whatever outdated server software and configurations some shared hosting company sticks you with.
You need a VPS. Seriously.
What? Virtual Private Servers? Those are expensive and complicated… don’t I need to know Linux or something?
No, no and not really.
Thanks to an increasingly competitive market you can pick up a very capable VPS for $5 a month. Setting up your VPS is a little more complicated than using a shared host, but most VPS’s these days have one-click installers that will set up a Rails, Django or even WordPress environment for you.
As for Linux, knowing your way around the command line certainly won’t hurt, but these tutorials will teach you everything you really need to know. We’ll also automate everything so that critical security updates for your server are applied automatically without you lifting a finger.
Pick a VPS Provider
There are hundreds, possibly thousands of VPS providers these days. You can nerd out comparing all of them on serverbear.com if you want. When you’re starting out I suggest sticking with what I call the big three: Linode, Digital Ocean or Vultr.
Linode would be my choice for mission critical hosting. I use it for client projects, but Vultr and Digital Ocean are cheaper and perfect for personal projects and experiments. Both offer $5 a month servers, which gets you .5 GB of RAM, plenty of bandwidth and 20-30GB of a SSD-based storage space. Vultr actually gives you a little more RAM, which is helpful if you’re setting up a Rails or Django environment (i.e. a long running process that requires more memory), but I’ve been hosting a Django-based site on a 512MB Digital Ocean instance for 18 months and have never run out of memory.
Also note that all these plans start off charging by the hour so you can spin up a new server, play around with it and then destroy it and you’ll have only spent a few pennies.
Which one is better? They’re both good. I’ve been using Vultr more these days, but Digital Ocean has a nicer, somewhat slicker control panel. There are also many others I haven’t named. Just pick one.
Here’s a link that will get you a $10 credit at Vultr and here’s one that will get you a $10 credit at Digital Ocean (both of those are affiliate links and help cover the cost of hosting this site and get you some free VPS time).
For simplicity’s sake, and because it offers more one-click installers, I’ll use Digital Ocean for the rest of this tutorial.
Create Your First VPS
In Digital Ocean you’ll create a “Droplet”. It’s a three step process: pick a plan (stick with the $5 a month plan for starters), pick a location (stick with the defaults) and then install a bare OS or go with a one-click installer. Let’s get WordPress up and running, so select WordPress on 14.04 under the Applications tab.
If you want automatic backups, and you do, check that box. Backups are not free, but generally won’t add more than about $1 to your monthly bill — it’s money well spent.
The last thing we need to do is add an SSH key to our account. If we don’t Digital Ocean will email our root password in a plain text email. Yikes.
If you need to generate some SSH keys, here’s a short guide, How to Generate SSH keys. You can skip step 3 in that guide. Once you’ve got your keys set up on your local machine you just need to add them to your droplet.
If you’re on OS X, you can use this command to copy your public key to the clipboard:
pbcopy < ~/.ssh/id_rsa.pub
Otherwise you can use cat to print it out and copy it:
cat ~/.ssh/id_rsa.pub
Now click the button to “add an SSH key”. Then paste the contents of your clipboard into the box. Hit “add SSH Key” and you’re done.
Now just click the giant “Create Droplet”.
Congratulations you just deployed your first VPS server.
Secure Your VPS
Now we can log in to our new VPS with this code:
ssh root@127.87.87.87
That will cause SSH to ask if you want to add the server to list of known hosts. Say yes and then on OS X you’ll get a dialog asking for the passphrase you created a minute ago when you generate your SSH key. Enter it, check the box to save it to your keychain so you don’t have to enter it again.
And you’re now logged in to your VPS as root. That’s not how we want to log in though since root is a very privileged user that can wreak all sorts of havoc. The first thing we’ll do is change the password of the root user. To do that, just enter:
passwd
And type a new password.
Now let’s create a new user:
adduser myusername
Give your username a secure password and then enter this command:
visudo
If you get an error saying that there is no app installed, you’ll need to first install sudo (apt-get install sudo
on Debian, which does not ship with sudo). That will open a file. Use the arrow key to move the cursor down to the line that reads:
root ALL=(ALL:ALL) ALL
Now add this line:
myusername ALL=(ALL:ALL) ALL
Where myusername is the username you created just a minute ago. Now we need to save the file. To do that hit Control-X, type a Y and then hit return.
Now, WITHOUT LOGGING OUT OF YOUR CURRENT ROOT SESSION open another terminal window and make sure you can login with your new user:
ssh myusername@12.34.56.78
You’ll be asked for the password that we created just a minute ago on the server (not the one for our SSH key). Enter that password and you should be logged in. To make sure we can get root access when we need it, try entering this command:
sudo apt-get update
That should ask for your password again and then spit out a bunch of information, all of which you can ignore for now.
Okay, now you can log out of your root terminal window. To do that just hit Control-D.
Finishing Up
What about actually accessing our VPS on the web? Where’s WordPress? Just point your browser to the bare IP address you used to log in and you should get the first screen of the WordPress installer.
We now have a VPS deployed and we’ve taken some very basic steps to secure it. We can do a lot more to make things more secure, but I’ve covered that in a separate article:
One last thing: the user we created does not have access to our SSH keys, we need to add them. First make sure you’re logged out of the server (type Control-D and you’ll get a message telling you the connection has been closed). Now, on your local machine paste this command:
cat ~/.ssh/id_rsa.pub | ssh myusername@45.63.48.114 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
You’ll have to put in your password one last time, but from now on you can login via SSH.
Next Steps
Congratulations you made it past the first hurdle, you’re well on your way to taking control over your server. Kick back, relax and write some blog posts.
Write down any problems you had with this tutorial and send me a link so I can check out your blog (I’ll try to help figure out what went wrong too).
Because we used a pre-built image from Digital Ocean though we’re really not much better off than if we went with shared hosting, but that’s okay, you have to start somewhere. Next up we’ll do the same things, but this time create a bare OS which will serve as the basis for a custom built version of Nginx that’s highly optimized and way faster than any stock server.
Thoughts?
Please leave a reply:
All comments are moderated, so you won’t see it right away. And please remember Kurt Vonnegut's rule: “god damn it, you’ve got to be kind.” You can use Markdown or HTML to format your comments. The allowed tags are
<b>, <i>, <em>, <strong>, <a>
. To create a new paragraph hit return twice.