Here's a straightforward, ordered checklist to turn a fresh Ubuntu VPS into a secure, production-ready server. It assumes Ubuntu 22.04 or 24.04 LTS with root SSH access.
1. Update the system
sudo apt update && sudo apt upgrade -y
2. Create a non-root user
adduser deploy
usermod -aG sudo deploy
3. Set up SSH key login and disable password auth
Copy your key to the new user, then edit /etc/ssh/sshd_config and set PasswordAuthentication no and PermitRootLogin no. Reload SSH:
sudo systemctl reload ssh
4. Configure the firewall
sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable
5. Enable automatic security updates
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades
6. Set the timezone and hostname
sudo timedatectl set-timezone Asia/Kolkata
sudo hostnamectl set-hostname my-server
7. Install your stack
Add what you need — Nginx, a database, your language runtime, Docker, or a control panel. Because you have full root access, you can install anything.
8. Add basic monitoring and backups
Install a lightweight monitor (for example Netdata) and set up a backup routine before you go live. A little preparation here saves a lot of pain later.
That's the core of a hardened Ubuntu server. On a OneHost Ubuntu VPS with NVMe SSD and KVM, each of these steps takes just a few minutes.