Debian 11 VPS Setup + SSH + No Root Login + UFW + Nginx

1. ssh root@[ip]

2. apt update
   apt dist-upgrade
   apt install sudo
   ln -sf /usr/share/zoneinfo/[time zone identifier] /etc/localtime

3. adduser [user]
   usermod -aG sudo [user]
   mkdir /home/[user]/.ssh
   exit

4. ssh-copy-id -i ~/.ssh/[id].pub root@[ip]
   cp ~/.ssh/authorized_keys /home/[user]/.ssh/authorized_keys
   chmod 700 /home/[user]/.ssh
   chown [user] /home/[user]/.ssh
   chmod 604 /home/[user]/.ssh/authorized_keys
   chown [user] /home/[user]/.ssh/authorized_keys

5. nano /etc/ssh/sshd_config

6. # add or modify
   Port [port]
   PermitRootLogin no
   PasswordAuthentication no

7. systemctl restart ssh.service
   apt update
   apt upgrade
   reboot

8. ssh user@[ip] -p [port]

9. apt install ufw
   ufw default deny incoming
   ufw allow [port]/tcp
   ufw allow "Nginx Full"
   ufw enable

10. apt install nginx certbot python3-certbot-nginx

11. cp /etc/nginx/sites-available/default /etc/nginx/sites-available/sitename.com

12. nano /etc/nginx/sites-available/sitename.com

13. # add or modify
    server {
        listen 80;
        listen [::]:80;
    
        root /var/www/sitename.com;
        index index.html index.htm index.nginx-debian.html;
    
        server_name sitename.com;
    
        location / {
            try_files $uri $uri/ =404;
        }
    }

14. ln -s /etc/nginx/sites-available/sitename.com /etc/nginx/sites-enabled/
    mkdir /var/www/sitename.com
    touch /var/www/sitename.com/index.html
    systemctl reload nginx

15. Set up DNS A record at your domain registrar pointing to your VPS IP.

16. certbot --nginx
    systemctl enable --now certbot.timer

April 2023