How to improve your VPS server
A quick guide which will show you how you can optimize your VPS in order to increase performance, and to also protect your server from unwanted entry or attacks. This how-to will include multiple functions, what they do, and how to install/configure said functions on an Ubuntu or Debian VPS.
Why optimizing your VPS is beneficial
Optimizations can consist of many different things, however, mainly it is either decreasing bloat to increase server responsiveness, or changing configurations to keep out potential intruders. In just a few simple commands, you can take your server from being slow and vulnerable, to fast, reliable, and safe.
Types of optimizations
These processes are incredibly simple, such as:
- creating an SSH key
- installing Fail2Ban
- enabling a firewall
Let’s optimize
Keep in mind, these installations are all for Ubuntu/Debian servers.
Update Your Server and Packages
First things first, update your server and those packages. This ensures that you're protected against known bugs and security vulnerabilities.
sudo apt update
sudo apt upgrade
Creating an SSH key
A reliable option for securing your VPS server’s safety. Once you have an SSH key on your server, nobody without this key can connect to it. This means solely you are able to access your server. You can also create multiple SSH keys in case you need more than yourself to be able to access this server safely.
Here’s how:
On your machine:
ssh-keygen -t ed25519
Copy this key over to your VPS:
ssh-copy-id user@your-vps-ip
(Optional) Then, on your VPS, you can disable password login :
Edit /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no
Then restart SSH:
sudo systemctl restart ssh
Install Fail2Ban
Whatever your VPS is dedicated towards doing, it will face attacks. Bots constantly scan IP addresses for VPS servers to brute force their passwords. Fail2Ban is a crucial tool that helps you with mitigating these attacks by banning malicious IPs after a set number of failed login attempts. You can set up Fail2Ban quickly.
Here's how:
Install it on your VPS:
sudo apt update and after sudo apt install fail2ban -y
Start it up and enable it:
sudo systemctl enable --now fail2ban
(Optional) Addition for making changes to Fail2Ban:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
Configuring Fail2Ban
Fail2Ban uses configuration files located in the "/etc/fail2ban" directory. The main configuration file is "jail.conf", but it is recommended to create a copy of this file and name it "jail.local" to avoid overwriting your settings during updates.
Creating the jar.local file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Editing the jar.local file:
sudo nano /etc/fail2ban/jail.local
Basic Configuration
You can set up the parameters within the jail.local file, such as:
[DEFAULT]
#Ban IP for 1 hour
bantime = 3600
#Number of retries before banning an IP
maxretry = 5
#Findtime is the duration within which the specified number of failures (maxretry) should occur to ban the IP.
findtime = 600
#Action to take
backend = auto
Enable Jail for SSH
For protecting SSH with Fail2Ban, add the following in jail.local:
[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log
maxretry = 5
Starting Fail2Ban
Start Fail2Ban and to enable it to start on boot of the machine:
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
Verifying Fail2Ban status
You can check the status of Fail2Ban for a quick check to see if it is functioning properly:
sudo systemctl status fail2ban
Monitor Fail2Ban logs
You can also check the logs of any banned IP addresses, use this:
sudo fail2ban-client status
sudo fail2ban-client status sshd
After making any changes to Fail2Ban configuration files, restart
sudo systemctl restart fail2ban
Enable and configure UFW Firewall
This one is incredibly simple, it just controls which ports are open.
Here's how:
Install & setup:
sudo apt install ufw
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status verbose
This is how you allow web traffic:
sudo ufw allow 80/tcp # for HTTP
sudo ufw allow 443/tcp # for HTTPS
Uninstall any services you won't use
This will not only decrease the amount of bloat on your server, it will also minimize the attack surface, meaning your server has less vulnerabilities.
Here's how:
List all your services:
sudo systemctl list-units --type=service
Disable any services you don't need:
sudo systemctl disable --now servicename
Install a monitoring tool
As a server admin, monitoring tools can help you with detecting any irregular behaviour with your server sooner than later. Tools like iostat, htop, and netstat help you track your server's load, disk usage, and network performance.
Here's how:
Install htop and vnstat:
sudo apt install htop vnstat -y
Example of using htop (Terminal):
htop
You can also get Netdata, however this is more advanced:
bash <(curl -Ss https://my-netdata.io/kickstart.sh)
How to optimize your MyNymBox VPS
Getting a MyNymBox VPS up and running is super quick, and once you can access your new VPS you'll be able to try all of these tools mentioned in this how-to yourself. Other than that, we wish good luck on your future endeavours using the VPS. If you are one of our customers, feel free to always use our customer support page where we always try to help out as good as we can.
We also have a big Knowledgebase where you can find other or similar useful information that you might need on your journey.
