Production Linux: Secure and Maintain Your Own VPS

Ahnii! This series covers the full lifecycle of a production Linux VPS — from first login to disaster recovery. It is for developers who deploy their own servers and are comfortable with a terminal but are not operations specialists. 1. Provision an Ubuntu VPS and Create a Deploy User Droplet creation, deploy user, UFW baseline, and unattended upgrades. The "before you do anything else" checklist. 2. SSH Hardening: Ed25519 Keys and Disabling Root Login Ed25519 keys, PermitRootLogin no , and disabling unused authentication methods. 3. UFW, fail2ban, and Banning Repeat Offenders UFW deep dive, a fail2ban jail for Caddy access logs, and the recidive jail with nftables. 4. Docker Security on a Shared VPS Why Docker bypasses UFW, the DOCKER-USER chain fix, localhost binding, and container hardening. 5. Caddy Hardening: Security Headers and Rate Limiting Reusable security headers snippet, Content Security Policy, and rate limiting with caddy-ratelimit. 6. Kernel and Systemd Service Hardening