Keeping your server secure is just as important as keeping it fast and stable. At NETVPX, we recommend these best practices to harden your CloudPanel setup without needing to be a security expert.
1. Use Cloudflare Tunnel to Hide Your Server’s IP
Instead of exposing your server directly to the internet, you can use Cloudflare Tunnel. This creates a secure connection between your server and Cloudflare, so:
-
Your server’s real IP is hidden from attackers
-
Only traffic coming through Cloudflare reaches your server
Setup steps:
-
Install Cloudflare Tunnel on your VPS (cloudflared)
-
Create a tunnel for your domain
-
Route traffic through Cloudflare DNS
This gives you instant protection without needing to open ports publicly.
???? 2. Use Cloudflare Origin Certificates
Instead of using Let’s Encrypt, you can generate a Cloudflare Origin Certificate and install it on your server. This encrypts the traffic between Cloudflare and your server, even if your server isn’t publicly accessible.
Why it matters:
-
Traffic stays encrypted even behind Cloudflare
-
Certificates last up to 15 years
-
Less dependency on public certificate renewals
???? 3. Close Unnecessary Ports
CloudPanel listens on port 8443 for its admin interface. You can make your server more secure by closing all other ports not in use.
Recommended open ports:
-
443 (HTTPS for websites)
-
22 (SSH, if needed — preferably behind a firewall or jump server)
Tools: Use the integrated CloudPanel firewall to stop any traffic from getting to your server. Additionally, you can configure our firewall through the dashboard too.
???? 4. Restrict Access to the CloudPanel Admin Area
Your CloudPanel dashboard is powerful — protect it accordingly. It also happens to be one of the most common attack vectors, especially when it comes to vulnerabilities or bruteforce attacks.
Option A (preferred): Use Cloudflare Zero Trust
-
Require email-based login, identity provider login (e.g. Google), or one-time codes
-
Great for teams or remote access
-
Easy to set up in the Cloudflare dashboard
Option B: Add Basic Auth (Username & Password Prompt)
-
Add an extra password layer using basic auth. You can find this under Admin Area > Security > Basic Auth
-
Even if someone finds the admin URL, they hit a password wall first
This keeps unauthorized users out, even if the login page is visible.
???? Bonus Tips
-
Keep CloudPanel updated: Updates include important security fixes. CloudPanel will not update itself.
-
Use strong SSH keys: Avoid password-based SSH logins. Disable SSH password login.
-
Disable root login: Use a regular user with sudo instead
✅ Final Thoughts
You don’t need a big security budget to protect your server — just a few smart tools and practices. By combining Cloudflare with firewall rules and limiting access, you reduce your attack surface and keep control where it belongs: with you.
If you need help setting this up on your NETVPX server, our team is just a ticket away.