RamNode logo
    Sign UpLogin
    Back to Cloud VPS Documentation

    Cloud VPS Best Practices

    Essential guidelines for security, performance, and reliability

    Follow these proven best practices to build secure, performant, and cost-effective cloud infrastructure on RamNode.

    Security Best Practices

    SSH Key Authentication

    Always use SSH keys instead of passwords for authentication. SSH keys are significantly more secure and cannot be brute-forced.

    # Generate a strong SSH key
ssh-keygen -t ed25519 -C "your_email@example.com"

# Disable password authentication
echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config
sudo systemctl restart sshd

    See our SSH Key Management guide for details.

    Firewall Configuration

    Configure restrictive firewall rules using Security Groups. Follow the principle of least privilege—only open ports that are absolutely necessary.

    Essential Security Group Rules

    • SSH (22): Restrict to your IP address or VPN
    • HTTP (80) / HTTPS (443): Open only for web servers
    • Database ports: Never expose to 0.0.0.0/0
    • Block all other ports by default

    Regular Security Updates

    Keep your system updated with the latest security patches:

    # Ubuntu/Debian
sudo apt update && sudo apt upgrade -y

# CentOS/Rocky/AlmaLinux
sudo dnf update -y

# Enable automatic security updates
sudo apt install unattended-upgrades  # Ubuntu/Debian
sudo dnf install dnf-automatic        # CentOS/Rocky/Alma

    Implement Fail2ban

    Protect against brute-force attacks by automatically blocking suspicious IPs:

    # Install Fail2ban
sudo apt install fail2ban

# Start and enable
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

    Use Private Networks

    Keep internal communication private by using private networks. Never send sensitive data over public interfaces.

    Performance Best Practices

    Choose the Right Instance Size

    Don't over-provision or under-provision. Monitor your resource usage and resize as needed:

    • CPU: Should average 60-80% under normal load
    • RAM: Keep 10-20% free for system operations
    • Disk I/O: Monitor with iostat for bottlenecks

    Optimize Disk Performance

    Use modern filesystems and mount options for better performance:

    # Add to /etc/fstab for better SSD performance
/dev/vda1 / ext4 defaults,noatime,discard 0 1

# For databases, consider using dedicated volumes
# Mount with appropriate options
/dev/vdb /var/lib/mysql ext4 noatime,data=writeback 0 0

    Implement Caching

    Reduce load on your applications with caching layers:

    • Redis/Valkey: For application-level caching
    • Nginx: For static content and reverse proxy caching
    • CDN: For global content delivery

    Use Content Delivery Networks

    Integrate with Cloudflare or other CDNs to cache static assets and reduce server load while improving global performance.

    Backup and Recovery Best Practices

    Follow the 3-2-1 Backup Rule

    3
    Keep 3 copies of your data
    2
    Store on 2 different media types
    1
    Keep 1 copy offsite

    Automated Backup Strategy

    Implement automated backups at multiple levels:

    • Snapshots: Daily automated snapshots via Cloud Control Panel
    • Application backups: Database dumps, file backups
    • Offsite storage: Copy backups to Object Storage or external service

    Test Your Backups

    Regular testing is crucial. Schedule quarterly restore tests to verify backup integrity and recovery procedures.

    # Example automated backup script
#!/bin/bash
DATE=$(date +%Y%m%d)
mysqldump -u root -p$DB_PASSWORD mydb > /backups/mydb-$DATE.sql
tar -czf /backups/files-$DATE.tar.gz /var/www
# Upload to Object Storage
rclone copy /backups/ remote:backups/

    Networking Best Practices

    Use Floating IPs for Production

    Floating IPs allow you to quickly remap traffic to different instances during maintenance or failover scenarios.

    Implement Load Balancing

    For high-availability applications, use a load balancer to distribute traffic across multiple instances.

    Configure Reverse DNS

    Set up proper reverse DNS records, especially for mail servers, to improve deliverability and reputation.

    Monitor Network Performance

    Track bandwidth usage and network latency:

    # Monitor bandwidth
iftop -i eth0

# Check network latency
mtr -r example.com

# Monitor connections
ss -s

    Cost Optimization Best Practices

    Right-Size Your Resources

    Regularly audit and optimize your infrastructure:

    • • Delete unused instances and block storage volumes
    • • Remove old snapshots beyond retention period
    • • Scale down over-provisioned instances
    • • Consolidate low-traffic applications

    Leverage Hourly Billing

    Take advantage of hourly billing for development and testing environments. Shut down instances when not in use:

    # Automate instance shutdown for dev environment
# Shutdown at 6 PM weekdays
0 18 * * 1-5 openstack server stop dev-instance

    Use Appropriate Storage

    Match storage type to workload:

    • Local disk: For temporary data, caches
    • Block Storage: For persistent application data
    • Object Storage: For backups, static assets, archives

    Monitor and Alert

    Set up billing alerts and usage monitoring to avoid surprises. Use the Cloud Control Panel to track spending trends.

    Application Best Practices

    Use Configuration Management

    Implement Infrastructure as Code (IaC) for reproducible deployments:

    • Terraform: For infrastructure provisioning
    • Ansible: For configuration management
    • Cloud-init: For initial instance setup

    Implement Health Checks

    Monitor application health and availability:

    # Simple health check endpoint
curl -f http://localhost/health || exit 1

# Use tools like Uptime Kuma for monitoring
# https://github.com/louislam/uptime-kuma

    Enable Logging

    Centralize logs for easier debugging and auditing:

    # Send logs to centralized logging
# rsyslog configuration
*.* @@logserver.example.com:514

# Or use journald
journalctl -u myapp -f

    Use Environment Variables

    Never hardcode credentials. Use environment variables or secret management:

    # Store secrets in environment
export DB_PASSWORD="secret"
export API_KEY="key"

# Or use systemd environment files
EnvironmentFile=/etc/myapp/secrets.env

    Deployment Best Practices

    Blue-Green Deployments

    Minimize downtime by maintaining two identical production environments:

    1. Deploy new version to "green" environment
    2. Test thoroughly
    3. Switch floating IP or load balancer to green
    4. Keep blue as rollback option

    Use Version Control

    Track all configuration and infrastructure code in Git:

    • • Store cloud-init configs
    • • Version control Terraform/Ansible scripts
    • • Document changes in commit messages
    • • Use branches for testing changes

    Implement CI/CD

    Automate deployment pipelines for consistency and speed:

    • • Automated testing before deployment
    • • Consistent deployment process
    • • Easy rollback capabilities
    • • Audit trail of all changes

    Disaster Recovery Planning

    Critical: Have a DR Plan

    Every production environment needs a documented disaster recovery plan. Test it regularly to ensure you can recover from catastrophic failures.

    Essential DR Components

    • RPO (Recovery Point Objective): Maximum acceptable data loss (e.g., 1 hour)
    • RTO (Recovery Time Objective): Maximum acceptable downtime (e.g., 4 hours)
    • Backup verification: Regular restore testing
    • Runbook: Step-by-step recovery procedures
    • Contact list: Emergency contact information

    Documentation

    Document everything: Architecture diagrams, runbooks, configuration details, and troubleshooting procedures. Your future self (and team) will thank you.

    Getting Help

    Need assistance implementing these best practices? Our support team can provide guidance and recommendations specific to your use case.

    Contact Support