Turn Your VPS into an Impenetrable Fortress: How to Make Your Public Server Private Using Tailscale and UFW!

Binsar Dwi Jasuma - Oct 20 - - Dev Community

You've set up your shiny new VPS, ready to take on the world, but wait! Your server is like a sitting duck out there, just waiting for unwanted visitors to come knocking. Are you going to let random strangers poke around in your virtual backyard? NO WAY!

In this ultimate guide, we’re going to show you how to flip the switch and turn your VPS into a private, ultra-secure fortress that only YOU can access. We’ll teach you why securing your server is absolutely necessary, how to set it up with Tailscale (your new best friend), and even how to throw UFW into the mix for an extra wall of security.

Oh, and for the pros out there? We’ve got an extreme option that’ll block the entire internet from even touching your VPS. So buckle up, it’s time to go from exposed to invincible!


Why You Need to Secure Your VPS

Leaving your VPS out in the open is like setting up a lemonade stand in the middle of the desert and hoping thieves don’t find you. Here’s why you absolutely, without a doubt, need to lock it down:

  1. Unauthorized Access? No Thanks! Hackers love unsecured servers. If they break in, they can steal your data, mess with your files, or worse—turn your server into their personal playground.

  2. Your Data is Precious: Whether you’re hosting sensitive info or just running a website, your data is valuable. You wouldn’t leave your house door open, would you? (Didn’t think so.)

  3. Avoid Nightmares and Huge Bills: If your VPS gets hijacked and used for attacks on other systems, you get stuck with the damage—and possibly the bill! Yikes!

Now that you understand the why, let’s dive into the how!


Why Tailscale is the Superhero Your VPS Needs

If your VPS were a damsel in distress, Tailscale would be the superhero swooping in to save the day. Tailscale is a magical tool that builds a private, secure network between your devices and your VPS with just a few clicks. Here's why it’s awesome:

  • Stupidly Easy Setup: No messing with crazy firewall rules or VPN configs. Tailscale does the heavy lifting.
  • Private Network FTW: Only devices YOU trust can access your VPS. Everyone else? Blocked!
  • No Exposed Ports: Tailscale creates a secure tunnel, keeping your server hidden from the outside world.

How to Transform Your VPS into a Private Fortress with Tailscale and UFW

Ready to lock things down? Here’s how to make sure that only you (and whoever you trust) can get into your VPS. Grab a cup of coffee (or tea, if you’re fancy), and let’s get started.

Step 1: Install Tailscale on Your VPS

First, let’s SSH into your VPS while it's still tragically open to the public:

ssh root@your-vps-ip
Enter fullscreen mode Exit fullscreen mode

Now, install Tailscale with this super simple command:

curl -fsSL https://tailscale.com/install.sh | sh
Enter fullscreen mode Exit fullscreen mode

Next, fire up Tailscale with:

tailscale up
Enter fullscreen mode Exit fullscreen mode

A magical link will appear—click it, log in, and boom, your VPS is now linked to your private Tailscale network.

Step 2: Block Public Access Using UFW (aka Build Your Firewall)

Now that you’ve got Tailscale working its magic, let’s put up a good old-fashioned wall. We’ll use UFW (Uncomplicated Firewall) to make sure no one can get in through the public IP anymore. Here's how:

  1. Install UFW: If UFW isn’t installed already, slap it on your VPS with:
   sudo apt install ufw
Enter fullscreen mode Exit fullscreen mode
  1. Allow Traffic from Tailscale: Tailscale needs some specific ports open to work its magic. Let’s allow them:
   sudo ufw allow in on tailscale0
   sudo ufw allow out on tailscale0
Enter fullscreen mode Exit fullscreen mode
  1. Block All SSH Access from the Public IP: Now that Tailscale is handling the connections, we’ll shut the door on public SSH access:
   sudo ufw deny 22/tcp
Enter fullscreen mode Exit fullscreen mode
  1. Turn On UFW: Let’s fire up UFW and make sure the firewall is active:
   sudo ufw enable
Enter fullscreen mode Exit fullscreen mode

Your VPS is now only accessible through Tailscale. The public IP? Forget about it! It’s locked down tighter than a bank vault.


Pro Option (For the Brave): Block ALL Incoming Traffic and Only Allow Tailscale

Feeling extra brave? Want to take things to the extreme? For those who want total lockdown, you can block ALL incoming traffic to your VPS except for Tailscale. It’s the nuclear option of security, making sure not a single soul (except for your Tailscale devices) can touch your VPS.

Note: This option is only for the pros who know what they’re doing. Block everything, and you could accidentally lock yourself out. Proceed with caution!

Here’s how to make it happen:

Step 1: Block All Incoming Traffic

We’ll block every single incoming connection except for those coming through Tailscale. Do this by running:

sudo ufw default deny incoming
Enter fullscreen mode Exit fullscreen mode

Step 2: Allow Only Tailscale Traffic

To keep Tailscale alive and well, allow traffic through its interface:

sudo ufw allow in on tailscale0
sudo ufw allow out on tailscale0
Enter fullscreen mode Exit fullscreen mode

Step 3: Activate UFW

Now, turn UFW on and check the status:

sudo ufw enable
sudo ufw status
Enter fullscreen mode Exit fullscreen mode

All incoming traffic except for Tailscale is now blocked. Your VPS is practically untouchable.

Step 4: Test Your Setup

Try accessing your VPS from a public IP—you’ll hit a wall. Use your Tailscale IP instead, and you’re in!

ssh root@your-tailscale-ip
Enter fullscreen mode Exit fullscreen mode

Why Bother with UFW If You’re Using Tailscale?

You might wonder, "Why go through all the trouble of setting up UFW if Tailscale already secures my connections?" Great question! UFW acts as a backup, just in case something funky happens with Tailscale. It ensures that if Tailscale isn’t available, the doors to your VPS remain slammed shut. Better safe than sorry, right?


Conclusion: Your VPS is Now a Digital Fortress

And there you have it! You’ve transformed your VPS from a publicly exposed server into a digital fortress—a stronghold where only YOU hold the keys. With Tailscale’s private network and UFW’s firewall standing guard, your VPS is now invincible to outside threats.

So, kick back, relax, and enjoy the peace of mind knowing that your VPS is now securely tucked away, safe from the prying eyes of the internet!

. .