DEV Community: Abdullah Sheikh

How to Set Up a Self-Hosted Server on Oracle Cloud Free Tier in 30 Minutes

Abdullah Sheikh — Wed, 20 May 2026 12:06:45 +0000

Step‑by‑step guide to launch, configure, and secure a Linux server on Oracle Cloud’s free tier

Before We Start: What You'll Walk Away With

By the end of this guide you’ll be running a live Linux VM on Oracle Cloud’s free tier without spending a dime.

Think of the process like ordering a pizza: you pick the crust (the VM), add the toppings (SSH access and web stack), then make sure it arrives hot and safe (firewall and TLS).

First you’ll spin up a free Oracle Cloud VM and lock down a secure ssh connection, just like getting a key to your new apartment.

Next you’ll set up a web server—Apache or Nginx—so you can drop a simple HTML file and see it show up, similar to placing a flyer on a billboard.

Finally you’ll tighten security with basic firewall rules and a free TLS certificate, giving your site the same protection a hotel safe provides for valuables.

Launch the free tier instance and note its public IP.
Configure ssh keys and connect from your terminal.
Install Apache or Nginx, start the service, and serve a test page.
Open only needed ports with iptables or ufw.
Obtain a Let’s Encrypt certificate and enable HTTPS.
Tools: Oracle Cloud Console, ssh, apt/yum, certbot.
Tip: Keep the VM in the free tier by staying under the 2 CPU/200 GB storage limit.
Cheat sheet: ssh -i ~/.ssh/oracle_key ubuntu@your_ip to connect.

Now you have a production‑ready server you can actually use, not just a virtual box that sits idle.

What a Self‑Hosted Server on Oracle Cloud Actually Is (No Jargon)

Imagine you’ve just booked a tiny, fully furnished studio on a short‑term lease. The walls are already there, the electricity works, and you get the keys without signing a long contract. That studio is your virtual machine on Oracle Cloud’s free tier.

Just like you can paint the walls, hang pictures, or bring in a couch, you can install any Linux distro, add a web server, or deploy a database. Nothing stops you from rearranging the furniture (changing configurations) or even kicking out a roommate (removing software) whenever you want.

The big difference from a traditional rental is the landlord never asks for rent as long as you stay within the free limits. Oracle provides the underlying hardware, power, and network, but the VM’s interior belongs entirely to you.

Think of the setup process like moving into that studio:

Pick a floor plan (choose an instance shape).
Get the keys (create the VM).
Turn on the lights and plug in your laptop (connect via SSH).

Once you’re inside, you control every switch. Want to run a Node.js API? Install Node. Need a MySQL database? Spin it up. All of that happens on your oracle cloud free tier server, and you won’t see a surprise bill if you keep an eye on usage.

In short, a self‑hosted server on Oracle Cloud is just a personal, no‑rent apartment in the cloud, ready for you to furnish however you like.

The 4 Mistakes Everyone Makes With Oracle Cloud Free Tier

Most people hit a wall on the free tier because they skip the little details that keep the service truly free.

Forgetting to set the correct shape limits – It’s like ordering a pizza without checking the slice count; you think you’re getting a small, but the system hands you a larger, billable size. In the console, lock the VM shape to VM.Standard.E2.1.Micro and verify the Monthly Free Usage Limit under “Limits & Quotas”.
Using the default “oraclecloud” SSH key – Handing out a master key to every guest is a security nightmare. Generate a fresh key pair (ssh-keygen -t rsa -b 4096 -f mykey), upload the public part, and delete the default key from the instance’s Metadata page.
Skipping VCN/subnet firewall rules – Imagine a house with all doors locked; no one can get in, even you. Open ports 22 (SSH) and 80/443 (web) in the VCN security list, or create a custom security group that mirrors the traffic your app needs.
Ignoring the automatic shutdown policy – Leaving a car idling wastes fuel; leaving a VM running wastes free hours. Enable Auto‑Terminate after 24 hours of inactivity or set a cron job that runs oci compute instance-action --action STOP on a schedule.
Cheat sheet: shape = VM.Standard.E2.1.Micro, SSH key = personal, firewall = ports 22 / 80 / 443, shutdown = auto‑terminate or cron.

Keep these four checkpoints in mind and the Oracle cloud free tier server stays free.

How to Set Up a Self‑Hosted Server on Oracle Cloud: Step‑by‑Step

Grab your laptop, fire up a browser, and follow these actions one after another.

Sign up for the Oracle Cloud Free Tier and verify the email and phone you provided. Think of it like registering for a loyalty card before you can collect points.
In the OCI Console, click Create a Compute Instance. Choose the ‘Always Free’ VM.Standard.E2.1.Micro shape – it’s the free‑tier version of a small rental car.
Set up networking: create a VCN, add a public subnet, then open ports 22, 80, 443. This is like drawing a map, marking the road (subnet) and opening the gates (ports) you’ll need.
On your workstation generate an SSH key pair:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/oracle_key -N ""

Copy the contents of ~/.ssh/oracle_key.pub into the instance’s SSH key field. It’s the digital equivalent of handing over a house key before you move in.

Launch the instance and note the public IP address that appears. Treat that IP like the street address of your new place.
Open a terminal and connect:

ssh -i ~/.ssh/oracle_key opc@

Update the OS packages:

sudo dnf update -y   # for Oracle Linux
# or
sudo apt update -y   # for Ubuntu

Install Nginx:

sudo dnf install nginx -y   # Oracle Linux
# or
sudo apt install nginx -y   # Ubuntu

Enable and start the web server so it survives reboots:

sudo systemctl enable --now nginx

Harden the box:
Configure a firewall (firewalld on Oracle Linux or ufw on Ubuntu) to allow only 22, 80, 443.
Disable root SSH login by setting PermitRootLogin no in /etc/ssh/sshd_config and restarting SSH.
Install Certbot for a free HTTPS certificate:

sudo dnf install certbot python3-certbot-nginx -y   # Oracle Linux
# or
sudo apt install certbot python3-certbot-nginx -y   # Ubuntu

Run sudo certbot --nginx and follow the prompts – it’s like ordering a locked door for your website.

Now your oracle cloud free tier server is up, secure, and ready to host.

A Real Example: Deploying a Portfolio Site for Maya the Designer

Maya signs up for a free Oracle account, picks the same VM shape, and names the instance maya‑portfolio.

She connects via SSH using the steps 1‑6, then runs:

sudo dnf install nginx

Next, she copies her index.html to the web root with:

scp index.html user@public_ip:/usr/share/nginx/html/

To secure the site, Maya runs:

sudo certbot --nginx -d portfolio.maya.com

Think of the process like ordering a meal: you pick the dish (VM), add the sauce (nginx), place the garnish (HTML), and finish with a sweet dessert (HTTPS certificate).

Tip: Verify the firewall allows ports 80 and 443; Oracle Cloud’s default security list blocks them.
Tip: After the certbot step, reload Nginx with sudo systemctl reload nginx to apply the new cert.
Tip: Test the site with curl -I https://portfolio.maya.com to confirm a 200 response.

Now Maya’s portfolio is live at https://portfolio.maya.com, fully HTTPS‑secured, all thanks to an oracle cloud free tier server.

The Tools That Make This Easier

Grab the tools that turn a raw VM into a ready‑to‑run server, just like picking the right kitchen gadgets makes a dinner prep painless.

Oracle Cloud Console (2025 UI) – The control panel where you spin up instances, attach VNICs, and set security lists. Think of it as Google Maps for your cloud: you plot the route, then follow the directions without getting lost.
PuTTY / Termius – Cross‑platform SSH clients that give you a terminal window into the VM. It’s like ordering a meal and having the server bring it straight to your table, no matter which restaurant (Windows, macOS, Linux) you’re at.
Visual Studio Code + Remote‑SSH – Open the VM’s filesystem in your favorite editor and save changes instantly. Imagine packing a suitcase: you load items directly into the bag without having to unpack and repack later.
Certbot 2.7 – The official Let’s Encrypt client that fetches and renews SSL certificates with a single command. It works like a vending machine that dispenses a fresh, valid certificate every 90 days without you pressing any extra buttons.
UFW (Ubuntu) or firewalld (Oracle Linux) – Simple firewall front‑ends for opening only the ports you need. They act like a doorman who checks IDs before letting anyone into the building.
Cheat sheet:
Connect: ssh -i mykey.pem opc@public_ip
Install Certbot: sudo snap install --classic certbot
Open HTTP/HTTPS: sudo ufw allow 80,443/tcp

With these five tools in hand, the rest of the setup is just a matter of following the steps.

Quick Reference: Oracle Cloud Free Tier Server Cheat Sheet

Grab this cheat sheet when you need a quick refresher—no fluff, just the moves.

Sign up, verify email, and open the Oracle Cloud Console. Think of it like ordering a coffee: you create an account, confirm your payment method, then you’re ready to pick a drink.
Create a VM: choose Always Free → VM.Standard.E2.1.Micro. It’s the “basic espresso” of cloud instances—nothing fancy, but it gets the job done.
Set up networking: add a VCN, attach a public subnet, and open ports 22, 80, 443. Imagine drawing a route on Google Maps; you need the right roads open to reach your destination.
Generate an SSH key pair, paste the public key into the console, then launch. This is like packing a suitcase with a lock: the key lets you open it later.

SSH into the instance and run the initial setup. For example, Alex, a freelance developer, types:

sudo dnf update -y
sudo dnf install -y nginx

Then starts Nginx, adjusts the firewall, and adds Certbot for HTTPS.

Enable the services, configure the firewall, and obtain a free TLS cert. It’s the same as setting up a home security system after you’ve moved in.

Test the deployment:

curl -I http://
curl -I https://

If you see 200 OK, you’re live.

Sign‑up & Console: Register, verify, open console.
VM Selection: Always Free → VM.Standard.E2.1.Micro.
Networking: VCN + Public Subnet, open 22/80/443.
SSH Keys: Create, paste public key, launch.
Initial Setup: sudo dnf update, install Nginx, enable service.
Security: Firewall rules, Certbot HTTPS.
Verification: curl -I on IP and domain.

Stick this on your desktop and spin up an oracle cloud free tier server in minutes.

What to Do Next

Pick a path and keep the momentum going.

Easy: Deploy a second static site on the same VM. Think of it like ordering a side dish at a restaurant—you already have the table, just add another plate. Create a new directory, drop an index.html in there, and add a virtual host entry in /etc/apache2/sites-available. Reload Apache and you’ll see two distinct sites sharing one IP.

Medium: Install Docker Engine and spin up a containerized app. It’s similar to using Google Maps: the VM is the base map, Docker adds layers you can toggle on and off. Run

sudo apt-get update && sudo apt-get install -y docker.io

then pull your image with docker run -d -p 8080:80 myimage. Your app now lives in an isolated sandbox.

Hard: Wire a CI/CD pipeline with GitHub Actions that pushes directly to OCI. Picture packing a suitcase: every item (code) gets placed in the right compartment (container) automatically. In your repo, add a .github/workflows/deploy.yml that authenticates using an OCI token, builds the Docker image, and updates the instance. Once the workflow runs, new commits appear live without manual steps.
Tip: Keep an eye on the free‑tier limits; a stray large image can tip the budget.
Tool: Use oci CLI for quick checks: oci compute instance list.

Cheat sheet:

VM IP → ssh -i mykey opc@IP
Docker start → docker compose up -d
Deploy action → gh secret set OCI_TOKEN

Got stuck or have a cool use case? Drop a comment below – I’d love to hear how you’re using Oracle’s free tier!

About the Author

Abdullah Sheikh is the Founder & CEO at Exteed, where he leads a team of skilled developers specializing in Web2 and Web3 applications, Custom Smart Contracts, and Blockchain solutions.

With 6+ years of experience, Abdullah has built CRMs, Crypto Wallets, DeFi Exchanges, E-Commerce Stores, HIPAA Compliant EMR Systems, and AI-powered systems that drive business efficiency and innovation.

His expertise spans Blockchain, Crypto & Tokenomics, Artificial Intelligence, and Web Applications; building reliable and smooth web apps that fit the client’s goals and requirements.

📧 info@abdullah-sheikh.com · 🔗 LinkedIn · 🌐 abdullah-sheikh.com

How to Build a REST API with Node.js and Express from Scratch

Abdullah Sheikh — Tue, 19 May 2026 14:17:26 +0000

Create a production‑ready API step‑by‑step and deploy it in under an hour

Before We Start: What You'll Walk Away With

By the end of this guide you’ll have a ready‑to‑run REST API that you built from the ground up.

First you’ll set up a tidy project folder, run npm init, add ESLint for clean code, and drop a proper .gitignore so nothing unwanted gets committed.

Next you’ll write routes, middleware, validation, and error handling that follow the same rules you’d use when ordering food—a clear menu, a way to confirm the order, and a system to handle any mix‑ups.

Finally you’ll run the API locally, wrap it in a Docker container, and push it to a free host, giving you a deployable service you can share with teammates or clients.

Scaffold the project with npm and configure ESLint.
Implement REST‑style endpoints, validation, and centralized error handling.
Test locally, containerize with Docker, and deploy to a free platform.
Folder layout: src/ for code, test/ for tests, config/ for env settings.
Middleware chain: request logger → validator → route handler → error catcher.
Docker tip: keep the image under 100 MB by using node:alpine as the base.

This roadmap gives you a solid foundation to build REST API Node.js projects without the usual guesswork.

Ready to start the first step?

What a REST API Actually Is (No Jargon)

REST API is simply a collection of URLs that other programs can call to read or change data. Each URL, called an endpoint, listens for standard HTTP verbs—GET to fetch, POST to create, PUT to replace, and DELETE to remove. The server always answers with a predictable format, typically JSON, so the caller knows exactly what to expect.

Think of it like a restaurant menu. The menu lists dishes (endpoints) and tells you what ingredients you’ll get. When you order GET /menu/pizza, the kitchen (server) returns a description of the pizza. If you want a custom pizza, you send POST /order with your toppings, and the kitchen prepares it for you. No matter how many times you place the same order, you receive the same style of response.

Because the menu never changes its layout, you can walk into any branch of the restaurant and order the same dish without confusion. That stability is what makes a REST API reliable for apps, mobile phones, or other services that need to share data.

The 4 Mistakes Everyone Makes With REST APIs

Don’t let these four slip‑ups derail your first build REST API Node.js project.

Mixing business logic into route handlers. Think of a restaurant where the chef also takes orders, collects payment, and cleans tables. When the chef gets tangled in non‑cooking tasks, the kitchen slows down and you can’t easily test a single dish. In Express, putting database queries or calculations straight inside app.get('/users') makes unit tests a nightmare.
Ignoring proper HTTP status codes. It’s like a GPS that always says “You have arrived” even when you’re still on the highway. Clients can’t tell if a request succeeded, failed, or needs retrying when you always return 200 or default HTML pages.
Skipping input validation. Imagine packing a suitcase without checking the airline’s weight limit; you’ll end up paying extra fees or having items rejected. Without validating req.body you expose your API to malformed data, SQL injection, and hard‑to‑track bugs.
Forgetting a consistent error‑handling layer. It’s like a storefront that shows a generic “Something went wrong” page instead of a clear error message. Without a centralized errorHandler middleware, crashes bubble up as HTML, breaking the JSON contract your clients expect.

Spot these early, and your API will stay clean, testable, and reliable.

How to Build a REST API with Node.js and Express: Step‑By‑Step

Run npm init -y to create a default package.json, then install the core tools:

npm install express dotenv joi

Think of this as ordering the basic ingredients before you start cooking.

Lay out a tidy folder tree so you always know where to find things:

mkdir -p src/{routes,controllers,middleware,models}

It’s like packing a suitcase: each type of item gets its own compartment.

Create src/app.js. Load environment variables, add express.json() for body parsing, and attach the main router.

require('dotenv').config();
const express = require('express');
const userRouter = require('./routes/userRoutes');
const app = express();

app.use(express.json());
app.use('/api/users', userRouter);

module.exports = app;

Define a router for a resource (e.g., users) in src/routes/userRoutes.js using express.Router(). Add the five CRUD endpoints.

const router = require('express').Router();
const userController = require('../controllers/userController');
const { validateUser } = require('../middleware/validation');

router.get('/', userController.getAll);
router.get('/:id', userController.getOne);
router.post('/', validateUser, userController.create);
router.put('/:id', validateUser, userController.update);
router.delete('/:id', userController.remove);

module.exports = router;

Move the actual work into src/controllers/userController.js. For a quick start, use an in‑memory array named users. Example for the fictional developer Alice:

let users = [];

exports.create = (req, res) => {
  const newUser = { id: Date.now(), ...req.body };
  users.push(newUser);
  res.status(201).json(newUser);
};

exports.getAll = (req, res) => {
  res.json(users);
};

Add validation middleware in src/middleware/validation.js with joi to guard the request body before it reaches the controller.

const Joi = require('joi');

const schema = Joi.object({
  name: Joi.string().min(2).required(),
  email: Joi.string().email().required()
});

exports.validateUser = (req, res, next) => {
  const { error } = schema.validate(req.body);
  if (error) return res.status(400).json({ message: error.details[0].message });
  next();
};

Create a global error‑handler in src/middleware/errorHandler.js that catches thrown errors and sends a consistent JSON payload.

module.exports = (err, req, res, next) => {
  const status = err.status || 500;
  res.status(status).json({ error: err.message });
};

Attach it in app.js after all routes: app.use(require('./middleware/errorHandler'));

Spin up the server with src/server.js. Import the Express app and listen on process.env.PORT (default 3000).

const app = require('./app');
const port = process.env.PORT || 3000;

app.listen(port, () => console.log(`Server running on ${port}`));

Write a few Jest + SuperTest specs in tests/user.test.js to verify each endpoint returns the expected status and data.

const request = require('supertest');
const app = require('../src/app');

test('POST /api/users creates a user', async () => {
  const res = await request(app).post('/api/users').send({name:'Bob',email:'bob@example.com'});
  expect(res.statusCode).toBe(201);
  expect(res.body).toHaveProperty('id');
});

Dockerize the project. A one‑line Dockerfile copies the source, installs deps, and runs node src/server.js. Pair it with a docker-compose.yml that maps port 3000.

FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
CMD ["node","src/server.js"]

version: '3'
services:
  api:
    build: .
    ports:
      - "3000:3000"
    env_file: .env

A Real Example: Building a Todo List API for “Alex the Freelancer”

Alex the freelancer wants a tiny API that lets him add, view, finish, and erase tasks—just like a personal notebook you can reach from any device.

Create the router file src/routes/todos.js and register it in src/app.js:

const express = require('express');
const router = express.Router();
const todoController = require('../controllers/todoController');

router.get('/', todoController.getAll);
router.post('/', todoController.create);
router.put('/:id', todoController.update);
router.delete('/:id', todoController.remove);

module.exports = router;

Write the controller that talks to the in‑memory store src/models/todoStore.js:

const { todos } = require('../models/todoStore');
const Joi = require('joi');

const schema = Joi.object({
  title: Joi.string().min(1).required()
});

exports.getAll = (req, res) => {
  res.json(todos);
};

exports.create = (req, res, next) => {
  const { error, value } = schema.validate(req.body);
  if (error) return next(error);
  const newTodo = { id: Date.now().toString(), title: value.title, completed: false };
  todos.push(newTodo);
  res.status(201).json(newTodo);
};

exports.update = (req, res, next) => {
  const todo = todos.find(t => t.id === req.params.id);
  if (!todo) return next({ status: 404, message: 'Todo not found' });
  todo.completed = true;
  res.json(todo);
};

exports.remove = (req, res, next) => {
  const index = todos.findIndex(t => t.id === req.params.id);
  if (index === -1) return next({ status: 404, message: 'Todo not found' });
  todos.splice(index, 1);
  res.status(204).end();
};

Set up a global error handler in src/app.js so missing IDs return a clean JSON message:

app.use((err, req, res, next) => {
  const status = err.status || 500;
  const message = err.message || 'Internal Server Error';
  res.status(status).json({ error: message });
});

Validation: joi guarantees every new task has a non‑empty title, just like a restaurant checks your order isn’t blank.
Testing: Run npm test. The suite posts a todo then fetches it, confirming the flow works.
Docker: Build with docker build -t alex/todo-api . and launch via docker compose up. Alex now sees his API live on localhost:3000.

With these pieces in place, Alex can finally focus on his projects instead of wrestling with a broken backend.

The Tools That Make This Easier

Grab the right gear before you start building your REST API with Node.js.

VS Code + ESLint & Prettier – Think of ESLint as a spell‑checker for your code and Prettier as the auto‑formatter that keeps everything neat, just like a kitchen drawer organized by size.
Postman (free tier) – It’s the “menu” you use to order a request, see the response, and then print the receipt as documentation. Perfect for sanity‑checking each endpoint.
Docker Desktop – Packs your API into a portable container the way a suitcase bundles all your travel gear, so it runs the same on any machine.
Jest + SuperTest – Jest runs the test suite, while SuperTest acts like a delivery driver that quickly knocks on each route to confirm it’s open.
Render.com (free hobby plan) – Deploys your service with a single click, similar to dropping a finished dish onto a table for guests to enjoy.

With these tools in place, the rest of the process feels less like a guess‑work project and more like following a well‑marked trail.

Quick Reference: REST API with Node.js Cheat Sheet

Grab this cheat sheet and keep it beside your editor; it captures every step you need to build REST API Node.js without hunting through paragraphs.

Initialize project – run npm init -y, then npm install express dotenv joi jest supertest. Think of it as ordering the basic ingredients before cooking.
Folder layout – create src/{routes,controllers,middleware,models}. It’s like packing a suitcase: each compartment holds a specific type of item.
app.js – set up express.json(), mount the main router, and attach a centralized error handler. This file is the entry gate, similar to a lobby directing visitors.
Routes – define GET, POST, PUT, DELETE with express.Router(). Each route is a street sign pointing to a destination.
Controllers – pure functions that handle the request and response; keep DB calls out of the router. For example, Alex the developer writes:

const getUser = async (req, res, next) => {
  try {
    const user = await User.findById(req.params.id);
    if (!user) return res.status(404).json({ error: 'User not found' });
    res.json(user);
  } catch (err) {
    next(err);
  }
};

Validation – craft a joi schema and plug it into a middleware function. It works like a bouncer checking IDs before letting anyone in.
Error handling – one middleware catches all errors and returns { error, message }. Centralized handling is the fire alarm that alerts everyone at once.
Tests – write jest suites with supertest for each route. Think of them as quality checks before shipping a product.
Dockerfile – use FROM node:20-alpine, copy src, run npm ci, then CMD ["node","src/server.js"]. It’s the sealed container you’d load onto a truck.
Deploy – push the Docker image to Render (or similar), set the PORT env variable, and your API goes live.

Keep this list open; you’ll reference it each time you spin up a new service.

What to Do Next

Pick one of these upgrades and start expanding your API right away.

Add a real database – swap the in‑memory array for PostgreSQL using Prisma. Think of it like moving from a kitchen counter pantry to a full‑size fridge: you can store more, keep things fresh, and retrieve exactly what you need later.

Install prisma and run npx prisma init.
Define a Todo model in schema.prisma.
Generate the client and replace your current CRUD functions with prisma.todo.findMany(), prisma.todo.create(), etc.

Implement JWT authentication so only registered users can manage their todos. It's like giving each diner a badge that lets them order from the kitchen; without the badge, the kitchen stays closed.

Install jsonwebtoken and bcrypt.
Create /register and /login routes that hash passwords and issue a token.
Add a middleware that verifies the token on protected routes.

Write OpenAPI (Swagger) documentation and generate client SDKs with Swagger Codegen. Imagine handing a Google Maps sheet to a delivery driver; the map tells them every turn without guessing.

Create swagger.yaml describing your endpoints.
Serve it with swagger-ui-express at /api-docs.
Run swagger-codegen generate -i swagger.yaml -l javascript -o ./client-sdk to get a ready‑to‑use client.

Which of these steps are you tackling next? Let me know in the comments!

About the Author

Abdullah Sheikh is the Founder & CEO at Exteed, where he leads a team of skilled developers specializing in Web2 and Web3 applications, Custom Smart Contracts, and Blockchain solutions.

His expertise spans Blockchain, Crypto & Tokenomics, Artificial Intelligence, and Web Applications; building reliable and smooth web apps that fit the client’s goals and requirements.

📧 info@abdullah-sheikh.com · 🔗 LinkedIn · 🌐 abdullah-sheikh.com