Nekode
Introduction

Configuration (SSH, FW, Node, Nginx)

Basic initial configuration for your VPS

Rifki ahmad fahrezi

Rifki ahmad fahrezi

After purchasing we have to do initial configuration such as installing firewall, nodejs, nginx and so on.

Remote access configuration via SSH

  1. Prepare a terminal, you can also use git bash or powershell on Windows
  2. Login as the root user by entering the command
ssh root@your_ip
# e.g ssh root@123.123
  1. Update the Linux package
apt update && apt upgrade
  1. Create a new user to separate the root user (you could say admin) and other users
# add new user
adduser username
# e.g adduser nekode
  1. Add the newly created user to the sudo group, then log out of the server
usermod -aG sudo username
# e.g usermod -aG sudo nekode
logout
  1. Log back in with the newly created user
ssh username@your_ip
# e.g ssh nekode@123.123
  1. Check if the user is already in the sudo group, if the command below does not display an error then the user is already in the sudo group
sudo -v
  1. Create a folder for the SSH key, after running the command make sure the folder is successfully created by running the command ls -a
mkdir ~/.s sh && chmod 700 ~/.ssh
  1. Log out of the server to create an SSH key on our computer (if it already exists, you can skip it)
logout
# Generate SSH key
ssh-keygen -t ed25519 -C "your_email@example.com"
  1. Send the SSH key to the server
  • Windows
scp $env:USERPROFILE/.ssh/id_ed25519.pub <username>@<your-server-ip>:~/.ssh/authorized_keys
  • Mac:
scp ~/.ssh/id_ed25519.pub <username>@<your-server-ip>:~/.ssh/authorized_keys
  • Linux:
ssh-copy-id <username>@<your-server-ip>
  1. Log in to the server again as the newly created user
ssh username@your_ip
# e.g ssh nekode@123.123
  1. Turn off logging into the root user via SSH, so that the user root can only be accessed in the hostinger panel terminal browser, how to open the SSH config file
sudo nano /etc/ssh/sshd_config

then search down by clicking the arrow on the keyboard until you see the PermitRootLogin yes config, then change it to PermitRootLogin no.

If you have clicked ctrl + x then press y to save the changed config

  1. Restart SSH
sudo systemctl restart ssh
# if error try sshd
  1. Done!, to make sure you can access the server via SSH and have turned off the root user login access via SSH you can log out and log back in as the root user and as the newly created user.
ssh root@your_ip
# login as root user
ssh username@your_ip
# login as new user

If the root user login fails even though the password is correct, while the login as the newly created user is successful, then we have successfully configured SSH access.

Security configuration (firewall)

A firewall is useful for securing our server from unwanted attacks. Here is how to install a firewall:

  1. Install firewall
sudo apt install ufw
  1. Whitelist port, the purpose is to give access to certain ports so that they can access the server
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
  1. Enable firewall
sudo ufw enable
  1. Check firewall status
sudo ufw firewall
  1. Add new rules to the firewall to block pings to the server
  2. Open firewall rules
sudo nano /etc/ufw/before.rules
  1. Find the INPUT block below and add these rules
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
  1. Reboot the server, wait a few moments and then try logging in again
sudo reboot

Nginx configuration

  1. install Nginx
sudo apt install nginx
  1. Create an Nginx configuration file, then enter the following text
sudo nano /etc/nginx/sites-available/nextjs.conf
server {
listen 80;
server_name your_server_ip;

location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection 'upgrade';
 proxy_set_header Host $host;
 proxy_cache_bypass $http_upgrade;

 # Disable buffering to allow streaming responses
 proxy_buffering off;
 proxy_set_header X-Accel-Buffering no;
 }
}

Change the your_server_ip with your server IP, If you have to save the changes, click ctrl + x then y to save the changes

  1. Activate the Nginx configuration file that we just created
sudo ln -s /etc/nginx/sites-available/nextjs.conf /etc/nginx/sites-enabled/
  1. Delete the default configuration so that there is no conflict
sudo rm /etc/nginx/sites-enabled/default

To check whether the config file is correct, you can run this command

sudo nginx -t
  1. Restart Nginx
sudo service nginx restart

Configure the required packages (Nodejs or Bun)

Now we will install the required packages so that we can run the application on the server

Nodejs Installation

curl -fsSL https://deb.nodesource.com/setup_22.x -o nodesource_setup.sh
sudo -E bash nodesource_setup.sh
sudo apt-get install nodejs -y

Check if the installation was successful by running node -v and npm -v , if you want to use PNPM you can install it by following how to install pnpm here

Bun Installation

In addition to Nodejs you can also use Bun,

Previous

Github action

On this page