Guides

Building Hetzner setup and optimization with Hetzner and...

This guide provides a structured approach to deploying and securing a VPS using European providers like Hetzner. Focuses on production-ready setup, automation, and scaling considerations for developers prioritizing control and compliance.

2-3 hours5 steps
1

Provision VPS with European provider

Select a provider and server plan matching your region requirements. Enable IPv6 if needed. Configure initial firewall rules to allow SSH (port 22) and HTTP/HTTPS (ports 80/443).

provision.sh
hcloud server create --name my-app --image ubuntu-22.04 --plan cpx11 --location nbg1

⚠ Common Pitfalls

  • Ignoring provider-specific network configuration requirements
  • Not enabling IPv6 support for European compliance
2

Initial server hardening

Update system packages, create a non-root user, and configure SSH to disable root login. Set up basic firewall rules using UFW.

adduser devuser
usermod -aG sudo devuser
ufw allow OpenSSH
ufw enable

⚠ Common Pitfalls

  • Leaving root account active for extended periods
  • Not restricting SSH access to specific IP ranges
3

Deploy application with automation

Use Ansible or a shell script to deploy your application. Include steps for installing dependencies, setting environment variables, and configuring systemd services.

- name: Deploy app
  hosts: all
  tasks:
    - name: Clone repository
      git:
        repo: https://github.com/example/app.git
        dest: /var/www/app

⚠ Common Pitfalls

  • Hardcoding secrets in deployment scripts
  • Not testing automation in staging environment
4

Configure SSL and reverse proxy

Set up Caddy or Nginx as reverse proxy. Use Let's Encrypt for SSL certificates. Configure HTTP-to-HTTPS redirection and HSTS headers.

example.com {
  reverse_proxy / http://localhost:3000
  tls /etc/ssl/certs/caddy.pem /etc/ssl/private/caddy.key
}

⚠ Common Pitfalls

  • Incorrect DNS configuration for certificate validation
  • Forgetting to renew certificates before expiration
5

Implement monitoring and logging

Install Prometheus and Grafana for metrics. Configure syslog forwarding to centralized logging. Set up alerts for disk usage and service status.

sudo apt install prometheus grafana
sudo systemctl enable prometheus

⚠ Common Pitfalls

  • Not configuring log rotation for systemd journals
  • Ignoring disk space alerts during high traffic

What you built

This setup provides a secure, automated VPS foundation. Verify all services through live traffic tests, ensure disaster recovery plans include server snapshots, and monitor resource usage to inform scaling decisions.