Skip to content

VPS Installation Guide

Introduction

This detailed guide will walk you through the installation and configuration of a VPS (Virtual Private Server). We will emphasize security and best practices throughout the process.

Choosing a VPS provider

For this guide, we will use a VPS costing €1.20/month from IONOS. However, many providers offer similar services at competitive prices.

Important selection criteria

  • Fixed public IPv4 address
  • Unlimited or generous bandwidth
  • Support for KVM virtualization or similar
  • Good reputation in terms of reliability and support

Initial VPS Configuration

Initial SSH Connection

The first step is to connect to your VPS via SSH.

  1. Retrieve the IP address and credentials from your provider's interface or confirmation email.
  2. Open a terminal and connect as root:
ssh root@<ip_address>
  1. Enter the provided password when prompted.

Security

This initial connection uses a password. We will quickly secure this with SSH keys.

System Update

Start by updating your system:

apt update && apt upgrade -y

Possible interactions

If configuration messages appear, generally validate with "OK" or choose the default options.

VPS Restart

To apply all updates, restart your VPS:

reboot

Reconnection

After restarting, wait a few minutes, then reconnect via SSH.

Hostname Configuration

Customize your server's identity:

  1. Modify the hostname: 

    hostnamectl set-hostname <your_hostname>

  2. Update the /etc/hosts file: 

    nano /etc/hosts
    Add or modify the line: 
    127.0.1.1 <your_hostname>

Securing SSH Access

Generating and Deploying SSH Keys

  1. On your local machine, generate an SSH key pair: 

    ssh-keygen -t ed25519 -C "my_vps"

  2. Copy the public key to the VPS: 

    ssh-copy-id root@<ip_address>

  3. Test the connection with the new key: 

    ssh root@<ip_address>

Successful Authentication

If you connect without a password, the SSH key configuration is successful.

Installing ZSH and Oh My Zsh

Enhance your command-line experience:

  1. Install ZSH: 

    apt install zsh -y

  2. Install Oh My Zsh: 

    sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

  3. Customize your ZSH configuration: 

    nano ~/.zshrc

Customization

Explore available themes and addons for Oh My Zsh to optimize your productivity.

Creating a Non-Root User

For better security, create a non-root user:

  1. Add a new user: 

    adduser <username>

  2. Grant sudo privileges: 

    usermod -aG sudo <username>

  3. Configure SSH access for this user: 

    ssh-copy-id <username>@<ip_address>

Firewall Configuration

Opening Necessary Ports

Configure the UFW firewall to allow only necessary services:

ufw allow 51820/udp  # WireGuard
ufw allow 443/tcp    # HTTPS
ufw allow 80/tcp     # HTTP
ufw allow <custom_ssh_port>/tcp  # Custom SSH

Enable the firewall:

ufw enable

Caution

Make sure you have correctly configured the SSH port before enabling the firewall to avoid locking yourself out.

IONOS Panel Configuration

Don't forget to configure the same firewall rules in the IONOS management interface.

SSH Security Hardening

Strengthen the SSH configuration:

  1. Remove the cloud-init configuration: 

    rm -rf /etc/ssh/sshd_config.d/50-cloud-init.conf

  2. Edit the SSH configuration file: 

    nano /etc/ssh/sshd_config

  3. Modify the following parameters: 

    Port <custom_ssh_port>
PermitRootLogin prohibit-password
PasswordAuthentication no
PermitEmptyPasswords no

  4. Restart the SSH service: 

    systemctl restart sshd

Caution

Test the new SSH configuration in a new session before closing your current session to avoid any lockout.

Installing Tailscale

Tailscale offers an easy-to-use VPN solution based on WireGuard.

Follow the official Tailscale documentation for installation on Debian.

Installing Docker

Install Docker to facilitate application deployment:

  1. Download and run the installation script: 

    curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

  2. Add your user to the Docker group: 

    sudo usermod -aG docker $USER

Activating changes

Log out and log back in for the group changes to take effect.

Installing CrowdSec

CrowdSec is an open-source collaborative security solution.

Follow the official CrowdSec documentation for installation.

Conclusion

Your VPS is now securely configured and ready to host StreamFusion and other services. Remember to:

  • Perform regular updates
  • Monitor logs and security alerts
  • Regularly backup your important data and configurations

Next steps

Consider exploring other security and monitoring tools to further strengthen your infrastructure.