How I Hardened My VPS in One Afternoon: SSH, Cloudflare, and Tailscale

Originally published at hafiz.dev A tweet from @levelsio went viral last week. The advice was simple: lock down your VPS before someone else does. I checked my own server settings immediately. PermitRootLogin yes . PasswordAuthentication defaulting to enabled. Port 22 open to the entire internet. No Cloudflare proxy. Nothing. That's fully exposed root SSH access on a production server running multiple live projects. Not great. So I fixed all of it. SSH hardening, Cloudflare DNS migration, Tailscale installed, port 22 locked. Here's exactly what I did, in the order I did it, with the real commands and the mistakes I made along the way. Why This Stack Specifically There are a hundred ways to "secure" a server. Most guides tell you to do one thing. The levelsio setup is three independent layers working together: SSH : key-based auth only, no passwords, no brute-force possible Cloudflare : your real server IP stays hidden, all web traffic proxied Tailscale : port 22 becomes invisible to th

How I Hardened My VPS in One Afternoon: SSH, Cloudflare, and Tailscale

Related Articles

Most People Quit Programming Right Before This Happens

Why Skill-Based Learning is Quietly Becoming the Real Standard of Education

Context: a vital pattern nobody talks about

Clean Code Won’t Save You in Production

The Skills That Make Great Developers Stand Out

Related Articles

How-To
Most People Quit Programming Right Before This Happens
Medium Programming • 1h ago

How-To
Why Skill-Based Learning is Quietly Becoming the Real Standard of Education
Medium Programming • 1h ago

How-To
Context: a vital pattern nobody talks about
Medium Programming • 1h ago

How-To
Clean Code Won’t Save You in Production
Medium Programming • 1h ago

How-To
The Skills That Make Great Developers Stand Out
Medium Programming • 2h ago