Getting Started: Create Your Own Cloud Instance for Self-Hosting Business License
This guide will walk you through the steps to create your own server instance and configure basic firewall rules to securely host your self-hosted platform.
Step 1: Create a New Cloud Server (Instance)
Choose your preferred cloud provider:
- AWS EC2 (Launch & Use Guide)
- Google Cloud (Create & Start Instance)
- Microsoft Azure (Quick Create VM)
- DigitalOcean (Create Droplet)
- Hetzner (Create Server Guide)
Recommended Instance Configuration
| Setting | Value | Notes |
|---|---|---|
| Operating System | Ubuntu 24.04 LTS | Recommended |
| Instance Type | 2 vCPU, 4GB RAM (minimum) | Scale as needed |
| Storage | SSD (50 GB or higher) | |
| Public IP | Yes | Auto-assigned or manual |
| SSH Key Pair | Generate or use existing | Required for secure login |
Note: If your cloud provider requires a Virtual Private Cloud (VPC) or similar, accept default settings unless you have custom networking needs.
Step 2: Additional Cloud Settings (Recommended)
IP Address Configuration
- ✅ Use Elastic IP (AWS), Static IP (Google Cloud, Azure, DigitalOcean, Hetzner):
- This ensures your server always retains the same public IP even after reboot or redeployment.
- Having a fixed IP makes DNS mapping much easier.
Snapshots & Backup
-
✅ Snapshots (Full server backup):
- You may enable snapshots for your server instance to simplify disaster recovery.
- 🔧 Note: Snapshots may incur additional storage costs depending on your cloud provider.
-
✅ Database-Only Backup (Cost-saving option):
- You can also set up regular database backups alone (MySQL/PostgreSQL dumps) if you prefer to back up only the application data without full disk snapshots.
Step 3: Secure Your Server with Firewall Rules
Firewall (Security Groups / Network Security Groups) control which traffic can reach your instance.
Recommended Firewall Rules
| Purpose | Protocol | Port | Source |
|---|---|---|---|
| HTTP | TCP | 80 | 0.0.0.0/0 |
| HTTPS | TCP | 443 | 0.0.0.0/0 |
| SSH (Secure Access) | TCP | 22 | Your Public IP Address/32 |
Replace Your Public IP Address with your actual public IP.
The /32 notation means "only this exact IP".
- ✅ This ensures only you can access SSH while keeping HTTP/HTTPS open for public web access.
Apply Firewall Rules:
| Cloud Provider | Firewall Rule Name |
|---|---|
| AWS | Security Groups |
| Google Cloud | Firewall Rules |
| Azure | Network Security Groups |
| DigitalOcean | Firewalls |
| Hetzner | Firewall Groups |
Step 4: Connect to Your Server via SSH
For Mac / Linux / Terminal Users
Run the following command:
ssh -i /path/to/your/private_key.pem username@your_instance_public_ip
Replace /path/to/your/private_key.pem with your private key file path.
Replace username and your_instance_public_ip accordingly.
Default SSH Usernames
| Cloud | Default Username |
|---|---|
| AWS | ubuntu |
| Google Cloud | username you configured |
| DigitalOcean | root |
| Hetzner | root |
| Azure | username you configured |
For Windows Users (Using PuTTY)
- Download PuTTY & PuTTYgen from the official website.
- Convert your SSH Key (.pem) to PuTTY format (.ppk):
- Open PuTTYgen.
- Load your .pem file.
- Save private key as .ppk.
- Connect via PuTTY:
- Host Name: your_instance_public_ip
- Port: 22
- SSH > Auth > Browse and select your .ppk file.
- Open session and login using the default username.
Step 5: Important Considerations
-
✅ Dynamic IP:
- If your IP changes often, update the SSH rule or use a VPN with a static IP.
-
✅ Security Best Practices:
- Only open required ports.
- Disable root login after initial setup.
- Use strong SSH keys.
- Regularly review firewall rules.
-
✅ Optional for Production:
- Consider using a Bastion Host or VPN-based SSH access for added security.
- Consider enabling cloud provider monitoring & alerting services.