Before You Start
How to set up a VPS from scratch — no assumptions, no skipped steps. This guide covers a Linux VPS (specifically Ubuntu, because it's what most people should be running). If you're on Windows Server for something like Forex trading, the process is different and we've got separate guides for that.
You'll need three things before you begin:
- A VPS — if you don't have one yet, our plans start at $20/month with 2 vCPUs, 4 GB RAM, and 80 GB NVMe. You'll get an IP address and root password within minutes of signing up.
- A terminal application — on Mac or Linux, you already have one. On Windows, use Windows Terminal (built in) or download PuTTY.
- 15–30 minutes — that's genuinely all this takes.
Step 1: Log In via SSH
When your VPS is provisioned, you'll receive an IP address and a root password. Open your terminal and connect:
ssh root@your-server-ipIt'll ask you to accept the server's fingerprint (type yes) and then enter your password. You're now connected to your VPS. Everything you type runs on the remote server, not your local machine.
If you're seeing "Connection refused," make sure the IP address is correct and that the server has finished provisioning. Most VPS providers (including us) send a confirmation email once the server is ready — don't try to connect before that.
Step 2: Update Everything
Your VPS image might be days or weeks behind on security patches. First thing — update the package list and upgrade everything:
apt update && apt upgrade -yThis usually takes 1–3 minutes depending on how stale the image is. If it asks about keeping or replacing config files, press Enter to keep the current ones — you haven't changed anything yet, but the defaults are fine.
Set up automatic security updates so you don't have to remember to do this manually:
apt install unattended-upgrades -y
dpkg-reconfigure --priority=low unattended-upgradesSelect "Yes" when it asks whether to install security updates automatically. This handles critical patches while leaving major version changes for you to review manually.
Step 3: Create a Non-Root User
Running everything as root is like leaving your front door open because keys are inconvenient. One wrong rm -rf command, one compromised application, and your entire server is gone.
Create a regular user with sudo (admin) privileges:
adduser deploy
usermod -aG sudo deployReplace deploy with whatever username you prefer. Set a strong password when prompted. This user can still run admin commands by prefixing them with sudo, but day-to-day operations happen without root access.
Test it by switching to the new user:
su - deploy
sudo apt updateIf the update command works, your sudo access is configured correctly. Switch back to root for the remaining steps:
exitStep 4: Set Up SSH Key Authentication
Passwords get brute-forced. SSH keys don't (not in any practical sense — they're cryptographically strong). This is the single most important security step in the entire guide.
On your local machine (not the VPS), generate a key pair if you don't already have one:
ssh-keygen -t ed25519 -C "your-email@example.com"Press Enter to accept the default file location. Set a passphrase if you want an extra layer of security (recommended). This creates two files: a private key (stays on your machine, never share it) and a public key (goes on the server).
Copy the public key to your VPS:
ssh-copy-id deploy@your-server-ipNow test that key-based login works:
ssh deploy@your-server-ipIf you get in without being asked for the server password, it's working. Now disable password authentication entirely. Edit the SSH config on the server:
sudo nano /etc/ssh/sshd_configFind and change these lines:
PasswordAuthentication no
PermitRootLogin no
PubkeyAuthentication yesSave the file (Ctrl+O, Enter, Ctrl+X) and restart SSH:
sudo systemctl restart sshdImportant: before you close your current session, open a new terminal tab and test that you can still log in with your key. If something went wrong, you can fix it from the session that's still open. Locking yourself out of your own server is a rite of passage, but it's one you can skip.
Step 5: Configure the Firewall
Ubuntu comes with UFW (Uncomplicated Firewall). It's off by default. Turn it on and only allow what you actually need:
sudo ufw allow OpenSSH
sudo ufw enableType y when it warns about disrupting connections. Check the status:
sudo ufw statusYou should see OpenSSH listed as allowed. That's it for now — we'll open more ports when we install a web server.
The philosophy here is simple: block everything by default, then open ports one at a time as you need them. Not the other way around.
Step 6: Install a Web Server
If you're hosting a website or web application, you'll need a web server. Nginx is the standard choice — it's fast, lightweight, and handles static files exceptionally well.
sudo apt install nginx -y
sudo ufw allow 'Nginx Full'This installs Nginx and opens ports 80 (HTTP) and 443 (HTTPS) in the firewall. Visit your server's IP address in a browser — you should see the default Nginx welcome page.
For SSL certificates (and you need SSL — it's 2026), use Let's Encrypt with Certbot:
sudo apt install certbot python3-certbot-nginx -yYou'll run certbot once your domain is pointed at the server (next step).
Alternative: Apache
If you prefer Apache (some applications like WordPress have slightly easier Apache configs), substitute nginx with apache2 in the commands above. Both work fine. Nginx uses less memory, Apache has more built-in module support. For most modern applications, Nginx is the better choice.
Step 7: Point Your Domain
Go to your domain registrar (Cloudflare, Namecheap, whoever manages your DNS) and create an A record:
| Record Type | Name | Value | TTL |
|---|---|---|---|
| A | @ | your-server-ip | 3600 |
| A | www | your-server-ip | 3600 |
DNS propagation takes anywhere from 5 minutes to 48 hours, though most updates are live within 15 minutes. Once the domain resolves to your server, run Certbot to get your SSL certificate:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.comFollow the prompts, and Certbot will configure Nginx to serve HTTPS automatically. It also sets up auto-renewal so your certificates never expire.
Quick Checklist
Here's everything in one place. Once all of these are done, your VPS is production-ready:
| Step | Command / Action | Time |
|---|---|---|
| SSH in | ssh root@your-ip |
1 min |
| Update system | apt update && apt upgrade -y |
2 min |
| Auto-updates | apt install unattended-upgrades -y |
1 min |
| Create user | adduser deploy && usermod -aG sudo deploy |
1 min |
| SSH keys | ssh-keygen + ssh-copy-id |
3 min |
| Disable passwords | Edit /etc/ssh/sshd_config |
2 min |
| Firewall | ufw allow OpenSSH && ufw enable |
1 min |
| Web server | apt install nginx |
2 min |
| SSL | certbot --nginx |
2 min |
Total: about 15 minutes of actual work. The rest is waiting for packages to install and DNS to propagate.
What's Next
Your server is set up, secured, and ready. From here, what you do depends on your project:
- Deploying a web app — install your runtime (Node.js, Python, PHP, Ruby), set up your application, and configure Nginx as a reverse proxy
- Running a database — install MySQL/MariaDB or PostgreSQL, configure remote access carefully, and set up automated backups
- Hosting multiple sites — create Nginx server blocks (virtual hosts) for each domain, each with its own SSL certificate
- Monitoring — set up basic monitoring so you know when something breaks before your users do
If you don't have a VPS yet and this guide convinced you it's time, check our plans. Every CutVPS server comes with KVM virtualisation (the kind that gives you a real virtual machine, not a container), NVMe storage, and full root access — everything you need to follow this guide from Step 1.
Frequently Asked Questions
How long does it take to set up a VPS?
A basic VPS setup takes 15–30 minutes. That gets you a secure server with SSH keys, a firewall, and system updates. Adding a web server and deploying an application adds another 15–30 minutes depending on your stack.
Do I need to know Linux to use a VPS?
You need basic command-line comfort — navigating directories, editing files, running commands. You don't need to be a Linux expert. If you can follow instructions and copy-paste commands, you can set up a VPS. If ssh root@your-ip still feels alien, consider starting with managed hosting and graduating when you're ready.
What operating system should I choose for my VPS?
Ubuntu 22.04 LTS or 24.04 LTS for most use cases. It has the largest community, the most tutorials, and the best package support. Debian is a solid alternative if you prefer stability over bleeding-edge packages. CentOS/AlmaLinux for enterprise workloads.
Should I use root or create a separate user?
Always create a separate user with sudo privileges and disable root login over SSH. Running everything as root is convenient but dangerous — one wrong command or one compromised application can take down your entire server.
What's the first thing I should do after getting a VPS?
Update the system, create a non-root user with sudo access, set up SSH key authentication, disable password login, and configure a firewall. These five steps take about 15 minutes and cover the essentials. This guide walks through all of them.