Skip to main content
Deployment 8 min read Advanced

Deploy to a VPS Using SSH and a Custom Subdomain

Configure a subdomain to point to a VPS server, set up Nginx as a reverse proxy, manage SSL certificates with Certbot, and automate deployments with Git hooks.

Written by Mayank Baswal

Founder of is-cool-me · DNS & Platform Infrastructure

Mayank Baswal maintains the is-cool-me platform and writes technical guides focused on DNS configuration, subdomain infrastructure, SSL troubleshooting, deployment workflows, and platform reliability.

GitHub Profile Contact
Reviewed by is-cool-me Technical Review

Introduction

A Virtual Private Server (VPS) gives you full control over your hosting environment — custom software, root access, and dedicated resources. By connecting a VPS to an is-pro.dev subdomain, you get a branded URL for your server with Cloudflare DNS management and optional DDoS protection. This guide covers the complete workflow: provisioning a VPS, setting up Nginx as a reverse proxy, securing it with SSL via Certbot, configuring your subdomain, and automating deployments with Git hooks.

Prerequisites

  • A VPS from any provider (DigitalOcean, Linode, Vultr, Hetzner, or AWS EC2) with Ubuntu 22.04 or 24.04
  • SSH access to your VPS with a root or sudo-enabled user
  • An is-pro.dev subdomain registered at dash.is-pro.dev
  • Basic familiarity with Linux command line and SSH

Step 1: Initial Server Setup

SSH into your VPS: ssh root@your-server-ip. First, update the package manager: apt update && apt upgrade -y. Create a non-root user with sudo privileges: adduser deploy and usermod -aG sudo deploy. Set up SSH key authentication by copying your public key to the new user's ~/.ssh/authorized_keys. Disable password authentication in /etc/ssh/sshd_config by setting PasswordAuthentication no, then restart SSH: systemctl restart ssh. Configure a basic firewall: ufw allow OpenSSH && ufw allow 'Nginx Full' && ufw enable. This ensures only SSH and web traffic can reach your server. Install Nginx: apt install nginx -y.

Step 2: Configure Nginx as a Reverse Proxy

Create a new Nginx server block for your subdomain: nano /etc/nginx/sites-available/yourname.is-pro.dev. Configure it as a reverse proxy to your application. For example, if your app runs on port 3000: server { listen 80; server_name yourname.is-pro.dev; location / { proxy_pass http://127.0.0.1:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }. Enable the site: ln -s /etc/nginx/sites-available/yourname.is-pro.dev /etc/nginx/sites-enabled/. Test the configuration: nginx -t. If OK, reload Nginx: systemctl reload nginx. Your application should now be accessible over HTTP at your VPS's IP address.

Step 3: Configure DNS in is-pro.dev Dashboard

In the is-pro.dev DNS dashboard, add an A record pointing your subdomain to your VPS's IPv4 address. Add an AAAA record if your VPS has an IPv6 address. Set TTL to 60 seconds for initial testing. Important: for a VPS, you can use either proxied (orange cloud) or DNS-only (gray cloud) mode. Proxied mode hides your VPS IP and provides DDoS protection, but if your application uses WebSockets or custom protocols, you may need DNS-only mode or configure Cloudflare to allow WebSocket traffic. For most web applications with Nginx behind Cloudflare, proxied mode works well and adds security benefits.

Step 4: Obtain SSL Certificate with Certbot

Install Certbot and the Nginx plugin: apt install certbot python3-certbot-nginx -y. Set proxy mode to DNS-only (temporarily) for certificate issuance: run certbot --nginx -d yourname.is-pro.dev. Certbot will automatically modify your Nginx configuration to use HTTPS. Follow the prompts to set up auto-renewal. After the certificate is issued, you can switch the DNS record back to proxied (orange cloud) mode if desired. Certbot sets up a systemd timer for automatic renewal — verify it with systemctl status certbot.timer. If you keep the record proxied through Cloudflare, you can use Cloudflare's Origin CA certificate instead of Let's Encrypt for end-to-end encryption.

Step 5: Set Up Automatic Deployments with Git Hooks

Create a bare Git repository on your VPS for your application: mkdir -p ~/app.git && cd ~/app.git && git init --bare. Create a post-receive hook: nano hooks/post-receive. Add the following script: #!/bin/bash; GIT_WORK_TREE=/var/www/yourname git checkout -f; cd /var/www/yourname && npm install && pm2 restart app. Make it executable: chmod +x hooks/post-receive. On your local machine, add the VPS as a remote: git remote add deploy ssh://deploy@your-server-ip/home/deploy/app.git. Deploy by running git push deploy main. The Git hook checks out the latest code, installs dependencies, and restarts your application. This gives you a CI/CD-like workflow without external services.

Step 6: Monitor and Maintain

Set up monitoring for your VPS: install netdata or htop for real-time resource monitoring, configure log rotation for Nginx and application logs, set up automated backups with rsync or rclone to offsite storage, and configure fail2ban to block brute-force SSH attempts. Keep your server updated with automatic security updates: apt install unattended-upgrades && dpkg-reconfigure -plow unattended-upgrades. Set up uptime monitoring for your subdomain using the is-pro.dev monitoring tools or external services like UptimeRobot.

Best Practices

  • Use SSH keys only (disable password authentication) for server access
  • Run applications as a non-root user with limited permissions
  • Keep Nginx, Node.js, and all application dependencies updated
  • Use environment variables for sensitive configuration — never hardcode credentials
  • Set up swap space (2GB minimum) for memory-intensive applications

Conclusion

A VPS paired with an is-pro.dev subdomain gives you full control over your hosting stack. Nginx handles reverse proxying and static file serving, SSL certificates from Certbot encrypt traffic, Git hooks automate deployments, and your branded subdomain provides a professional URL. This setup is ideal for applications that need more than static hosting can provide.

FAQ

How much does a VPS cost compared to shared hosting?

VPS plans start around $4-6/month from providers like DigitalOcean, Vultr, or Hetzner. Shared hosting is cheaper but offers less control and performance.

Should I use Cloudflare proxied mode or DNS-only for my VPS?

Use proxied mode for web applications (HTTP/HTTPS) to get DDoS protection and IP hiding. Use DNS-only for non-HTTP services like SSH, game servers, or custom protocol applications.

What if my VPS IP changes?

Update the A record in your is-pro.dev DNS dashboard with the new IP. With Cloudflare DNS, propagation is nearly instant. Consider using a dynamic DNS service if your VPS provider frequently changes your IP.

FAQ

Is Deployment setup free on is-pro.dev?

Yes, all subdomains on is-pro.dev include free DNS management and SSL certificates.

How long does DNS take to propagate?

Cloudflare typically propagates DNS changes within seconds to a few minutes globally.

Can I use this for commercial projects?

Yes, is-pro.dev subdomains can be used for personal and commercial projects within our fair use policy.

Explore More

Deployment Guides

DNS & Security

Platform Resources