How to Set Up a Vultr VPS: Complete Linux Guide

How to Set Up a Vultr VPS: Complete Linux Guide

Tested on: Vultr Cloud Compute VC2-1C-2GB and High Frequency Compute VHP-1C-2GB · Ubuntu 26.04 LTS · Debian 12 — Last updated: June 2026

Vultr is a global cloud provider with 32 data center locations across 6 continents — one of the widest geographic footprints among budget-tier cloud providers. A Cloud Compute instance starts at $6/month, and their High Frequency Compute line (NVMe SSD, faster CPUs) starts at $8/month. This guide walks through account setup, instance deployment, OS hardening, firewall configuration, Nginx with SSL, block storage, snapshots, and the vultr-cli tool — everything you need to run production workloads on Vultr.

Budget Pick
Hostinger VPS — From €3.99/month

If you want a cheaper starting point, Hostinger VPS offers KVM virtualization with full root access at a lower price than most competitors. Runs Ubuntu 26.04, Debian 12, AlmaLinux and CentOS out of the box — good fit for learning, side projects, or low-traffic servers.

  • KVM virtualization — dedicated resources, full root access
  • 1 vCPU / 4 GB RAM / 50 GB NVMe SSD from €3.99/month
  • Ubuntu 26.04, Debian 12, CentOS, AlmaLinux supported
  • Weekly automated backups included
  • 1 Gbps network bandwidth

Get Hostinger VPS →

Affiliate disclosure: we earn a small commission if you sign up — at no extra cost to you.

Contents
  1. Prerequisites
  2. Why Vultr
  3. Plans and Pricing
  4. Step 1 — Create Account and Add Your SSH Key
  5. Step 2 — Deploy Your First Instance
  6. Step 3 — Connect and Initial Setup
  7. Step 4 — Security Hardening
  8. Step 5 — Configure Firewall Groups and UFW
    1. Create a Firewall Group in the Dashboard
    2. UFW on the Server
  9. Step 6 — Install Nginx and SSL
  10. Block Storage
  11. Snapshots and Backups
    1. Automatic Backups
    2. Manual Snapshots
  12. Further Reading

Prerequisites

  • A local machine running Linux, macOS, or WSL2 on Windows
  • An SSH key pair (Ed25519 recommended — generated below if you don't have one)
  • A domain name if you want SSL (you can skip the Nginx/SSL section otherwise)
  • A Vultr account with a payment method added

Why Vultr

Vultr occupies a useful position in the cloud market: broader geographic coverage than Hetzner, cheaper than DigitalOcean and AWS, and more developer-friendly than generic VPS hosts. Key differentiators:

  • 32 data center locations — North America, Europe, Asia-Pacific, South America, Africa, and Australia
  • Hourly billing — destroy an instance and billing stops immediately; useful for CI runners and test environments
  • High Frequency Compute — NVMe SSD instances at $8/month for I/O-sensitive workloads like databases and caches
  • Bare metal — dedicated physical servers starting at $120/month when you need predictable performance
  • GPU instances — NVIDIA A100, H100, A40 for ML inference and training
  • Full API and CLI — Terraform provider, vultr-cli, and a REST API with complete resource coverage

Plans and Pricing

Plan TypeStarting PriceBest For
Cloud Compute Shared$6/mo (1 vCPU, 2 GB, 55 GB SSD)Dev environments, light apps
High Frequency Compute$8/mo (1 vCPU, 2 GB, 50 GB NVMe)Databases, busy web apps
Cloud Compute Optimized$28/mo (2 vCPU, 4 GB)Consistent CPU, no noisy neighbors
Bare Metal$120/moDedicated physical hardware
GPU Compute (A100)~$2.40/hrML training and inference

For most web applications and self-hosted tools, the High Frequency Compute line at $8–24/month is the best value. NVMe storage makes a measurable difference for PostgreSQL query latency, Redis persistence, and anything that hits disk frequently.

Step 1 — Create Account and Add Your SSH Key

Sign up at vultr.com, verify your email, and add a payment method (credit card, PayPal, or crypto). Before deploying any instances, add your SSH public key to the account — Vultr injects it into new servers automatically, saving you from ever using password authentication.

Generate an Ed25519 key if you don't already have one:

ssh-keygen -t ed25519 -C "vultr-$(date +%Y)" -f ~/.ssh/id_ed25519_vultr
# Display the public key to copy:
cat ~/.ssh/id_ed25519_vultr.pub

In the Vultr dashboard: Account → SSH Keys → Add SSH Key. Paste the public key output and give it a descriptive label like workstation-2026. You can add multiple keys and select which ones to inject at deploy time.

Step 2 — Deploy Your First Instance

Click Deploy in the top-right corner of the dashboard and work through the options:

  1. Choose Type: Cloud Compute — Shared CPU for general use, or High Frequency for NVMe storage
  2. Server Location: Pick the region closest to your users (see the location table below — latency to your server matters more than latency to you)
  3. Server Image: Ubuntu 26.04 LTS is recommended; Debian 12 and Rocky Linux 10 are solid alternatives
  4. Server Size: $6/mo (1 vCPU, 2 GB) for dev and light production; $12/mo (2 vCPU, 4 GB) for small apps with real traffic
  5. Additional Features: Enable Auto Backups — it costs 20% of the instance price (so $1.20/mo for the $6 server) and retains daily snapshots. Enable this for any production server.
  6. SSH Keys: Select the key you just added
  7. Server Hostname & Label: Set something meaningful — you'll thank yourself when you have multiple instances
  8. Click Deploy Now

The instance is ready in 60–90 seconds. The dashboard shows the IP address under the instance details.

Step 3 — Connect and Initial Setup

The server boots as root with your SSH key pre-installed. First connection:

ssh root@YOUR_SERVER_IP

# Update all packages:
apt update && apt full-upgrade -y

# Set timezone (use your preferred zone or keep UTC for servers):
timedatectl set-timezone UTC
timedatectl status

# Create a non-root user for daily use:
adduser deploy
usermod -aG sudo deploy

# Copy root's authorized_keys to the new user:
rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy

# Set a hostname:
hostnamectl set-hostname myserver.yourdomain.com

# Reboot to apply any kernel updates:
reboot

After the reboot, log in as your non-root user and confirm sudo access before you touch the SSH config:

ssh deploy@YOUR_SERVER_IP
sudo whoami
# Should output: root

Step 4 — Security Hardening

Disable root login and password authentication, then install fail2ban to block brute-force attempts.

sudo nano /etc/ssh/sshd_config

Set or confirm these values:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
MaxAuthTries 3
LoginGraceTime 20
AllowUsers deploy
# Validate the config before restarting:
sudo sshd -t

# Restart SSH (keep your current session open until you verify):
sudo systemctl restart ssh

# Open a second terminal and confirm you can still log in:
ssh deploy@YOUR_SERVER_IP

Install and configure fail2ban:

sudo apt install fail2ban -y

sudo tee /etc/fail2ban/jail.local << 'EOF'
[DEFAULT]
bantime  = 3600
findtime = 600
maxretry = 3
backend  = systemd

[sshd]
enabled = true
port    = ssh
EOF

sudo systemctl enable --now fail2ban

# Verify it's watching SSH:
sudo fail2ban-client status sshd

Expected output:

Status for the jail: sshd
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- Journal matches:  _SYSTEMD_UNIT=ssh.service + _COMM=sshd
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:

Step 5 — Configure Firewall Groups and UFW

Vultr Firewall Groups are network-level rules applied before traffic reaches your server — more efficient than host-based firewalls alone, and they protect against port scans even if UFW is misconfigured. Use both.

Create a Firewall Group in the Dashboard

  1. Go to Network → Firewall → Add Firewall Group
  2. Add inbound rules:
    • SSH: TCP 22 — your IP only (or Anywhere if you have a dynamic IP)
    • HTTP: TCP 80 — Anywhere
    • HTTPS: TCP 443 — Anywhere
  3. Leave outbound as default (allow all)
  4. Go to your instance → Settings → Firewall and link the group

UFW on the Server

sudo apt install ufw -y
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Enable — this takes effect immediately:
sudo ufw enable

sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere

Step 6 — Install Nginx and SSL

Before running Certbot, point your domain's A record to your server IP and wait for DNS propagation (use dig yourdomain.com +short to verify).

sudo apt install nginx -y
sudo systemctl enable --now nginx

sudo apt install certbot python3-certbot-nginx -y

# Issue certificate — Certbot edits your Nginx config automatically:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

# Test renewal (does a dry run, no cert changes):
sudo certbot renew --dry-run

Add security headers to your Nginx server block. Edit the Certbot-managed config:

sudo nano /etc/nginx/sites-available/default
server {
    listen 443 ssl;
    server_name yourdomain.com www.yourdomain.com;

    # Security headers
    add_header X-Frame-Options            "SAMEORIGIN"                   always;
    add_header X-Content-Type-Options     "nosniff"                      always;
    add_header Referrer-Policy            "strict-origin-when-cross-origin" always;
    add_header Strict-Transport-Security  "max-age=31536000; includeSubDomains" always;
    add_header Permissions-Policy         "geolocation=(), camera=(), microphone=()" always;

    # SSL config added by Certbot — do not remove
    ssl_certificate     /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

    root  /var/www/html;
    index index.html;
}
sudo nginx -t && sudo systemctl reload nginx

Block Storage

Vultr Block Storage is network-attached SSD at $0.10/GB/month (10 GB minimum = $1/month). Volumes can be attached, detached, and resized independently of your instance — useful for storing database files or uploads separately from your root disk.

Create a volume in the dashboard under Storage → Block Storage → Add Volume, attach it to your instance, then configure it on the server:

# Identify the new disk (usually /dev/vdb):
lsblk

# Format — only do this the first time, it erases all data:
sudo mkfs.ext4 /dev/vdb

# Create mount point and mount:
sudo mkdir -p /mnt/data
sudo mount /dev/vdb /mnt/data

# Get UUID for persistent mounting:
sudo blkid /dev/vdb
/dev/vdb: UUID="a1b2c3d4-e5f6-7890-abcd-ef1234567890" BLOCK_SIZE="4096" TYPE="ext4"
# Add to fstab using the UUID (nofail prevents boot failure if volume detaches):
echo 'UUID=a1b2c3d4-e5f6-7890-abcd-ef1234567890 /mnt/data ext4 defaults,nofail 0 2' | sudo tee -a /etc/fstab

# Test fstab before rebooting:
sudo mount -a
df -h /mnt/data

Snapshots and Backups

Automatic Backups

Enable under Server Settings → Backups. Cost is 20% of the instance price. Vultr retains 1–2 daily backups and rotates them. Restoring from a backup takes 15–30 minutes and replaces the current disk. Enable this for every production server — the cost is negligible.

Manual Snapshots

Create from Server Settings → Snapshots → Take Snapshot. Billed at $0.05/GB/month. Snapshots are full disk captures — use them before OS upgrades, major config changes, or new application deployments. A snapshot taken in one region can be used to deploy new instances in any region, making them useful for cloning environments.