Workshop: Harden Your VPS in One Session — Step-by-Step with Working Commands

What We Are Building By the end of this workshop, you will take a default VPS — the kind with seven or more publicly exposed services — and reduce its attack surface to exactly three open ports. We will set up a WireGuard VPN, move every admin service behind it, lock down SSH, configure a firewall, and add application-level hardening to an Express.js server. Let me show you a pattern I use on every production server I provision. It takes one session and the results are measurable: public-facing services drop from 7+ to 3. Prerequisites A VPS running Ubuntu 22.04 or 24.04 (Debian-based works too) Root or sudo access A local machine running Linux, macOS, or WSL Node.js and Docker installed on the server Basic comfort with the terminal Step 1: Install and Configure WireGuard VPN Everything else depends on this. WireGuard creates a private tunnel between your machine and the server so you can pull services off the public internet entirely. apt update && apt install wireguard -y wg genkey |

Workshop: Harden Your VPS in One Session — Step-by-Step with Working Commands

Related Articles

Week 6 — No New Problems. Just Me and Everything I Already Learned.

What OpenClaw Gets Wrong Out of the Box (And How to Fix It)

Android Remote Compose：讓 Android UI 不用發版也能更新

Learn Something Old Every Day, Part XVIII: How Does FPU Detection Work?

“Learn to Code” Is Dead… Learn to Think Instead

Related Articles

How-To
Week 6 — No New Problems. Just Me and Everything I Already Learned.
Medium Programming • 2d ago

How-To
What OpenClaw Gets Wrong Out of the Box (And How to Fix It)
Medium Programming • 3d ago

How-To
Android Remote Compose：讓 Android UI 不用發版也能更新
Medium Programming • 3d ago

How-To
Learn Something Old Every Day, Part XVIII: How Does FPU Detection Work?
Lobsters • 3d ago

How-To
“Learn to Code” Is Dead… Learn to Think Instead
Medium Programming • 3d ago