-
On your local machine:
# Generate SSH key if you don't have one ssh-keygen -t ed25519 -C "your_email@example.com" # Copy public key to server ssh-copy-id root@YOUR_SERVER_IP
-
Disable password authentication:
# Edit SSH config nano /etc/ssh/sshd_configSet:
PasswordAuthentication no
# Install UFW
apt install ufw
# Set default policies
ufw default deny incoming
ufw default allow outgoing
# Allow SSH (before enabling UFW!)
ufw allow ssh
# Allow Plex ports
ufw allow 32400/tcp # Plex main port
ufw allow 32469/tcp # Plex DLNA
ufw allow 1900/udp # Plex DLNA discovery
ufw allow 32410:32414/udp # Plex media streaming
# Enable UFW
ufw enable-
System Updates:
# Update system packages apt update && apt upgrade -y # Update Docker images docker-compose pull docker-compose up -d
-
Backup Strategy:
- Regular config backups
- Database backups
- Keep .env file secure
- Vultr API key stored in .env
- File permissions should be restricted
- Never commit .env to repository
- Gmail App Password used instead of account password
- Stored in .env file
- Limited to email notifications only
# Set correct permissions
chmod 600 .env
chmod +x scripts/*.sh- All sensitive data in .env
- Loaded only when needed
- Validated before use
- Keep .env secure
- Don't share API keys
- Regular security updates
- Rotate API keys periodically
- Monitor access logs