Here's a straightforward, ordered checklist to turn a fresh Ubuntu VPS into a secure, production-ready server. It assumes Ubuntu 22.04 or 24.04 LTS with root SSH access.

1. Update the system

sudo apt update && sudo apt upgrade -y

2. Create a non-root user

adduser deploy
usermod -aG sudo deploy

3. Set up SSH key login and disable password auth

Copy your key to the new user, then edit /etc/ssh/sshd_config and set PasswordAuthentication no and PermitRootLogin no. Reload SSH:

sudo systemctl reload ssh

4. Configure the firewall

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable

5. Enable automatic security updates

sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades

6. Set the timezone and hostname

sudo timedatectl set-timezone Asia/Kolkata
sudo hostnamectl set-hostname my-server

7. Install your stack

Add what you need — Nginx, a database, your language runtime, Docker, or a control panel. Because you have full root access, you can install anything.

8. Add basic monitoring and backups

Install a lightweight monitor (for example Netdata) and set up a backup routine before you go live. A little preparation here saves a lot of pain later.

That's the core of a hardened Ubuntu server. On a OneHost Ubuntu VPS with NVMe SSD and KVM, each of these steps takes just a few minutes.