50 items•~60 min

Server Production Readiness

Step-by-step checklist for Ubuntu VPS production setup: security, Docker, Nginx, SSL, backups, monitoring.

serverproductionubuntusecuritydockernginxssl

0/50

You've rented a VPS and got SSH access. Just push the code and start Docker? No. A production server is an ecosystem of security, monitoring, backups, and optimization. This checklist walks you through every step.

Server Requirements

Make sure your VPS meets the minimum requirements.

0/5

Ubuntu 22.04 LTS installed

LTS = 5 years of support and security updates. Most guides and docs are written for Ubuntu.

RAM ≥ 4 GB

The NestJS + React + PostgreSQL + Redis stack requires at least 4 GB.

CPU ≥ 2 cores

Disk ≥ 50 GB SSD

Static IP address obtained

First Login and System Update

Connect to the server and install basic utilities.

0/3

Connect to the server via SSH

ssh root@YOUR_SERVER_IP

Update the system

apt update && apt upgrade -y

Install basic utilities

apt install -y curl wget git vim htop ufw

Firewall Setup (UFW)

Configure the firewall BEFORE enabling it — otherwise you risk locking yourself out.

0/6

Set default policy

sudo ufw default deny incoming
sudo ufw default allow outgoing

⚠️Allow SSH BEFORE enabling the firewall

If you enable UFW without this rule, you will lose access to the server.

sudo ufw allow 22/tcp comment 'SSH'

Allow HTTP and HTTPS

sudo ufw allow 80/tcp comment 'HTTP'
sudo ufw allow 443/tcp comment 'HTTPS'

Enable the firewall

sudo ufw enable

Verify status and rules

sudo ufw status numbered

⚠️Confirm DB ports are closed (5432, 6379)

Do NOT expose PostgreSQL (5432), Redis (6379), or pgAdmin (8082) to the internet. Use an SSH tunnel instead.

Secure SSH Access

Create a user, set up SSH keys, and disable root login.

0/5

Create a new user

Running as root is bad practice. Create a dedicated user.

adduser username
usermod -aG sudo username

Set up SSH keys

SSH keys are more secure than passwords. Copy your public key from your local machine.

ssh-copy-id username@YOUR_SERVER_IP

⚠️Test connection with the new user

In a NEW terminal, test: ssh username@YOUR_SERVER_IP. Do not close the current session!

Disable root login and password authentication

# /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no

Restart the SSH service

sudo systemctl restart sshd

Docker Installation

0/6

Remove old Docker versions

sudo apt remove docker docker-engine docker.io containerd runc

Install dependencies

sudo apt install -y ca-certificates curl gnupg lsb-release

Add Docker GPG key and repository

sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

Install Docker Engine and Compose

sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Add user to the docker group

sudo usermod -aG docker $USER
newgrp docker

Verify installation

docker --version
docker compose version

Nginx Installation and Configuration

0/4

Install Nginx

sudo apt install -y nginx

Check status

sudo systemctl status nginx

Create configuration directories

sudo mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/conf.d

Test configuration and restart

sudo nginx -t
sudo systemctl restart nginx

SSL Certificates (Let's Encrypt)

Before obtaining SSL certificates, make sure DNS records are configured and the domain points to your server.

0/5

⚠️DNS records configured (A record → server IP)

Let's Encrypt verifies DNS when issuing a certificate.

Install Certbot

sudo apt install -y certbot python3-certbot-nginx

Obtain certificates

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Verify auto-renewal timer

sudo systemctl status certbot.timer

Test renewal (dry run)

sudo certbot renew --dry-run

Monitoring and Logging

0/4

Install htop for monitoring

sudo apt install -y htop

Verify Nginx logs are accessible

sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log

Check Docker container logs

docker logs -f container_name

Check system logs

sudo journalctl -u nginx -f
sudo journalctl -u docker -f

Backups

0/3

Create an automated PostgreSQL backup script

#!/bin/bash
BACKUP_DIR="/backups/postgres"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR

docker exec postgres pg_dump -U your_user your_db | gzip > $BACKUP_DIR/backup_$DATE.sql.gz

# Delete backups older than 7 days
find $BACKUP_DIR -name "backup_*.sql.gz" -mtime +7 -delete

Make the script executable

sudo chmod +x /usr/local/bin/backup-db.sh

Add to cron (daily at 3:00 AM)

sudo crontab -e
# Add: 0 3 * * * /usr/local/bin/backup-db.sh

Final Check

Make sure everything is working before launching your application.

0/9

UFW is enabled and configured

sudo ufw status

SSH works with keys only

Root login is disabled

Docker is installed and running

docker --version

Nginx is installed and responding

SSL certificates obtained

Certificate auto-renewal configured

Database backups configured

Logs are accessible and being written

Detailed guide on this topic:

Read full article →