Export Configuration

Generate a custom bash script to automate your server setup. Select the modules you want to include.

Initial Configuration

System updates, user creation, and essential tools.

SSH Hardening

Disable root login, change port, and enforce key authentication.

Firewall Configuration

Configure UFW to allow SSH, HTTP, HTTPS, and custom ports.

Security Hardening

Fail2ban, unattended upgrades, and timezone configuration.

Docker Installation

Install Docker Engine, CLI, and Compose.

Coolify Installation

Install Coolify for self-hosted PaaS management.

Preview

#!/bin/bash
# VPS Setup Script generated by VPS_DOCS
# Target: ubuntu
# User: new_user
# IP: YOUR_SERVER_IP

set -e

echo "Starting VPS Setup..."


# --- Initial Configuration ---
# Update system
apt-get update && apt-get upgrade -y

# Install essential tools
apt-get install -y curl wget git sudo ufw fail2ban unattended-upgrades

# Create new user
if id "new_user" &>/dev/null; then
    echo "User new_user already exists"
else
    useradd -m -s /bin/bash new_user
    usermod -aG sudo new_user
    echo "new_user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/new_user
    chmod 0440 /etc/sudoers.d/new_user
fi

# Set up SSH directory for new user
mkdir -p /home/new_user/.ssh
chmod 700 /home/new_user/.ssh
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA..." >> /home/new_user/.ssh/authorized_keys
chmod 600 /home/new_user/.ssh/authorized_keys
chown -R new_user:new_user /home/new_user/.ssh

# --- SSH Hardening ---
# Backup existing config
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

# Configure SSH
sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#*Port.*/Port 2222/' /etc/ssh/sshd_config

# Restart SSH service
systemctl restart sshd

# --- Firewall Configuration ---
# Reset UFW
ufw --force reset

# Default policies
ufw default deny incoming
ufw default allow outgoing

# Allow essential ports
ufw allow 2222/tcp comment 'SSH'
ufw allow 80/tcp comment 'HTTP'
ufw allow 443/tcp comment 'HTTPS'
ufw allow 8080/tcp comment 'HTTP Alt'
ufw allow 8443/tcp comment 'HTTPS Alt'

# Enable UFW
ufw --force enable

# --- Security Hardening ---
# Configure Timezone
timedatectl set-timezone America/New_York

# Configure Fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
systemctl enable fail2ban
systemctl start fail2ban

# Configure Unattended Upgrades
echo 'Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}";
    "${distro_id}:${distro_codename}-security";
    "${distro_id}ESMApps:${distro_codename}-apps-security";
    "${distro_id}ESM:${distro_codename}-infra-security";
};' > /etc/apt/apt.conf.d/50unattended-upgrades
dpkg-reconfigure -f noninteractive unattended-upgrades

# --- Docker Installation ---
# Remove old versions
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do apt-get remove $pkg; done

# Add Docker's official GPG key
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources
echo   "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu   $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |   tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker packages
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# Add user to docker group
usermod -aG docker new_user

# --- Coolify Installation ---
# Install Coolify
curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash

echo "Setup Complete! Please reboot your server."