Photo by Denny Müller on Unsplash

Contrary to shared hosting, which came already configured with many applications ready to serve your application to the Internet, a VPS comes with only the operating system. It is your responsibility to configure it to serve your app.

This tutorial assumes you have a VPS running on Ubuntu 18.04 or 20.04.

Connect to the server

You bought a VPS at your preferred provider, and the first thing to do is log into it. Usually, you receive an email with the credentials required to connect. It's constituted by an IP address, a user (root by default), and a port (22 by default). The syntax for connecting to the server is:

ssh -p <port> <user>@<server_ip_address>

The option -p is for the server's port. If it is not provided, the default value will 22.

Let's assume our IP address is:
I chose it randomly so, I'm sorry if it turns out to be the IP address of your server ?. The username is usually root, but it will be given in the email you will receive. We will type the code below to connect to the server:

ssh root@

Congratulation ? , we are inside the server. Let's continue with the next step.

Install a firewall

A firewall is a software placed between our system and the network. It filters incoming and outcoming requests based on rules written by the system administrator. You can deny incoming traffic from a specific port or IP address. Our server usually comes with no firewall installed so, it is our responsibility to install one. The most famous in the Ubuntu world is UFW who stands for Uncomplicated Firewall.

We will use it to deny the incoming requests from any port and then add rules to allow on a specific port based on our need. Run the command below to install and wait for the installation to complete.

apt-get install ufw

The firewall is all installed, and by default, all incoming connections to our server are denied, even the SSH connection on port 22, which if we log out to the server, we can't connect anymore. Let's allow SSH connection on port 22 with the command below:

# Allow ssh connection
ufw allow ssh

# Activate UFW
sudo ufw enable

# View all rules defined
ufw status verbose

Note: We don't add sudo because we are connected with the root user. If it is not your case, consider adding the "Sudo" keyword before the command.

Log out then, login again to make sure you can still connect to the server.

Change SSH Port

By default, the SSH port is 22. It is a good idea to change this to make your server a little more secure. Here is the process to change the port to 4927.

  • Open the SSH config's file: nano /etc/ssh/sshd_config
  • Locate the line #Port 22
  • Remove the hashtag in front of and replace 22 by 4927
  • Save the file and exit
  • Restart the SSH service: /etc/init.d/ssh restart

Now, we need to update the firewall rule to:

  1. Allow SSH connection on port 4927: ufw allow 4927/tcp
  2. Delete rule for SSH connection on port 22:
    This is achieved in two steps where. The first is to list the rule with a number assigned to each rule: ufw status numbered.
    Locate the number of the rule you want to delete, then type: ufw delete <rule_number> e.g.: ufw delete 3

Create a user with Sudo privilege

Since now, we use the root user to perform restricted actions. It is not a good decision because a bad manipulation can cause great damages. It is better to create a user with lower privilege on the system and keep the user perform actions requiring the root user. The command below creates a user "admin" with Sudo privilege:

# create user admin with his home directory
useradd -m -d /home/admin admin

# set the password
passwd admin

# add the user in the sudo users list 
echo 'sadmin ALL=(ALL) ALL' >> /etc/sudoers

# list users to verify the user created
cat /etc/passwd

Now logout, then connect with the new user created and provided the password you have registered in the step above:

ssh -p 4927 admin@

Disable connection with root user

Since we have another user we can connect to the server with, we will disable the SSH connection with the root user. It is a security measure to avoid preventing a malicious person from doing anything on our server. The process to achieve that is:

  • Open the SSH config's file: nano /etc/ssh/sshd_config
  • Locate the line with: PermitRootLogin yes and replace yes with no.
  • Save the file and exit
  • Restart the SSH service: /etc/init.d/ssh restart
  • Log out and verify that you can't connect with the root user.

Note: When connected with the sudo user, if you want to perform an action requiring root user privilege, you can switch to the root user by typing the command sudo su then provide your admin password.

Install a Web Server

Our goal is to host our web application and make it accessible through Internet but, a server is just a computer like ours but without a GUI and up every time.
By default, the server doesn't have this capability, and we need to install a Web server that will make this possible. The most popular web servers are Apache, Nginx, and Microsoft IIS. We are going to install Nginx:

sudo apt install nginx

sudo ufw allow 'Nginx Full'

sudo systemctl status nginx

The command sudo ufw allow 'Nginx Full' Open ports 80 and 443 for HTTP and HTTPS, respectively, to allow incoming traffic from the web.

Install Node.js

We can run a web application built in any language. The only requirement is to install the necessary runtime. Depending on your needs, You can install PHP or Go or Ruby or Java, or Node.js. We will install Node.js through NVM (Node Version Manager). You can check the latest version here. At the time I'm writing this article, the version is 0.38.0.

cd ~

# install necessary dependencies
sudo apt-get install build-essential libssl-dev

curl -sL -o


# reload your profile
source ~/.profile

# list all available versions
nvm ls-remote

nvm install 14.15.3

nvm use 14.15.3

nvm alias default 14.15.3

# verify that node installed succesfully
node -v

Install PM2

To launch a Node.js web application, we type node our_entry_file.js And it works. If we do that on the server and log out, the application will stop, and we don't want that. We need a find a way to have our application up even if we log out of the server.

PM2 solves this for us by creating a daemon process that will keep your application online 24/7. You can launch as many applications as you want, and it will manage these for you. The installation is straightforward:

npm install -g pm2

pm2 list

Connect to the server with a private key  

We connect to our server with a username and password but, it is also possible to connect with RSA private key. Let's see how to create that key and connect with:

Once connected to the server with the admin user created earlier, do these action:

  • Create a folder .ssh at the home directory: cd ~ && mkdir .ssh
  • Generate an RSA key pair: ssh-keygen -t rsa
  • Enter to the .ssh directory: cd .ssh
  • Add the public key in the authorized keys cat >> authorized_keys
  • Mark the authorized_keys file as hidden: chmod 600 authorized_keys
  • Delete the public key:  rm .ssh/
  • Open the private key file id_rsa and copy the content in the clipboard
  • Log out the server.

You are now on your computer, and the private key is in your clipboard:

  • Create a file key.txt (you can give the name you want) and paste the content of your clipboard inside
  • Make the file hidden: chmod 600 key.txt

Connect to the server with the private key:

ssh -i key.txt admin@

It's done ?

This is the end of this tutorial, and I hope you found it helpful. See you in the next tutorial. ?