VPS Setup Checklist for a New Cloud Server

When I receive a fresh VPS or cloud server, I do not deploy the app first. I run a day-0 Ubuntu setup checklist for SSH key access, a sudo user, shell ergonomics, and the runtime services I usually need for websites, APIs, Node/Nuxt apps, and small AI tools.

1) Create a non-root user

I standardize all hosts with a work account and avoid daily operations under root.

useradd -m -s /bin/bash work

A dedicated operator account helps audits, shell history review, and permissions management later.

2) Grant sudo safely

visudo

Add this line:

%work   ALL=(ALL) NOPASSWD: ALL

Always use visudo. A broken /etc/sudoers file can lock you out of sudo.

3) Configure SSH key login

mkdir -p /home/work/.ssh
vim /home/work/.ssh/authorized_keys
chown -R work:work /home/work/.ssh
chmod 700 /home/work/.ssh
chmod 600 /home/work/.ssh/authorized_keys

Only upload your public key (id_rsa.pub). Keep the private key on your local machine.

SSH daemon checks ownership and permissions strictly. Wrong modes are a common reason key auth fails.

4) Baseline terminal ergonomics

I always set prefix-aware history search in ~/.inputrc:

set match-hidden-files off

"\ep": history-search-backward
"\e[A": history-search-backward
"\e[B": history-search-forward

bind -f ~/.inputrc

Then in ~/.bashrc I at least keep command timestamps and dedupe:

export HISTCONTROL=ignoredups
export HISTTIMEFORMAT='%F %T '

5) Install core packages

sudo apt update && sudo apt upgrade -y
sudo apt install -y build-essential
sudo apt install -y libpcre3-dev libssl-dev zlib1g-dev libxslt1-dev
sudo apt install -y git curl wget jq htop tree unzip net-tools lsof rsync silversearcher-ag ctags

This gives you a practical base for source builds, diagnostics, and incident response.

6) Install Go runtime

Check the latest stable package at go.dev/dl, then install it in a fixed path:

sudo mkdir -p /work/service /work/go
wget https://go.dev/dl/go1.22.4.linux-amd64.tar.gz
sudo tar -C /work/service -xzf go1.22.4.linux-amd64.tar.gz
sudo chown -R work:work /work/go
rm go1.22.4.linux-amd64.tar.gz

export GOPROXY=https://goproxy.io
export PATH=$PATH:/work/service/go/bin
export GOPATH=/work/go
export GOBIN=$GOPATH/bin
export PATH=$PATH:$GOBIN

7) Install Node.js and Yarn

Use the current Active LTS (even-numbered major):

curl -fsSL https://deb.nodesource.com/setup_24.x | sudo -E bash -
sudo apt-get install -y nodejs
node -v && npm -v
npm install -g yarn

8) Install Nginx from official repo

I avoid stale distro defaults and use nginx.org stable packages:

sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key \
  | gpg --dearmor \
  | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg > /dev/null

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
  https://nginx.org/packages/ubuntu $(lsb_release -cs) nginx" \
  | sudo tee /etc/apt/sources.list.d/nginx.list

sudo apt update
sudo apt install -y nginx
sudo systemctl enable nginx && sudo systemctl start nginx

9) Install MySQL and Redis

sudo apt install -y mysql-server redis-server
redis-cli ping

For MySQL, rotate root auth mode and set a strong password immediately after first login.

10) Helpful tools while validating the setup

When documenting and validating server outputs, I often use:

Password Generator, Base64, Timestamp Converter, JSON Formatter.

Chinese full version: 中文完整版

Frequently asked questions