Configure New VPS (Ubuntu 24.04)

configure-new-vps.md

Configure VPS — Ubuntu Server 24.04 LTS (Noble Numbat) 64-bit

The following is a structured, production-oriented setup guide for a fresh Ubuntu 24.04 VPS, including Node.js, MongoDB, and Redis installation.

---

1. Update the System

Synchronize package lists and upgrade installed packages:

sudo apt update
sudo apt upgrade -y
sudo apt autoremove -y

Reboot if the kernel was upgraded:

sudo reboot

---

2. Secure the Server (Firewall Configuration)

Ubuntu uses UFW (Uncomplicated Firewall).

Enable UFW and allow SSH:

sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status

If you later deploy a web server:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

---

3. Create a Non-Root User

Avoid operating as root.

sudo adduser yourusername
sudo usermod -aG sudo yourusername

Switch to the new user:

su - yourusername

---

4. Configure SSH for Security

Edit SSH configuration:

sudo nano /etc/ssh/sshd_config

Modify:

PermitRootLogin no
PasswordAuthentication no

(Optional) Change default SSH port:

Port 2222

Restart SSH:

sudo systemctl restart ssh

If you changed the port:

sudo ufw allow 2222/tcp

---

5. Configure SSH Key Authentication

On your local machine:

ssh-keygen
ssh-copy-id yourusername@your_server_ip

Test login before closing your current session.

---

6. Install Essential Server Utilities

sudo apt install -y fail2ban unattended-upgrades htop curl git build-essential

Enable automatic security updates:

sudo dpkg-reconfigure --priority=low unattended-upgrades

---

Application Stack Setup

Now install Node.js, MongoDB, and Redis properly using official repositories.

---

7. Install Node.js (LTS)

Ubuntu repositories are often outdated. Use NodeSource.

Add NodeSource Repository (LTS)

curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -
sudo apt install -y nodejs

Verify installation:

node -v
npm -v

Optional: Install PM2 (process manager for production apps)

sudo npm install -g pm2
pm2 startup

---

8. Install MongoDB (Community Edition)

Ubuntu 24.04 requires MongoDB 7.x+.

Import MongoDB Public Key

curl -fsSL https://pgp.mongodb.com/server-7.0.asc | \
sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg \
--dearmor

Add MongoDB Repository

echo "deb [ arch=amd64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] \
https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/7.0 multiverse" | \
sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list

Install MongoDB

sudo apt update
sudo apt install -y mongodb-org

Start and Enable MongoDB

sudo systemctl start mongod
sudo systemctl enable mongod
sudo systemctl status mongod

Verify:

mongosh

---

Secure MongoDB (Recommended for Production)

Edit MongoDB config:

sudo nano /etc/mongod.conf

Ensure binding only to localhost:

bindIp: 127.0.0.1

Restart:

sudo systemctl restart mongod

If exposing publicly, configure authentication first (never expose without auth).

---

9. Install Redis

Ubuntu 24.04 includes Redis 7+ in default repo.

sudo apt install -y redis-server

Enable and start:

sudo systemctl enable redis-server
sudo systemctl start redis-server

Test:

redis-cli ping

Expected output:

PONG

---

Secure Redis (Important)

Edit configuration:

sudo nano /etc/redis/redis.conf

Ensure:

bind 127.0.0.1
protected-mode yes

Restart Redis:

sudo systemctl restart redis-server

---

10. Recommended Production Enhancements

Install Nginx (Reverse Proxy)

sudo apt install -y nginx
sudo systemctl enable nginx

Install Certbot (SSL)

sudo apt install -y certbot python3-certbot-nginx

Basic Monitoring

sudo apt install -y net-tools

setup-vps.sh

#!/bin/bash

# ======================================
# Ubuntu 24.04 VPS Interactive Setup
# Updated for MongoDB 8.0 (Official Noble Support)
# ======================================

set -e

# ---------- Helpers ----------

ask_yes_no() {
  while true; do
    read -p "$1 (y/n): " yn
    case $yn in
        [Yy]* ) return 0;;
        [Nn]* ) return 1;;
        * ) echo "Please answer yes or no.";;
    esac
  done
}

section() {
  echo ""
  echo "====================================="
  echo "$1"
  echo "====================================="
  echo ""
}

# Ensure running as root
if [[ $EUID -ne 0 ]]; then
   echo "Please run as root (sudo)."
   exit 1
fi

# ======================================
section "1. System Update"
if ask_yes_no "Update and upgrade system packages?"; then
  apt update
  apt upgrade -y
  apt autoremove -y
fi

# ======================================
section "2. Firewall Setup (UFW)"
if ask_yes_no "Configure UFW firewall?"; then
  apt install -y ufw
  ufw allow OpenSSH
  ufw --force enable
  ufw status
fi

# ======================================
section "3. Create Non-Root User"
if ask_yes_no "Create a new sudo user?"; then
  read -p "Enter new username: " NEWUSER
  adduser $NEWUSER
  usermod -aG sudo $NEWUSER
  echo "User $NEWUSER created and added to sudo group."
fi

# ======================================
section "4. SSH Hardening"
if ask_yes_no "Harden SSH configuration?"; then
  read -p "Change SSH port? (leave blank to keep default 22): " SSHPORT
  
  SSHCONF="/etc/ssh/sshd_config"

  sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' $SSHCONF
  sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' $SSHCONF

  if [ ! -z "$SSHPORT" ]; then
    sed -i "s/^#*Port.*/Port $SSHPORT/" $SSHCONF
    ufw allow $SSHPORT/tcp
  fi

  systemctl restart ssh
  echo "SSH hardened."
fi

# ======================================
section "5. Essential Utilities"
if ask_yes_no "Install essential utilities (fail2ban, git, curl, htop)?"; then
  apt install -y fail2ban unattended-upgrades htop curl git build-essential
  dpkg-reconfigure --priority=low unattended-upgrades
fi

# ======================================
section "6. Install Node.js (LTS)"
if ask_yes_no "Install Node.js LTS?"; then
  curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
  apt install -y nodejs
  node -v
  npm -v

  if ask_yes_no "Install PM2 (process manager)?"; then
    npm install -g pm2
    pm2 startup
  fi
fi

# ======================================
section "7. Install MongoDB 8.0 (Official for Noble)"
if ask_yes_no "Install MongoDB 8.0 (recommended for Ubuntu 24.04)?"; then
  
  # Remove any previous MongoDB repo to avoid conflicts
  rm -f /etc/apt/sources.list.d/mongodb-org-*.list

  curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc \
    | gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmor

  echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] \
  https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" \
    | tee /etc/apt/sources.list.d/mongodb-org-8.0.list

  apt update
  apt install -y mongodb-org

  systemctl enable mongod
  systemctl start mongod

  echo "MongoDB 8.0 installed successfully."
  systemctl status mongod --no-pager

  if ask_yes_no "Restrict MongoDB to localhost only? (recommended)"; then
    sed -i 's/^  bindIp: .*/  bindIp: 127.0.0.1/' /etc/mongod.conf
    systemctl restart mongod
  fi
fi

# ======================================
section "8. Install Redis"
if ask_yes_no "Install Redis?"; then
  apt install -y redis-server
  systemctl enable redis-server
  systemctl start redis-server

  if ask_yes_no "Restrict Redis to localhost only? (recommended)"; then
    sed -i 's/^bind .*/bind 127.0.0.1/' /etc/redis/redis.conf
    sed -i 's/^protected-mode .*/protected-mode yes/' /etc/redis/redis.conf
    systemctl restart redis-server
  fi
fi

# ======================================
section "9. Install Nginx"
if ask_yes_no "Install Nginx (reverse proxy)?"; then
  apt install -y nginx
  systemctl enable nginx
  systemctl start nginx
  ufw allow 80
  ufw allow 443
fi

# ======================================
section "10. Install SSL (Certbot)"
if ask_yes_no "Install Certbot for SSL?"; then
  apt install -y certbot python3-certbot-nginx
  echo ""
  echo "To generate SSL certificate:"
  echo "sudo certbot --nginx"
fi

# ======================================
section "Setup Complete"
echo "Your VPS setup process is finished."

if ask_yes_no "Reboot now?"; then
  reboot
fi