When you first create a server from any provider like Linode, DigitalOcean, etc., you will have to secure it by executing several commands. This post will explain what those commands are and why you need to run all those commands to start using your server securely.
I will break down the procedure we will perform into 5 simple steps:
<ol>
<li>Creating a VPS</li>
<li>Initial Login&nbsp;</li>
<li>Creating a non-root user</li>
<li>Firewall setup</li>
</ol>
Let's get started
&lt;|AD|&gt;
<h4>Creating a VPS</h4>
For creating a VPS, I will choose DigitalOcean. I have been DigitalOcean for quite a while now, and it never disappointed me. There are other service providers like Linode, Vultr, etc.
Once you create an account on DigitalOcean and log in, DigitalOcean will present you with this screen. Click on create and then on droplets:
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step_0.png" alt="" width="822" height="451" />
DigitalOcean will present you with the following screen, where you can choose the droplet, Operating system, and plan size. I will choose the options as marked in red below:
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step_1.png" alt="" width="821" height="451" />
Choose a region. Ideally, this has to be the region closest to your users. This is the physical location where the server will be located:
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step_2.png" alt="" width="818" height="449" />
&lt;|AD|&gt;
Finally, choose a password and click create droplet:
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step_3.png" alt="" width="626" height="458" />
You will see processing like this
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step_4.PNG" alt="" width="842" height="522" />
and finally, we will get a public IP address
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step_5.PNG" alt="" width="779" height="155" />
We will use this public IP address to login into our server
&lt;|AD|&gt;
<h4>Initial Login</h4>
The very first step to start using a server is to log in to it. A web server is just like a computer on the web. We cannot connect a physical keyboard and mouse to it. So how do we use it?&nbsp; We will use an SSH Client to get access to the server's terminal (this remote computer), and once we have access to the terminal, we can start executing commands on this server.&nbsp;
To log in to our server, we need to know its public IP address, just like you need to know the address of a place before visiting it.&nbsp;
Execute the following command on the PowerShell or terminal
<pre class="language-csharp"><code>ssh root@your_server_ip</code></pre>
I will type this:
<pre class="language-cpp"><code>ssh root@165.232.177.116</code></pre>
Enter the password provided by your service provider. We have created a password in DigitalOcean, which we will enter here. Once you enter the password when prompted, you will be logged in as root.
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step6.PNG" alt="" width="563" height="333" />
The root user is a user having the highest privileges on the server. This means that a root user can do anything and everything on the server. This is why it is strongly discouraged to use a root account as it might accidentally delete files/uninstall programs/install programs etc. Hence we will create a user who will have restricted permissions on the server for day-to-day use.
&lt;|AD|&gt;
<h4>Creating a non-root user</h4>
We will now create a non-root user account that will have restricted access to the machine. This is ideal if you want to have people working for you on the server without doing everything on the server.
Execute the following command:
<pre class="language-c"><code>adduser harry</code></pre>
You will be asked to enter some information and a password. Choose a strong password to avoid getting hacked!
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step7.PNG" alt="" width="585" height="346" />
We have successfully created an account with basic access. We want this user to be able to elevate to root access when required. This will be useful when you want to use your server and sometimes do something which requires root access.
This will save you the time to log out and log back in as the root user.
Execute the following command on the server:
<pre class="language-markup"><code>usermod -aG sudo harry
</code></pre>
&lt;|AD|&gt;
<h4>Firewall setup</h4>
Our server is public, and we want to protect it from external unwanted connections. We want only selected services exposed to the public on our server.
We will set up the UFW firewall on our Ubuntu 20.04 server and allow OpenSSH, which allows us to connect to our server. Execute the following command to allow OpenSSH:
<pre class="language-cpp"><code>ufw allow OpenSSH</code></pre>
Enable the firewall by executing the following command:
<pre class="language-cpp"><code>ufw enable
</code></pre>
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step8.PNG" alt="" width="577" height="341" />
The firewall will now block all the connections except SSH
You have successfully created a new user. Try to log in through this user in a new terminal tab and verify everything works before logging out from the current session.
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step9.png" alt="" width="577" height="403" />
&lt;|AD|&gt;
You can type the following command to elevate to the root access as and when required.
<pre class="language-markup"><code>sudo su</code></pre>
To go back to the existing user, execute the following command:
<pre class="language-markup"><code>exit</code></pre>
<img src="https://api.codewithharry.com/media/blogFiles/setup-ubuntu-20-04-server/step10.PNG" alt="" width="573" height="339" />
I hope this guide was helpful. Happy Coding!

Setting Up an Ubuntu 20.04 server for deployment

Comments ()