We’re going to walk you through the essential steps to getting your new VPS ready for common hosting services. Our top 4 tips for setting up a new VPS:
- Hosting mail? Look up your IP reptuation!
- Firewalls… always firewalls
- DNS stuff: rDNS/PTR and Name Servers
- Restrict Access via ACLs (Access Control Lists / Firewall)
This one is good to do generally, but is *mostly* only important if you’ll be hosting email.
Due to limited IPv4 space, it’s inevitable that your server’s IP address has been used by another tenant previously, probably even recently. And it’s plausible that the IP reputation was damaged by a prior tenant. To check the IP reputation, we often recommend tools like dnsbl.info.
Enter your server’s IP and if any flags appear, visit that blacklist’s website to find their de-listing tool. Be sure to read the directions carefully and follow them to the letter to ensure your IP is unblocked as quickly as possible.
Configure your Firewall
Most Linux distributions, like CentOS 7+ and Ubuntu come with command line controlled firewalls. On CentOS 7 that utility is firewalld and on Ubuntu it’s ufw.
Whatever you do, do not disable that firewall! It will protect you from the numerous hacking attempts that occur throughout the Internet on a regular basis. Instead, learn how to open ports in that firewall just for the services that you need. For example, here’s the reference guides for the most common firewall types:
- How to open a port
- List all open ports:
- Reload config:
- Opening ports with UFW
- List all open ports:
ufw status numbered
You can also configure and install replacement firewall solutions. For example we recommend Plesk Control Panel and Imunify360’s security layer. Plesk’s firewall can be configured via GUI as described here, and the same goes for Imunify360 if you’ve opted to use it! (It’s best not to use Plesk’s firewall if you have Imunify360 as the latter will do the same job, but with a unified interface for all security tasks).
DNS: rDNS and Name Servers
There’s a lot to consider when it comes to DNS in general, but when it comes to the initial setup of your VPS, there’s just two key components:
Hostname and rDNS
If, for example, your VPS hostname is vps12.myserver.ws then you should go to wherever your DNS is managed and be sure to set that subdomain (vps12) to point to the VPS IP address.
Wait an hour or longer after setting your hostname to point to the VPS IP, then login to our Client Centre and choose settings beside your VPS service. Here you will see the option to set the rDNS record so that your IP ‘reverse’ points to your hostname! Where it says “Primary IP”, look for the “Edit rDNS” option, click the button, then it *should* auto fill your hostname in the provided field. Click Save. You may then need to refresh the page to see your changes.
If you’ll be hosting your own DNS management services on the VPS (like the DNS configuration options in Plesk), then you’ll need to have your own name servers registered. You can see how this works here, but the short version is that the name servers tell users of a domain where the DNS is hosted so that the DNS server can – in turn – direct those users to the right places (whether email, web, or other stuff).
And so, you’ll need to have name servers created to host DNS on the server. Here’s how to create your own branded name servers.
Restrict Access / ACLs
While our firewall suggestions above will help to ensure only ports that are open can be accessed, that does leave unrestricted access to services on those ports unless otherwise configured.
If you’re using a control panel like Plesk or cPanel, you can configure them to limit admin logins to specific IPs. Here’s how to restrict admin access with Plesk. This way admin login access cannot be exploited unless:
- The hacker also gains access to one of your IPs, or
- There’s a flaw in the ACL system in Plesk (which is why keeping your Plesk updated is also super important!)
Similarly if you’ve got a website set up on your VPS that only your office needs access to, you can configure it to only be accessible to your office’s IP range so it’s not even available for hackers to attempt attacks against. If you’re using Plesk here’s how to do that for a single website.
Got more top tips you think we missed? Hit us up below with your suggesions!