Setting up a VPS for the first time is manageable — until you hit one of three walls. Here's what they are and exactly how to get past each one.
Wall 1: UFW Firewall
Most tutorials tell you to run ufw enable and move on. The part they skip: what to allow first.
If you enable UFW before allowing SSH, you lock yourself out of your own server.
Safe sequence:
ufw allow 22 # SSH — do this FIRST
ufw allow 80 # HTTP
ufw allow 443 # HTTPS
ufw enable # now enable it
ufw status # verify
That's it. Everything not on this list is blocked. An open VPS gets port-scanned within hours of provisioning — don't skip this step.
Wall 2: nginx Reverse Proxy
Your Node.js app runs on port 3000. Visitors come in on port 80. nginx is the bridge between them.
The config that makes this work:
server {
listen 80;
server_name your-domain.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Save this to /etc/nginx/sites-available/myapp, symlink it to sites-enabled, test with nginx -t, reload with systemctl reload nginx. That's the full flow.
Wall 3: PM2 (The One Everyone Forgets)
If you start your app with node app.js and close the terminal — app is gone. If the server reboots — app is gone.
PM2 fixes this:
npm install -g pm2
pm2 start app.js --name myapp
pm2 startup # generates a command — run it
pm2 save # saves the process list for reboot
Two commands most people miss: pm2 startup and pm2 save. Without both, your app won't survive a reboot.
Putting It All Together with Claude Code
If you want to see these three things handled automatically on a fresh VPS, I put together a full walkthrough where Claude Code does the entire setup from one SSH prompt — including the firewall, reverse proxy, and PM2 config.
Full guide: ayyaztech.com/blog/hostinger-vps-setup-claude-code
Video walkthrough: youtu.be/AX9Wp_YxTpU
Top comments (0)