How to Set Up a Vultr VPS: Complete Linux Guide

Tested on: Vultr Cloud Compute VC2-1C-2GB and High Frequency Compute VHP-1C-2GB · Ubuntu 26.04 LTS · Debian 12 — Last updated: June 2026
Vultr is a global cloud provider with 32 data center locations across 6 continents — one of the widest geographic footprints among budget-tier cloud providers. A Cloud Compute instance starts at $6/month, and their High Frequency Compute line (NVMe SSD, faster CPUs) starts at $8/month. This guide walks through account setup, instance deployment, OS hardening, firewall configuration, Nginx with SSL, block storage, snapshots, and the vultr-cli tool — everything you need to run production workloads on Vultr.
Hostinger VPS — From €3.99/month
If you want a cheaper starting point, Hostinger VPS offers KVM virtualization with full root access at a lower price than most competitors. Runs Ubuntu 26.04, Debian 12, AlmaLinux and CentOS out of the box — good fit for learning, side projects, or low-traffic servers.
- KVM virtualization — dedicated resources, full root access
- 1 vCPU / 4 GB RAM / 50 GB NVMe SSD from €3.99/month
- Ubuntu 26.04, Debian 12, CentOS, AlmaLinux supported
- Weekly automated backups included
- 1 Gbps network bandwidth
Affiliate disclosure: we earn a small commission if you sign up — at no extra cost to you.
- Prerequisites
- Why Vultr
- Plans and Pricing
- Step 1 — Create Account and Add Your SSH Key
- Step 2 — Deploy Your First Instance
- Step 3 — Connect and Initial Setup
- Step 4 — Security Hardening
- Step 5 — Configure Firewall Groups and UFW
- Step 6 — Install Nginx and SSL
- Block Storage
- Snapshots and Backups
- Further Reading
Prerequisites
- A local machine running Linux, macOS, or WSL2 on Windows
- An SSH key pair (Ed25519 recommended — generated below if you don't have one)
- A domain name if you want SSL (you can skip the Nginx/SSL section otherwise)
- A Vultr account with a payment method added
Why Vultr
Vultr occupies a useful position in the cloud market: broader geographic coverage than Hetzner, cheaper than DigitalOcean and AWS, and more developer-friendly than generic VPS hosts. Key differentiators:
- 32 data center locations — North America, Europe, Asia-Pacific, South America, Africa, and Australia
- Hourly billing — destroy an instance and billing stops immediately; useful for CI runners and test environments
- High Frequency Compute — NVMe SSD instances at $8/month for I/O-sensitive workloads like databases and caches
- Bare metal — dedicated physical servers starting at $120/month when you need predictable performance
- GPU instances — NVIDIA A100, H100, A40 for ML inference and training
- Full API and CLI — Terraform provider,
vultr-cli, and a REST API with complete resource coverage
Plans and Pricing
| Plan Type | Starting Price | Best For |
|---|---|---|
| Cloud Compute Shared | $6/mo (1 vCPU, 2 GB, 55 GB SSD) | Dev environments, light apps |
| High Frequency Compute | $8/mo (1 vCPU, 2 GB, 50 GB NVMe) | Databases, busy web apps |
| Cloud Compute Optimized | $28/mo (2 vCPU, 4 GB) | Consistent CPU, no noisy neighbors |
| Bare Metal | $120/mo | Dedicated physical hardware |
| GPU Compute (A100) | ~$2.40/hr | ML training and inference |
For most web applications and self-hosted tools, the High Frequency Compute line at $8–24/month is the best value. NVMe storage makes a measurable difference for PostgreSQL query latency, Redis persistence, and anything that hits disk frequently.
Step 1 — Create Account and Add Your SSH Key
Sign up at vultr.com, verify your email, and add a payment method (credit card, PayPal, or crypto). Before deploying any instances, add your SSH public key to the account — Vultr injects it into new servers automatically, saving you from ever using password authentication.
Generate an Ed25519 key if you don't already have one:
ssh-keygen -t ed25519 -C "vultr-$(date +%Y)" -f ~/.ssh/id_ed25519_vultr
# Display the public key to copy:
cat ~/.ssh/id_ed25519_vultr.pubIn the Vultr dashboard: Account → SSH Keys → Add SSH Key. Paste the public key output and give it a descriptive label like workstation-2026. You can add multiple keys and select which ones to inject at deploy time.
Step 2 — Deploy Your First Instance
Click Deploy in the top-right corner of the dashboard and work through the options:
- Choose Type: Cloud Compute — Shared CPU for general use, or High Frequency for NVMe storage
- Server Location: Pick the region closest to your users (see the location table below — latency to your server matters more than latency to you)
- Server Image: Ubuntu 26.04 LTS is recommended; Debian 12 and Rocky Linux 10 are solid alternatives
- Server Size: $6/mo (1 vCPU, 2 GB) for dev and light production; $12/mo (2 vCPU, 4 GB) for small apps with real traffic
- Additional Features: Enable Auto Backups — it costs 20% of the instance price (so $1.20/mo for the $6 server) and retains daily snapshots. Enable this for any production server.
- SSH Keys: Select the key you just added
- Server Hostname & Label: Set something meaningful — you'll thank yourself when you have multiple instances
- Click Deploy Now
The instance is ready in 60–90 seconds. The dashboard shows the IP address under the instance details.
Step 3 — Connect and Initial Setup
The server boots as root with your SSH key pre-installed. First connection:
ssh root@YOUR_SERVER_IP
# Update all packages:
apt update && apt full-upgrade -y
# Set timezone (use your preferred zone or keep UTC for servers):
timedatectl set-timezone UTC
timedatectl status
# Create a non-root user for daily use:
adduser deploy
usermod -aG sudo deploy
# Copy root's authorized_keys to the new user:
rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy
# Set a hostname:
hostnamectl set-hostname myserver.yourdomain.com
# Reboot to apply any kernel updates:
rebootAfter the reboot, log in as your non-root user and confirm sudo access before you touch the SSH config:
ssh deploy@YOUR_SERVER_IP
sudo whoami
# Should output: rootStep 4 — Security Hardening
Disable root login and password authentication, then install fail2ban to block brute-force attempts.
sudo nano /etc/ssh/sshd_configSet or confirm these values:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
MaxAuthTries 3
LoginGraceTime 20
AllowUsers deploy# Validate the config before restarting:
sudo sshd -t
# Restart SSH (keep your current session open until you verify):
sudo systemctl restart ssh
# Open a second terminal and confirm you can still log in:
ssh deploy@YOUR_SERVER_IPInstall and configure fail2ban:
sudo apt install fail2ban -y
sudo tee /etc/fail2ban/jail.local << 'EOF'
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3
backend = systemd
[sshd]
enabled = true
port = ssh
EOF
sudo systemctl enable --now fail2ban
# Verify it's watching SSH:
sudo fail2ban-client status sshdExpected output:
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=ssh.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:Step 5 — Configure Firewall Groups and UFW
Vultr Firewall Groups are network-level rules applied before traffic reaches your server — more efficient than host-based firewalls alone, and they protect against port scans even if UFW is misconfigured. Use both.
Create a Firewall Group in the Dashboard
- Go to Network → Firewall → Add Firewall Group
- Add inbound rules:
- SSH: TCP 22 — your IP only (or Anywhere if you have a dynamic IP)
- HTTP: TCP 80 — Anywhere
- HTTPS: TCP 443 — Anywhere
- Leave outbound as default (allow all)
- Go to your instance → Settings → Firewall and link the group
UFW on the Server
sudo apt install ufw -y
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable — this takes effect immediately:
sudo ufw enable
sudo ufw status verboseStatus: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN AnywhereStep 6 — Install Nginx and SSL
Before running Certbot, point your domain's A record to your server IP and wait for DNS propagation (use dig yourdomain.com +short to verify).
sudo apt install nginx -y
sudo systemctl enable --now nginx
sudo apt install certbot python3-certbot-nginx -y
# Issue certificate — Certbot edits your Nginx config automatically:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
# Test renewal (does a dry run, no cert changes):
sudo certbot renew --dry-runAdd security headers to your Nginx server block. Edit the Certbot-managed config:
sudo nano /etc/nginx/sites-available/defaultserver {
listen 443 ssl;
server_name yourdomain.com www.yourdomain.com;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
# SSL config added by Certbot — do not remove
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
root /var/www/html;
index index.html;
}sudo nginx -t && sudo systemctl reload nginxBlock Storage
Vultr Block Storage is network-attached SSD at $0.10/GB/month (10 GB minimum = $1/month). Volumes can be attached, detached, and resized independently of your instance — useful for storing database files or uploads separately from your root disk.
Create a volume in the dashboard under Storage → Block Storage → Add Volume, attach it to your instance, then configure it on the server:
# Identify the new disk (usually /dev/vdb):
lsblk
# Format — only do this the first time, it erases all data:
sudo mkfs.ext4 /dev/vdb
# Create mount point and mount:
sudo mkdir -p /mnt/data
sudo mount /dev/vdb /mnt/data
# Get UUID for persistent mounting:
sudo blkid /dev/vdb/dev/vdb: UUID="a1b2c3d4-e5f6-7890-abcd-ef1234567890" BLOCK_SIZE="4096" TYPE="ext4"# Add to fstab using the UUID (nofail prevents boot failure if volume detaches):
echo 'UUID=a1b2c3d4-e5f6-7890-abcd-ef1234567890 /mnt/data ext4 defaults,nofail 0 2' | sudo tee -a /etc/fstab
# Test fstab before rebooting:
sudo mount -a
df -h /mnt/dataSnapshots and Backups
Automatic Backups
Enable under Server Settings → Backups. Cost is 20% of the instance price. Vultr retains 1–2 daily backups and rotates them. Restoring from a backup takes 15–30 minutes and replaces the current disk. Enable this for every production server — the cost is negligible.
Manual Snapshots
Create from Server Settings → Snapshots → Take Snapshot. Billed at $0.05/GB/month. Snapshots are full disk captures — use them before OS upgrades, major config changes, or new application deployments. A snapshot taken in one region can be used to deploy new instances in any region, making them useful for cloning environments.
