Setting up a Linux VPS for the first time can feel daunting — but once you’ve done it once, you’ll realise it’s a repeatable, learnable process. This guide walks you through every step from choosing a provider to having a secure, production-ready server running.
Step 1: Choose Your VPS Provider
For beginners, I recommend either Vultr or DigitalOcean. Both offer:
- Simple, clean control panels
- Hourly billing — you can destroy and rebuild without committing to a month
- $2.50–$4/month entry-level instances — cheap enough to experiment
- Excellent documentation and community resources
👉 Get $100 free credit on Vultr | 👉 Get $200 free credit on DigitalOcean
Which Linux Distribution to Choose
For most server use cases, choose Ubuntu 22.04 LTS or Debian 12. Both have long support windows, huge communities, and excellent package availability. Ubuntu is slightly more beginner-friendly; Debian is more minimal and conservative with updates — preferred for production servers where stability matters most.
Avoid CentOS (end-of-life), Rocky Linux or AlmaLinux are fine if you need RHEL compatibility. For this guide we’ll use Ubuntu 22.04.
Step 2: Create Your Server
On Vultr: click Deploy → Cloud Compute → select your region → choose Ubuntu 22.04 → select the $6/mo plan (1 vCPU, 1GB RAM is plenty to start) → deploy.
On DigitalOcean: click Create → Droplets → choose Ubuntu 22.04 → Basic plan → $6/month → choose a datacenter near you → add your SSH key (covered below) → Create Droplet.
Add an SSH Key Before Deploying
Always add an SSH key rather than using password authentication. Generate one locally if you don’t have one:
ssh-keygen -t ed25519 -C "your@email.com"This creates ~/.ssh/id_ed25519 (private key) and ~/.ssh/id_ed25519.pub (public key). Copy the contents of the .pub file and paste it into your provider’s SSH key section.
Step 3: Connect to Your Server
Once your server shows as active (usually under 60 seconds), connect via SSH. Replace YOUR_SERVER_IP with the IP shown in your control panel:
ssh root@YOUR_SERVER_IPIf you added your SSH key, you’ll connect without a password prompt. If you’re asked for a password, you’ll have received it by email from your provider.
Step 4: Initial Server Hardening
Never leave a fresh server exposed as root with default settings. Run through these steps immediately after first login.
Update the System
apt update && apt upgrade -yCreate a Non-Root User
adduser steve
usermod -aG sudo steveThen copy your SSH key to the new user:
rsync --archive --chown=steve:steve ~/.ssh /home/steveOpen a new terminal and verify you can SSH in as your new user before proceeding. Once confirmed, continue as your new user.
Disable Root SSH Login and Password Authentication
Edit the SSH daemon config:
sudo nano /etc/ssh/sshd_configFind and set these values:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yesSave and restart SSH:
sudo systemctl restart sshdSet Up a Firewall
Ubuntu comes with ufw (Uncomplicated Firewall). Configure it to allow only what you need:
sudo ufw allow OpenSSH
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enableCheck the status with sudo ufw status. Only add ports you actively need.
Install Fail2Ban
Fail2Ban automatically bans IPs that repeatedly fail SSH login attempts:
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2banStep 5: Install Your Stack
With a hardened base, you can now install whatever you need. Common setups include:
LAMP Stack (Linux, Apache, MySQL, PHP)
sudo apt install apache2 mysql-server php php-mysql libapache2-mod-php -yLEMP Stack (Linux, Nginx, MySQL, PHP)
sudo apt install nginx mysql-server php-fpm php-mysql -yDocker
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker steveStep 6: Set Up Automatic Security Updates
Install unattended-upgrades to keep your server patched automatically:
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgradesStep 7: Set Up a Domain and SSL
Point your domain’s A record to your server’s IP via your DNS provider. Once propagated (can take up to 24 hours, but usually minutes), install Certbot for a free Let’s Encrypt SSL certificate:
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.comCertbot will obtain the certificate and automatically configure Nginx to use it. It also sets up automatic renewal via a systemd timer.
Where to Go From Here
- Set up automated backups — both at the provider level (DigitalOcean and Vultr offer snapshot backups) and application-level with tools like
rsyncorborgbackup - Configure monitoring with a lightweight tool like Netdata or forward logs to a central SIEM
- If running WordPress, consider using Cloudways instead of managing the stack yourself — it handles all of the above automatically
👉 Get started on Vultr with $100 free credit
Disclosure: This article contains affiliate links. I may earn a commission if you sign up through these links, at no extra cost to you.