Categories

General
2
VPS Documentation
6

  Categories

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

Securing Your Linux VPS: Best Practices You Shouldn’t Skip Print

  • 1

Securing Your Linux VPS: Best Practices You Shouldn’t Skip

Whether you're hosting a website, app, or control panel, your VPS is always a potential target. The good news? You don’t need to be a Linux wizard to lock things down. Here are some clear, effective steps to help protect your Linux VPS — without the fluff.

1. Hide Your Real IP with Cloudflare Tunnel

Instead of exposing your server directly to the internet, use Cloudflare Tunnel. It securely connects your VPS to Cloudflare’s edge — no open ports required.

  • Your VPS IP stays hidden
  • DDoS and bot traffic are filtered at Cloudflare
  • No need to open ports to the world
sudo apt install cloudflared
cloudflared tunnel login
cloudflared tunnel create my-vps
cloudflared tunnel route dns mydomain.com my-vps

2. Secure Traffic with Cloudflare Origin Certificates

To keep traffic between Cloudflare and your VPS encrypted, install an Origin Certificate on your server.

  • Strong encryption even behind Cloudflare
  • No need to rely on Let's Encrypt
  • Certificates last up to 15 years

Create the cert in Cloudflare and install it on your web server (e.g., Nginx or Apache).

3. Close Unused Ports

Don’t leave your server wide open. Close everything except the ports you actually use.

Typical safe setup:

  • Port 443 (HTTPS) → open
  • Port 22 (SSH) → allow only your IP or use a firewall/VPN
  • All other ports → closed
sudo ufw allow 443
sudo ufw allow from YOUR_IP to any port 22
sudo ufw enable

4. Add a Second Wall with Basic Auth or Zero Trust

If you run any web app (like an admin panel or dashboard), add a second layer of protection.

Option A: Basic Auth

Prompt users for a username/password before even reaching the login page:

sudo apt install apache2-utils
htpasswd -c /etc/nginx/.htpasswd adminuser

Option B: Cloudflare Zero Trust

Only allow access to certain emails or IPs via Cloudflare Access — great for teams or sensitive areas.

5. Keep It Clean and Updated

  • ✅ Run system updates regularly (apt update && apt upgrade)
  • ✅ Remove unused software
  • ✅ Check who has SSH access
  • ✅ Use fail2ban to block brute-force login attempts

✅ TL;DR: Your VPS Security Checklist

  • [ ] Use Cloudflare Tunnel
  • [ ] Install Origin SSL cert
  • [ ] Close unused ports with ufw
  • [ ] Add Basic Auth or Cloudflare Access to any admin areas
  • [ ] Keep your system updated

Want us to secure your VPS for you? Reach out — we’re happy to help.

Was this answer helpful?

Related Articles

How to install CloudPanel For the official CloudPanel guide, please navigate to this page. What is CloudPanel? CloudPanel... Can I downgrade my VPS? We provide an option to upgrade but not downgrade virtual servers. This is because we can only... What Hardware Powers Our VPS Plans? At NETVPX, we believe transparency matters. That’s why we’re giving you a clear breakdown of the... Enhancing Security: Best Practices for Your CloudPanel VPS Keeping your server secure is just as important as keeping it fast and stable. At NETVPX, we... Windows Disk Resize Guide Warning: These steps involve deleting and recreating partitions. If misused, you risk losing...
« Back

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket