Home Guides Blog Tests Games Pathway Foss

MASTER YOUR
SERVER

// Complete control over your infrastructure.

OWN YOUR DIGITAL PRESENCE.

A VPS gives you complete control over your server environment. No shared hosting limitations, no platform restrictions—just raw computing power that you configure exactly how you want. Deploy websites, run applications, host databases, and scale on your terms.

VPS IS FREEDOM.

Root access means you're not constrained by what hosting companies allow. Install any software, configure any service, optimize every setting. Your server, your rules. The skills you learn here transfer to any cloud platform—AWS, DigitalOcean, Linode, Hetzner.

SERVER MASTERY IS DEVOPS MASTERY.

Modern development requires server knowledge. Whether you're deploying a personal blog or scaling a startup, understanding servers is non-negotiable. This is your foundation for cloud computing, containerization, and infrastructure as code.

BEGIN YOUR JOURNEY →

// The Path to Mastery

12 lessons. Complete server control.

LESSON 01

Introduction to VPS

Learn what a VPS is, its benefits, and how to choose the right provider.

Beginner
LESSON 02

First Connection

Set up SSH, connect to your server, and learn basic navigation commands.

Beginner
LESSON 03

Server Setup

Configure your server: users, timezone, hostname, and system updates.

Beginner
LESSON 04

Security Basics

Secure your server with firewall (UFW), fail2ban, and SSH hardening.

Beginner
LESSON 05

Web Server

Install and configure Nginx, set up virtual hosts, and serve static files.

Intermediate
LESSON 06

Domain & DNS

Configure domains, set up DNS records, and obtain SSL certificates.

Intermediate
LESSON 07

Databases

Install MariaDB or PostgreSQL, create databases, and manage users.

Intermediate
LESSON 08

PHP & Applications

Install PHP, configure PHP-FPM, and deploy web applications.

Intermediate
LESSON 09

Docker Basics

Install Docker, run containers, and orchestrate with docker-compose.

Intermediate
LESSON 10

Monitoring

Monitor system resources, analyze logs, and set up health checks.

Intermediate
LESSON 11

Backups

Implement automated backups with rsync and offsite storage solutions.

Advanced
LESSON 12

Advanced Topics

Master reverse proxies, load balancing, scaling strategies, and maintenance.

Advanced

// Why Use a VPS

A Virtual Private Server (VPS) provides dedicated server resources in a virtualized environment. Unlike shared hosting where hundreds of websites compete for the same resources, a VPS gives you guaranteed CPU, RAM, and storage that you control exclusively.

Benefits of VPS hosting:

Full Root Access: Install any software, modify system configurations, and have complete control over your environment. No restrictions on what you can run.

Scalability: Start small and scale up resources as your needs grow. Add RAM, CPU, or storage without migrating to a new server.

Performance: Dedicated resources mean your applications run consistently. No "noisy neighbors" affecting your performance.

Security: Isolated environment with your own firewall rules, user management, and security policies. You're not affected by other users' vulnerabilities.

Cost Effective: VPS plans start as low as $5/month. You get dedicated resources at a fraction of the cost of a physical server.

The future of web hosting is VPS and cloud. Own your infrastructure.

// Tools & References

DigitalOcean

Developer-friendly VPS hosting

digitalocean.com

Linode

Alternative cloud platform

linode.com

Vultr

High-performance cloud servers

vultr.com

AWS EC2

Amazon's cloud computing service

aws.amazon.com/ec2

Hetzner

European VPS provider

hetzner.com/cloud

Certbot

Free SSL certificates

certbot.eff.org

// Lesson 01: Introduction to VPS

×

What is a VPS?

A Virtual Private Server (VPS) is a virtualized server that mimics a dedicated server within a shared hosting environment. It provides dedicated resources (CPU, RAM, storage) while running on physical hardware shared with other virtual servers.

Benefits of VPS Hosting

  • Root Access: Full administrative control over your server
  • Dedicated Resources: Guaranteed CPU, RAM, and disk space
  • Scalability: Easily upgrade resources as needed
  • Isolation: Your server is independent of others
  • Cost Effective: Starting at $5/month
  • Customization: Install any software you need
VPS vs Shared Hosting: Shared hosting is like living in an apartment building with shared amenities. VPS is like having your own condo—shared building, but dedicated space and resources you control.

Popular VPS Providers

# DigitalOcean - Developer-friendly, great tutorials # Linode - Reliable, good support, competitive pricing # Vultr - High-performance SSD, multiple locations # AWS EC2 - Enterprise-grade, complex pricing # Hetzner - European provider, very affordable

Choosing Your VPS

Key factors to consider:

# 1. Location - Choose a datacenter near your users # 2. OS - Ubuntu, Debian, CentOS, AlmaLinux # 3. Resources - Start with 1GB RAM, 1 vCPU, 25GB SSD # 4. Bandwidth - Most providers offer generous limits # 5. IPv6 support - Modern servers should have it
Recommended OS: Ubuntu LTS (Long Term Support) is the best choice for beginners. It has the largest community, best documentation, and extensive software support.

Your First VPS Deployment

After creating your VPS, you'll receive:

  • IP Address (e.g., 192.168.1.100)
  • Username (usually "root")
  • Password or SSH key

Quiz

1. What does VPS stand for?

2. What gives you full administrative control on a VPS?

3. Which provider is known for developer-friendly tutorials?

4. What type of Ubuntu release is best for servers?

Show All Answers

Answers

  1. virtual private server
  2. root access
  3. digitalocean
  4. lts

// Lesson 02: First Connection

×

What is SSH?

SSH (Secure Shell) is a protocol for securely connecting to remote servers over an encrypted connection. It replaces insecure protocols like Telnet and provides authentication and encryption.

Connecting via SSH

Basic SSH connection syntax:

$ ssh username@server_ip # Example: $ ssh root@192.168.1.100

First Connection

When connecting for the first time, you'll see a host key verification prompt:

$ ssh root@192.168.1.100 The authenticity of host '192.168.1.100' can't be established. ECDSA key fingerprint is SHA256:abc123... Are you sure you want to continue connecting (yes/no)? $ yes Warning: Permanently added '192.168.1.100' to the list of known hosts. root@192.168.1.100's password:

Basic Server Navigation

Once connected, you can use standard Linux commands:

$ pwd /root $ ls -la total 24 drwx------ 4 root root 4096 Jan 15 10:00 . drwxr-xr-x 18 root root 4096 Jan 15 09:30 .. $ whoami root $ uptime 10:30:00 up 2 days, 4:15, 1 user, load average: 0.05, 0.02, 0.00

Setting Up SSH Keys

Password authentication is insecure. Use SSH keys instead:

# Generate SSH key pair on your local machine $ ssh-keygen -t ed25519 -C "your@email.com" # Copy public key to server $ ssh-copy-id root@192.168.1.100 # Now connect without password $ ssh root@192.168.1.100
Security Tip: Never use password authentication for root. Always disable it and use SSH keys only. We'll cover this in the security lesson.

Useful SSH Options

# Specify port (if not 22) $ ssh -p 2222 root@192.168.1.100 # Run command remotely $ ssh root@192.168.1.100 "df -h" # Copy files with SCP $ scp file.txt root@192.168.1.100:/root/ # SSH with specific key $ ssh -i ~/.ssh/my_key root@192.168.1.100

Quiz

1. What protocol is used to connect to a remote server securely?

2. What command shows your current directory?

3. What command copies your SSH key to the server?

4. What algorithm is recommended for SSH keys?

Show All Answers

Answers

  1. ssh
  2. pwd
  3. ssh-copy-id
  4. ed25519

// Lesson 03: Server Setup

×

Initial Server Configuration

After your first connection, complete these essential setup steps:

1. Update the System

# Update package lists $ apt update # Upgrade installed packages $ apt upgrade -y # Remove unnecessary packages $ apt autoremove -y

2. Set Timezone

# List available timezones $ timedatectl list-timezones # Set timezone (example: New York) $ timedatectl set-timezone America/New_York # Verify $ timedatectl

3. Set Hostname

# Set hostname $ hostnamectl set-hostname myserver # Edit /etc/hosts $ nano /etc/hosts 127.0.0.1 localhost 127.0.1.1 myserver

4. Create a New User

Never use root for daily tasks. Create a regular user with sudo privileges:

# Create user $ adduser deploy # Add to sudo group $ usermod -aG sudo deploy # Copy SSH key to new user $ rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy
Best Practice: Always create a non-root user for daily operations. Use sudo only when administrative privileges are needed. This prevents accidental system damage.

5. Install Essential Tools

$ apt install -y curl wget git vim htop net-tools ufw

6. Enable Automatic Security Updates

$ apt install -y unattended-upgrades $ dpkg-reconfigure --priority=low unattended-upgrades # Select "Yes" to enable automatic updates

Quiz

1. What command updates package lists?

2. What command sets the system timezone?

3. What group gives sudo privileges on Ubuntu?

4. What command creates a new user?

Show All Answers

Answers

  1. apt update
  2. timedatectl
  3. sudo
  4. adduser

// Lesson 04: Security Basics

×

Server Security Fundamentals

A VPS on the internet is constantly scanned and attacked. Implement these security measures immediately.

1. Configure UFW Firewall

UFW (Uncomplicated Firewall) is a user-friendly front-end for iptables:

# Check status $ ufw status # Default deny all incoming $ ufw default deny incoming # Default allow all outgoing $ ufw default allow outgoing # Allow SSH (before enabling!) $ ufw allow ssh # or for custom port: ufw allow 2222/tcp # Enable firewall $ ufw enable
CRITICAL: Always allow SSH before enabling UFW, or you'll lock yourself out of your server!

2. SSH Hardening

Edit SSH configuration for better security:

$ nano /etc/ssh/sshd_config # Make these changes: PermitRootLogin no PasswordAuthentication no PubkeyAuthentication yes MaxAuthTries 3 ClientAliveInterval 300 ClientAliveCountMax 2 # Restart SSH $ systemctl restart sshd

3. Install fail2ban

fail2ban blocks IP addresses that show malicious signs:

$ apt install -y fail2ban # Create local configuration $ cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local # Start and enable $ systemctl start fail2ban $ systemctl enable fail2ban # Check status $ fail2ban-client status

4. Disable Root Login

After creating a sudo user and verifying SSH key access:

$ nano /etc/ssh/sshd_config PermitRootLogin no # Restart SSH $ systemctl restart sshd

5. Change SSH Port (Optional)

# Edit SSH config $ nano /etc/ssh/sshd_config Port 2222 # Update firewall $ ufw allow 2222/tcp $ ufw delete allow ssh $ systemctl restart sshd
Security Checklist:
✅ UFW enabled with only necessary ports open
✅ SSH key authentication only
✅ Root login disabled
✅ fail2ban running
✅ Password auth disabled

Quiz

1. What firewall tool is recommended for Ubuntu?

2. What tool bans IPs after failed login attempts?

3. What setting disables root SSH login?

4. What setting disables password authentication?

Show All Answers

Answers

  1. ufw
  2. fail2ban
  3. PermitRootLogin no
  4. PasswordAuthentication no

// Lesson 05: Web Server

×

Installing Nginx

Nginx is a high-performance web server and reverse proxy. It's known for its stability, rich feature set, and low resource consumption.

# Update package index $ apt update # Install Nginx $ apt install -y nginx # Start and enable Nginx $ systemctl start nginx $ systemctl enable nginx # Check status $ systemctl status nginx

Configure Firewall

# Allow HTTP (port 80) $ ufw allow 'Nginx HTTP' # Allow HTTPS (port 443) $ ufw allow 'Nginx HTTPS' # Check status $ ufw status

Basic Configuration

Nginx configuration files are located in /etc/nginx/:

# Main configuration $ nano /etc/nginx/nginx.conf # Site configurations $ ls /etc/nginx/sites-available/ default # Enable sites by linking to sites-enabled $ ls /etc/nginx/sites-enabled/

Creating a Virtual Host

# Create document root $ mkdir -p /var/www/example.com/html # Set permissions $ chown -R $USER:$USER /var/www/example.com/html $ chmod -R 755 /var/www/example.com # Create test page $ nano /var/www/example.com/html/index.html

Server Block Configuration

$ nano /etc/nginx/sites-available/example.com server { listen 80; listen [::]:80; root /var/www/example.com/html; index index.html index.htm; server_name example.com www.example.com; location / { try_files $uri $uri/ =404; } } # Enable site $ ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/ # Test configuration $ nginx -t # Reload Nginx $ systemctl reload nginx
Nginx Commands:
nginx -t : Test configuration
systemctl reload nginx : Reload gracefully
systemctl restart nginx : Hard restart
nginx -s stop : Stop server

Quiz

1. What is the recommended web server?

2. What port does HTTP use?

3. What command tests Nginx configuration?

4. Where are site configurations stored?

Show All Answers

Answers

  1. nginx
  2. 80
  3. nginx -t
  4. /etc/nginx/sites-available/

// Lesson 06: Domain & DNS

×

Understanding DNS

DNS (Domain Name System) translates human-readable domain names to IP addresses. When someone types your domain, DNS directs them to your server.

DNS Record Types

  • A Record: Maps domain to IPv4 address
  • AAAA Record: Maps domain to IPv6 address
  • CNAME: Alias one domain to another
  • MX: Mail server records
  • TXT: Text records (SPF, DKIM, verification)
  • NS: Nameserver records

Setting Up Your Domain

# Example DNS configuration at your registrar: Type: A Name: @ Value: 192.168.1.100 TTL: 3600 Type: A Name: www Value: 192.168.1.100 TTL: 3600

Updating Nginx Server Block

$ nano /etc/nginx/sites-available/example.com server { listen 80; server_name example.com www.example.com; root /var/www/example.com/html; index index.html; location / { try_files $uri $uri/ =404; } } $ nginx -t && systemctl reload nginx

SSL Certificates with Let's Encrypt

Certbot provides free SSL certificates from Let's Encrypt:

# Install Certbot $ apt install -y certbot python3-certbot-nginx # Obtain certificate $ certbot --nginx -d example.com -d www.example.com # Follow prompts - choose redirect to HTTPS # Test auto-renewal $ certbot renew --dry-run
Let's Encrypt: Free, automated SSL certificates valid for 90 days. Certbot automatically renews them. Your site will show the secure lock icon in browsers.

Auto-Renewal

Certbot installs a systemd timer for automatic renewal:

# Check timer status $ systemctl status certbot.timer # View renewal configuration $ cat /etc/letsencrypt/renewal/example.com.conf

Quiz

1. What DNS record maps a domain to an IP address?

2. What tool provides free SSL certificates?

3. What port does HTTPS use?

4. What certificate authority provides free SSL?

Show All Answers

Answers

  1. A record
  2. certbot
  3. 443
  4. lets encrypt

// Lesson 07: Databases

×

Installing MariaDB

MariaDB is a community-developed fork of MySQL. It's fast, reliable, and fully compatible with MySQL.

# Install MariaDB $ apt install -y mariadb-server mariadb-client # Secure installation $ mysql_secure_installation # Follow prompts: # - Set root password # - Remove anonymous users: Y # - Disallow root remote login: Y # - Remove test database: Y # - Reload privileges: Y

Basic MariaDB Commands

# Login as root $ mysql -u root -p # Show databases MariaDB [(none)]> SHOW DATABASES; # Create database MariaDB [(none)]> CREATE DATABASE myapp; # Create user MariaDB [(none)]> CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'strong_password'; # Grant privileges MariaDB [(none)]> GRANT ALL PRIVILEGES ON myapp.* TO 'appuser'@'localhost'; # Flush privileges MariaDB [(none)]> FLUSH PRIVILEGES; # Exit MariaDB [(none)]> EXIT;

Alternative: Installing PostgreSQL

PostgreSQL is a powerful, open-source object-relational database system:

# Install PostgreSQL $ apt install -y postgresql postgresql-contrib # Check status $ systemctl status postgresql # Switch to postgres user $ sudo -u postgres psql # Create database postgres=# CREATE DATABASE myapp; # Create user postgres=# CREATE USER appuser WITH PASSWORD 'strong_password'; # Grant privileges postgres=# GRANT ALL PRIVILEGES ON DATABASE myapp TO appuser; # Exit postgres=# \q

Database Backup

# Backup MariaDB/MySQL $ mysqldump -u root -p myapp > myapp_backup.sql # Restore MariaDB/MySQL $ mysql -u root -p myapp < myapp_backup.sql # Backup PostgreSQL $ pg_dump myapp > myapp_backup.sql # Restore PostgreSQL $ psql myapp < myapp_backup.sql
MariaDB vs PostgreSQL:
MariaDB: Easier setup, MySQL compatible, good for most web apps
PostgreSQL: More advanced features, better for complex applications, superior data integrity

Quiz

1. What is the MySQL-compatible database?

2. What command secures MariaDB installation?

3. What command shows all databases?

4. What command backs up a MySQL database?

Show All Answers

Answers

  1. mariadb
  2. mysql_secure_installation
  3. SHOW DATABASES;
  4. mysqldump

// Lesson 08: PHP & Applications

×

Installing PHP

PHP is a popular server-side scripting language. We'll install PHP with common extensions and PHP-FPM for better performance with Nginx.

# Install PHP and common extensions $ apt install -y php8.1-fpm php8.1-mysql php8.1-curl php8.1-gd php8.1-mbstring php8.1-xml php8.1-zip # Start and enable PHP-FPM $ systemctl start php8.1-fpm $ systemctl enable php8.1-fpm # Check status $ systemctl status php8.1-fpm

Configure PHP-FPM with Nginx

$ nano /etc/nginx/sites-available/example.com server { listen 80; server_name example.com; root /var/www/example.com/html; index index.php index.html; location / { try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; } location ~ /\.ht { deny all; } } $ nginx -t && systemctl reload nginx

Test PHP

# Create test file $ nano /var/www/example.com/html/info.php # Access in browser: http://example.com/info.php # After testing, remove it: $ rm /var/www/example.com/html/info.php

Installing Composer

Composer is PHP's dependency manager:

# Download and install Composer $ curl -sS https://getcomposer.org/installer | php # Move to global location $ mv composer.phar /usr/local/bin/composer # Test $ composer --version

Deploying a Laravel Application

# Install Laravel $ composer global require laravel/installer # Add to PATH $ echo 'export PATH="$PATH:$HOME/.config/composer/vendor/bin"' >> ~/.bashrc $ source ~/.bashrc # Create new project $ laravel new myapp # Or with Composer $ composer create-project --prefer-dist laravel/laravel myapp # Set permissions $ chown -R www-data:www-data /var/www/example.com/html/myapp $ chmod -R 755 /var/www/example.com/html/myapp/storage
PHP-FPM: FastCGI Process Manager handles PHP requests efficiently. It's the recommended way to run PHP with Nginx, offering better performance than mod_php.

Quiz

1. What handles PHP requests with Nginx?

2. What is PHP's package manager called?

3. What file extension does PHP use?

4. What popular PHP framework is mentioned?

Show All Answers

Answers

  1. php-fpm
  2. composer
  3. .php
  4. laravel

// Lesson 09: Docker Basics

×

What is Docker?

Docker is a platform for developing, shipping, and running applications in containers. Containers package code with all its dependencies, ensuring consistent environments across development and production.

Installing Docker

# Update package index $ apt update # Install prerequisites $ apt install -y apt-transport-https ca-certificates curl gnupg lsb-release # Add Docker's official GPG key $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg # Set up stable repository $ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null # Install Docker $ apt update $ apt install -y docker-ce docker-ce-cli containerd.io # Start Docker $ systemctl start docker $ systemctl enable docker # Add user to docker group $ usermod -aG docker $USER

Docker Basic Commands

# Check Docker version $ docker --version # Run a container $ docker run hello-world # List running containers $ docker ps # List all containers (including stopped) $ docker ps -a # List images $ docker images # Stop a container $ docker stop container_id # Remove a container $ docker rm container_id # Remove an image $ docker rmi image_id

Running a Web Server Container

# Run Nginx container $ docker run -d -p 80:80 --name my-nginx nginx # -d: detached mode (background) # -p 80:80: map host port 80 to container port 80 # --name: give container a name # Access container shell $ docker exec -it my-nginx /bin/bash # View logs $ docker logs my-nginx

Docker Compose

Docker Compose manages multi-container applications:

# Install Docker Compose $ curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose $ chmod +x /usr/local/bin/docker-compose # Create docker-compose.yml $ nano docker-compose.yml version: '3.8' services: web: image: nginx:latest ports: - "80:80" volumes: - ./html:/usr/share/nginx/html db: image: mysql:8.0 environment: MYSQL_ROOT_PASSWORD: secret # Start services $ docker-compose up -d # Stop services $ docker-compose down
Docker Benefits:
✅ Consistent environments across dev/prod
✅ Easy deployment and scaling
✅ Isolation between applications
✅ Efficient resource utilization
✅ Version control for infrastructure

Quiz

1. What packages applications with dependencies?

2. What flag runs a container in background?

3. What tool manages multi-container apps?

4. What command lists running containers?

Show All Answers

Answers

  1. docker
  2. -d
  3. docker-compose
  4. docker ps

// Lesson 10: Monitoring

×

System Monitoring Tools

Monitoring your VPS is essential for maintaining performance, detecting issues, and planning capacity. Let's explore the built-in and installable monitoring tools.

Built-in Commands

# System overview $ top # Better top alternative $ htop # Disk usage $ df -h # Directory sizes $ du -sh /var/* # Memory usage $ free -h # Network connections $ netstat -tuln # or $ ss -tuln

Install Monitoring Tools

# Install htop (better top) $ apt install -y htop # Install iotop (disk I/O monitor) $ apt install -y iotop # Install nethogs (network monitor) $ apt install -y nethogs # Install nmon (performance monitor) $ apt install -y nmon

Log Analysis

# System log $ tail -f /var/log/syslog # Authentication log $ tail -f /var/log/auth.log # Nginx access log $ tail -f /var/log/nginx/access.log # Nginx error log $ tail -f /var/log/nginx/error.log # Check for failed SSH attempts $ grep "Failed password" /var/log/auth.log | wc -l

Install Netdata (Real-time Monitoring)

# Install Netdata $ bash <(curl -Ss https://my-netdata.io/kickstart.sh) # Netdata runs on port 19999 # Access: http://your-server-ip:19999 # Configure firewall $ ufw allow 19999/tcp

Systemd Journal

# View all logs $ journalctl # Follow logs in real-time $ journalctl -f # View specific service logs $ journalctl -u nginx # View logs since last boot $ journalctl -b
Monitoring Checklist:
✅ CPU usage (keep below 80% sustained)
✅ Memory usage (watch for swapping)
✅ Disk space (alert at 80% full)
✅ Network I/O (unexpected spikes)
✅ Service health (nginx, mysql, ssh)
✅ Security logs (failed logins)

Quiz

1. What command shows real-time system processes?

2. What command shows disk usage?

3. What real-time monitoring tool uses port 19999?

4. What command views service-specific logs?

Show All Answers

Answers

  1. top
  2. df -h
  3. netdata
  4. journalctl -u

// Lesson 11: Backups

×

Backup Strategy

A proper backup strategy follows the 3-2-1 rule: 3 copies of data, 2 different media types, 1 offsite location. Let's implement automated backups for your VPS.

What to Backup

  • Website files: /var/www/, /home/user/www/
  • Databases: MySQL/MariaDB, PostgreSQL dumps
  • Configuration: /etc/nginx/, /etc/apache2/, /etc/ssh/
  • User data: /home/ directories
  • System configs: Important customizations

Installing and Using rsync

# Install rsync (usually pre-installed) $ apt install -y rsync # Basic rsync syntax $ rsync -avz /source/ /destination/ # Backup website to external storage $ rsync -avz --delete /var/www/ /mnt/backup/www/ # Backup with SSH to remote server $ rsync -avz -e ssh /var/www/ user@backup-server:/backups/www/

Automated Backup Script

$ nano /usr/local/bin/backup.sh #!/bin/bash # Backup directory BACKUP_DIR="/backups/$(date +%Y%m%d)" mkdir -p $BACKUP_DIR # Backup websites rsync -avz --delete /var/www/ $BACKUP_DIR/www/ # Backup Nginx config rsync -avz --delete /etc/nginx/ $BACKUP_DIR/nginx/ # Backup databases mysqldump -u root -p'password' --all-databases > $BACKUP_DIR/all-databases.sql # Compress backup tar -czf $BACKUP_DIR.tar.gz $BACKUP_DIR # Keep only last 7 days find /backups -name "*.tar.gz" -mtime +7 -delete echo "Backup completed: $BACKUP_DIR.tar.gz" # Make executable $ chmod +x /usr/local/bin/backup.sh

Scheduling Backups with Cron

# Edit crontab $ crontab -e # Daily backup at 2 AM 0 2 * * * /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1 # Weekly backup on Sundays at 3 AM 0 3 * * 0 /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1

Offsite Backup with rclone

rclone syncs files to cloud storage (S3, Google Drive, Dropbox, etc.):

# Install rclone $ curl https://rclone.org/install.sh | bash # Configure $ rclone config # Sync to cloud storage $ rclone sync /backups remote:backup-bucket
Backup Best Practices:
✅ Automate with cron jobs
✅ Test restore procedures regularly
✅ Keep multiple backup versions
✅ Store backups offsite
✅ Encrypt sensitive backups
✅ Monitor backup success/failure

Quiz

1. What tool is used for file synchronization?

2. What schedules automated tasks?

3. What command compresses backups?

4. What tool syncs to cloud storage?

Show All Answers

Answers

  1. rsync
  2. cron
  3. tar
  4. rclone

// Lesson 12: Advanced Topics

×

Reverse Proxy Configuration

A reverse proxy sits between clients and backend servers, forwarding requests and returning responses. Nginx excels at this.

# Reverse proxy to a Node.js app $ nano /etc/nginx/sites-available/app server { listen 80; server_name app.example.com; location / { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } # Enable site $ ln -s /etc/nginx/sites-available/app /etc/nginx/sites-enabled/ $ nginx -t && systemctl reload nginx

Load Balancing

Distribute traffic across multiple backend servers:

$ nano /etc/nginx/nginx.conf upstream backend { server 192.168.1.10:3000 weight=5; server 192.168.1.11:3000 weight=5; server 192.168.1.12:3000 backup; } server { location / { proxy_pass http://backend; } } # Load balancing methods: # - round-robin (default): requests distributed evenly # - least_conn: to server with least active connections # - ip_hash: same client always to same server

Rate Limiting

Protect your server from abuse:

limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; server { location / { limit_req zone=one burst=5 nodelay; } }

Scaling Strategies

  • Vertical Scaling: Upgrade VPS to more CPU/RAM
  • Horizontal Scaling: Add more servers behind load balancer
  • Caching: Redis/Memcached for frequently accessed data
  • CDN: CloudFlare, AWS CloudFront for static assets
  • Database Scaling: Read replicas, sharding

Server Maintenance Checklist

# Daily # - Check logs for errors # - Monitor resource usage # Weekly # - Review failed login attempts # - Check disk space # Monthly # - Update all packages # - Review user accounts # - Test backups # Quarterly # - Review and rotate SSH keys # - Audit installed packages # - Update SSL certificates check
Production VPS Checklist:
✅ Automated security updates
✅ Regular backups with offsite storage
✅ Monitoring and alerting
✅ SSL certificates with auto-renewal
✅ Firewall configured
✅ SSH hardened (keys only)
✅ Log rotation configured
✅ Disaster recovery plan documented

Quiz

1. What Nginx directive forwards requests to backend?

2. What directive defines backend servers for load balancing?

3. What limits request rate in Nginx?

4. What adds more servers vs upgrading existing (scaling types)?

Show All Answers

Answers

  1. proxy_pass
  2. upstream
  3. limit_req
  4. horizontal