Spring is in the Air

Hire Mark

Why Hire Mark ?

Building a Modern Multi‑Purpose VPS: A Practical Journey Into Infrastructure, Security, and Cloud‑Ready Design

By

Mark Hart

in


In an era where cloud platforms dominate the conversation, there’s something refreshingly hands‑on about shaping a VPS into a tailored environment that serves both development and learning. What began as a curiosity into Linux server deployment evolved into a fully featured, multi‑role system designed to support a future marketplace application while doubling as a hybrid cloud lab for AZ‑104 certification work.

This article walks through the architecture, decisions, and technical milestones that transformed a blank VPS into a secure, organized, and extensible platform.

Establishing a Secure User Environment

The foundation of any reliable server begins with user access. A dedicated administrative account was created to replace direct root interaction. The setup included:

  • SSH key‑based authentication
  • Proper home directory and shell configuration
  • Strict permissioning (700 on the home directory and .ssh)
  • Sudo access for administrative tasks

This approach ensures a clean separation between system‑level operations and day‑to‑day management, while aligning with best practices for secure Linux administration.

Cockpit: A Modern Control Plane for Server Management

To streamline system oversight, Cockpit was deployed and exposed through a dedicated subdomain.

Cockpit provides a graphical interface for:

  • Service and log management
  • Storage and networking visibility
  • System health monitoring
  • Virtual machine administration

Because Cockpit relies heavily on WebSockets, reverse‑proxying it through Nginx required additional configuration. Once the appropriate upgrade headers and HTTP/1.1 support were added, Cockpit operated seamlessly behind SSL — a crucial step for secure remote access.

WireGuard and the VPN Dashboard

A secure VPN layer was the next priority, especially with plans to run a hybrid Azure lab. WireGuard was installed alongside the WG Dashboard:

This provides:

  • Encrypted remote access
  • A private network for lab resources
  • A foundation for hybrid identity and Azure connectivity

With Nginx handling SSL termination, the VPN interface integrates cleanly into the broader server architecture.

Nginx as the Routing Hub

Nginx now serves as the central routing layer for the VPS, managing SSL certificates and directing traffic to internal services.

This structure allows new services to be added with minimal friction. Each domain receives its own configuration, enabling clear separation of concerns and predictable behavior.

Retiring Cloud‑Init for a Stable Long‑Term System

As the system evolved, cloud‑init — originally used by the VPS provider for first‑boot configuration — began generating errors during the network stage. These warnings appeared because the server’s configuration had diverged significantly from the initial template, particularly after adding WireGuard, modifying SSH settings, and customizing networking.

Since cloud‑init is only necessary during provisioning, it was disabled entirely. This eliminated recurring boot errors and ensured that custom configurations remain untouched.

A Platform Ready for Dual Roles

With the core infrastructure in place, the VPS is now positioned to support two major initiatives:

Marketplace Application Development

The environment is prepared for:

  • Application hosting
  • Database deployment
  • Mail server integration or external SMTP services
  • SSL‑secured routing
  • Future migration to a dedicated VPS or VM

AZ‑104 Hybrid Cloud Lab

The system is equally ready for hands‑on cloud administration work:

  • Virtual machine hosting via Cockpit
  • WireGuard‑secured access
  • Windows Server deployment
  • Active Directory Domain Services
  • Azure AD Connect and hybrid identity scenarios

This dual‑purpose design turns the VPS into a flexible, cloud‑ready workspace that supports both real‑world development and certification‑focused experimentation.

Looking Ahead

With the infrastructure foundation complete, the next phase includes:

  • Deploying the marketplace application
  • Selecting and configuring a database engine
  • Integrating mail services
  • Building out the Windows Server environment
  • Connecting the lab to Azure for hybrid identity testing
  • Expanding the Nginx routing structure as new services come online

What began as a straightforward VPS setup has evolved into a robust, multi‑functional environment — one that blends practical development needs with cloud engineering exploration. It’s a reminder that even in a cloud‑first world, there’s immense value in crafting your own infrastructure from the ground up.

Disclaimer – This site contains product promotional links. We may receive a commission or reward if you make a purchase or signup after clicking on one of these links.