A Beginner's Guide to Your First Hour on a Linux VPS

Congratulations on your new Virtual Private Server (VPS)! This is your own private space on the internet, a blank canvas ready for your projects. That freedom can also be a bit intimidating. What should you do first?

This guide is designed for the absolute beginner. We will walk through the first essential steps to secure your server, get it ready for projects, and host your first website securely with Nginx and a free SSL certificate.

Your hosting provider will give you an IP address (e.g., 123.45.67.89) and a password for the root user. The root user is the super-administrator with unlimited power. It’s powerful, but also risky to use for everyday tasks.

Step 1: Connect to the Server

Open a terminal on your computer and connect to your server using the ssh command.

ssh root@YOUR_SERVER_IP

Step 2: Change the Root Password

If your provider gave you a temporary password, your first action should be to change it to something strong and unique.

passwd

2. Create Your Own User Account

This is the single most important security step. We will create a standard user account and give it administrative privileges using the sudo command.

Step 1: Create the New User

Replace devuser with a username you like.

adduser devuser

Step 2: Grant Administrative Privileges

Add your new user to the sudo group, which allows it to run commands as the administrator.

usermod -aG sudo devuser

Step 3: Log in as Your New User

Log out of the root account (exit) and log back in with your new credentials.

ssh devuser@YOUR_SERVER_IP

From now on, you should always log in with this user.

3. Update System and Install Essential Tools

Now that you are logged in as your new sudo user, the first actions are to update the server and install some essential tools.

Step 1: Update the System

This command downloads the latest list of available software (update) and then installs those updates (upgrade).

sudo apt update && sudo apt upgrade -y

Step 2: Install Basic Tools

Next, install a few common and useful tools.

sudo apt install curl git vim htop unzip nginx -y

We include Nginx here as it is a lightweight, high-performance web server we will configure later.

4. Set Your Timezone

Correct server time is important for logs and many applications. Find your timezone from the list and set it.

# Find your timezone (press 'q' to quit the list)
timedatectl list-timezones

# Set your timezone (replace with your own)
sudo timedatectl set-timezone Asia/Kolkata

5. Basic Firewall Setup

A firewall is a digital security guard. We will use ufw (Uncomplicated Firewall) to block unwanted traffic.

Step 1: Allow Essential Traffic

This is critical: You must allow SSH traffic, otherwise the firewall will lock you out. We will also allow Nginx traffic.

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'

‘Nginx Full’ allows traffic on both HTTP (port 80) and HTTPS (port 443).

Step 2: Enable the Firewall

Now, turn the firewall on.

sudo ufw enable

6. Host a Website with Nginx

Now we will configure Nginx to serve a website for a domain you own.

Step 0: Point Your Domain to the Server (DNS)

Before Nginx can work, you have to tell the internet that your domain should point to your server’s IP address. You do this at your domain registrar (the company where you bought your domain, like GoDaddy, Namecheap, Google Domains, etc.).

Log in to your domain registrar’s website.
Find the DNS management page for your domain.
You need to create two ‘A’ records:
- Record 1 (Root Domain):
  - Type: A
  - Host/Name: @ (this symbol represents the root domain itself)
  - Value/Points to: Your server’s IP address (e.g., 123.45.67.89)
  - TTL (Time to Live): Leave as default (often 1 hour).
- Record 2 (www subdomain):
  - Type: A
  - Host/Name: www
  - Value/Points to: Your server’s IP address (the same one)
  - TTL: Leave as default.

DNS changes can take anywhere from a few minutes to a few hours to update across the internet.

Step 1: Create a Directory for Your Site

We’ll store our website’s files in the /var/www directory.

# Create a directory for your domain
sudo mkdir -p /var/www/your-domain.com/html

# Assign ownership to your user
sudo chown -R $USER:$USER /var/www/your-domain.com/html

Step 2: Create a Sample Page

Let’s create a simple index.html file for testing.

echo "<h1>Hello from my Nginx Site!</h1>" | sudo tee /var/www/your-domain.com/html/index.html

Step 3: Create an Nginx Server Block

Nginx uses “server block” files to know how to handle incoming domains. We’ll create one for our domain.

sudo nano /etc/nginx/sites-available/your-domain.com

Paste the following configuration into the file:

server {
    listen 80;
    listen [::]:80;

    root /var/www/your-domain.com/html;
    index index.html;

    server_name your-domain.com www.your-domain.com;

    location / {
        try_files $uri $uri/ =404;
    }
}

Step 4: Enable the Server Block

We enable the site by creating a symbolic link from this file into the sites-enabled directory.

sudo ln -s /etc/nginx/sites-available/your-domain.com /etc/nginx/sites-enabled/

Now, test your Nginx configuration for errors and restart it.

sudo nginx -t
sudo systemctl restart nginx

Once your DNS has updated, if you visit http://your-domain.com in a browser, you should see your “Hello World” message.

7. Secure Your Site with SSL (HTTPS)

To secure your site, we’ll get a free SSL certificate from Let’s Encrypt using a tool called Certbot.

Step 1: Install Certbot

Certbot has a dedicated Nginx plugin that makes the process simple.

sudo apt install certbot python3-certbot-nginx -y

Step 2: Obtain the SSL Certificate

Run Certbot. It will read your Nginx configuration, see the domain you just set up, and guide you through obtaining the certificate.

sudo certbot --nginx

Certbot will ask for your email, for you to agree to the terms of service, and if you want to redirect all HTTP traffic to HTTPS. It is highly recommended to choose the redirect option.

Step 3: Verify Auto-Renewal

Let’s Encrypt certificates are valid for 90 days. Certbot automatically sets up a task to renew them for you. You can test the renewal process with a dry run.

sudo certbot renew --dry-run

If this runs without errors, you are all set. Your site is now secure and accessible via https://your-domain.com.

To add a subdomain (e.g., blog.your-domain.com), you simply repeat the process: create a new directory in /var/www, create a new server block file in sites-available, enable it, and then run sudo certbot --nginx again.

8. Quick Tips and Best Practices

Use SSH Keys: Passwords can be cracked. SSH keys are a much more secure way to log in. This is a highly recommended next security step.
Keep Your System Updated: Get in the habit of running sudo apt update && sudo apt upgrade -y at least once a week.
Be Careful with Commands: Don’t run scripts or commands from the internet without understanding what they do.
Use Strong Passwords: The password for your sudo user should be strong and unique.

1. Your First Login: The Root User#

Step 1: Connect to the Server#

Step 2: Change the Root Password#

2. Create Your Own User Account#

Step 1: Create the New User#

Step 2: Grant Administrative Privileges#

Step 3: Log in as Your New User#

3. Update System and Install Essential Tools#

Step 1: Update the System#

Step 2: Install Basic Tools#

4. Set Your Timezone#

5. Basic Firewall Setup#

Step 1: Allow Essential Traffic#

Step 2: Enable the Firewall#

6. Host a Website with Nginx#

Step 0: Point Your Domain to the Server (DNS)#

Step 1: Create a Directory for Your Site#

Step 2: Create a Sample Page#

Step 3: Create an Nginx Server Block#

Step 4: Enable the Server Block#

7. Secure Your Site with SSL (HTTPS)#

Step 1: Install Certbot#

Step 2: Obtain the SSL Certificate#

Step 3: Verify Auto-Renewal#

8. Quick Tips and Best Practices#

1. Your First Login: The Root User