I'm looking to migrate several small static sites, mostly landing pages, from Vultr's 2GB LEMP stack (with one site per server) to a more efficient 1GB Ubuntu 24.04 server using my own LEMP stack. My setup will include NGINX and PHP, but I've removed MySQL/MariaDB and ClamAV since there's no database involved. I'm also using Redis.
For security measures, I've implemented SSH key-only authentication, removed the root user, created a new user with sudo privileges, changed SSH to a random port, set up a UFW firewall to only allow traffic on ports 80, 443, and my chosen SSH port, configured Fail2ban, and enabled automatic security updates. Plus, my servers will be behind Cloudflare.
I have a few questions:
1. What additional security measures can I take to further harden my server?
2. I'm trying to free up resources and currently, I'm using about 350MB. Is it okay to disable audio, wireless, or Bluetooth? Will that affect Vultr's infrastructure in any way?
3. Since I also use other providers besides Vultr, what tools would you recommend for better server management?
4 Answers
Since your sites are static and you plan to use Cloudflare, have you thought about using Cloudflare R2 to host your content directly? It's often cheaper than maintaining a VPS for each site, and it could save you some money!
I hadn’t considered it, but I do rely on PHP a lot for my landing pages. I'll definitely check out R2 for additional options!
Make sure you install any available microcode and BIOS updates. These can help improve performance and security. Since 24.04 is the current LTS release, you might also want to think about using a newer kernel if it's available. I usually prefer Debian or Devuan for servers, but Ubuntu is solid for desktops. Also, setting up remote logging to a SEIM or dedicated log server can really aid in security.
I’ll make sure to include those updates if I can. I’ve honestly never thought about using Devuan—what's your preference for running without systemd? Also, after considering those updates and a possible distro switch, how does my server setup sound in terms of security? Is there a service to test my server's hardening?
I've been happy using Devuan because of its simplicity, but it really depends on what you're comfortable with!
I actually use Netlify for my landing pages. It works great for low-traffic sites and the free tier is usually enough!
Great point! R2 with CF CDN could really cut costs. Thanks for the suggestion!