In this guide, you'll learn how to install OpenClaw on a fresh Ubuntu VPS, connect it to Telegram, and start chatting with your personal AI assistant.

Security Note: OpenClaw has full system access on whatever machine it runs on. Always install it on an isolated VPS. Never install OpenClaw on your main computer or a server with sensitive data. Treat it like giving someone remote access to your machine and proceed with caution.

How to Install OpenClaw on a VPS - Quick Overview

Prerequisites

Before starting, you'll need:

• A fresh Ubuntu VPS (Ubuntu 22.04 or 24.04 recommended). If you need one, SSD Nodes offers an affordable Openclaw VPS hosting perfect for this.
• SSH access to your server with root or sudo privileges
• A Telegram account to create a bot and chat with OpenClaw
• An Anthropic API key from console.anthropic.com (required for the AI brain)

Step 1: Connect to Your VPS

First, SSH into your fresh VPS:

ssh root@your-server-ip

You should see a welcome message and a command prompt.

Before proceeding, install screen so your session survives any SSH disconnections during installation:

apt install -y screen

Step 2: Create a Dedicated User

Running OpenClaw as root is not recommended. Let's create a dedicated user called openclaw:

adduser openclaw

You'll be prompted to set a password and fill in some optional information (you can press Enter to skip the optional fields).

Next, give this user sudo privileges:

usermod -aG sudo openclaw

Now switch to the new user:

su - openclaw
screen -S openclaw

You're now inside a screen session running as the openclaw user. If your SSH connection drops at any point, reconnect to your VPS, run su - openclaw, then screen -rd openclaw to pick up where you left off.

Your prompt should change to show openclaw@yourserver. From now on, we'll do everything as this user.

Step 3: Install OpenClaw

OpenClaw provides a simple one-line installer. Run it:

≥curl -fsSL https://openclaw.ai/install.sh | bash

This script automatically:

• Detects your system
• Installs Node.js if needed
• Installs OpenClaw globally

This process can take from 10 minutes to 30 minutes or more depending on the dependencies needed.
Once complete, it will go directly to the onboarding process.

If it does not go directly to onboarding, then verify the installation first:

openclaw --version

You should see something like 2026.3.7.

Note: If you see bash: openclaw: command not found after installation, the binary isn't in your PATH yet. Fix it by running:

export PATH=$HOME/.npm-global/bin:$PATH

Then make it permanent so it survives future sessions:

echo 'export PATH=$HOME/.npm-global/bin:$PATH' >> ~/.bashrc
source ~/.bashrc

Now try openclaw --version again and you should see the version number.

Step 4: Run the Setup Wizard

OpenClaw includes an interactive setup wizard that configures everything for you. If it's not already running, run it with the following command:

openclaw onboard

The wizard will guide you through several steps:

Security Warning

First, you'll see a security warning explaining that OpenClaw has full system access. Read it carefully, then select Yes to continue.

Choose Onboarding Mode

Select QuickStart (the default) for the easiest setup.

Select Model Provider

Choose Anthropic as your model provider.

Anthropic Auth Method

Select Anthropic API key.

Enter Your API Key

Paste your Anthropic API key when prompted.

Tip: Get your API key from console.anthropic.com. You'll need to add credits to your account.

Select Default Model

Keep the default (claude-opus-4-5) or choose a different model from the list.

Choose a Channel (Telegram)

Select Telegram as your messaging channel. The wizard will appear after a few minutes and show you instructions for creating a bot with BotFather.

Create a Telegram Bot & Enter Token

To get a bot token:

1. Open Telegram and search for @BotFather
2. Send /newbot to BotFather
3. Choose a display name for your bot (e.g., "My OpenClaw")
4. Choose a username ending in bot (e.g., "myopenclaw_bot")
5. BotFather will give you a token like 8562115417:AAFVazfBSo1234pE8n2kpN5TRlVcYWJOs64

Paste this token into the wizard.

Configure Skills

You'll be asked about skills configuration. Select Yes to continue.

Install Skill Dependencies

You'll see a list of available skills. Select Skip for now to continue without installing optional dependencies, or choose any skills you want.

Skip Optional API Keys

The wizard will ask about various optional API keys (Google Places, Gemini, Notion, OpenAI, ElevenLabs). Select No for each one to skip them.

Enable Hooks

When asked about hooks, select Skip for now.

Onboarding Complete!

The wizard will show a completion message with the dashboard information with instructions on how to access it.

This is your confirmation that everything is working. The dashboard URL shown (http://127.0.0.1:18789/...) is intentionally bound to localhost only, meaning it’s not accessible from outside the server. That’s by design for security reasons. The next step covers how to access it from your local machine.

Copy the full token URL from your terminal output, you’ll need it in Step 6.

Step 5: Start the Gateway if Not Started automatically

screen -rd openclaw
openclaw gateway

export PATH=$HOME/.npm-global/bin:$PATH

Step 6: Verify the Gateway is Running and Access the Dashboard from Your Local Machine

Open a new terminal (or detach from screen with Ctrl+A, D).

If you're logged in as root, switch to the openclaw user first:

su - openclaw

Then check:

openclaw status

You should see the gateway is running.

ssh -N -L 18789:127.0.0.1:18789 openclaw@<your-vps-ip>

ss -tlnp | grep 18789

LISTEN 0 511 127.0.0.1:18789 0.0.0.0:* users:(("openclaw-gatewa",pid=3948,fd=24))
LISTEN 0 511 [::1]:18789 [::]:* users:(("openclaw-gatewa",pid=3948,fd=26))

http://localhost:18789/#token=YOUR_TOKEN_HERE

Step 7: Pair Your Telegram Account

For security, OpenClaw requires you to "pair" before it will respond to your messages. This prevents random people from chatting with your AI.

Open Telegram and send any message to your new bot (e.g., "hello").

The bot will respond with a pairing code like ABCD1234.

Now approve this pairing from your terminal:

openclaw pairing approve telegram ABCD1234

Replace ABCD1234 with your actual pairing code.

Step 8: Start Chatting!

Go back to Telegram and send a message. OpenClaw should now respond!

Try asking it:

• "What can you do?"
• "What's the weather like?"
• "Tell me a joke"

Congratulations! You now have your own personal AI assistant running on your VPS!

Managing Your OpenClaw Instance

Check Status

openclaw status

Restart the Gateway

If running in screen:

screen -rd openclaw
# Press Ctrl+C to stop, then run:
openclaw gateway

View Configuration

cat ~/.openclaw/openclaw.json

Troubleshooting

ss -tlnp | grep 18789

screen -rd openclaw
openclaw gateway

"systemctl --user unavailable" error

This is normal on VPS environments without systemd user sessions. Use screen to run the gateway in the background:

screen -S openclaw
openclaw gateway
# Ctrl+A, then D to detach

Bot not responding?

1. Check the gateway is running: openclaw status
2. Verify your pairing: openclaw pairing list telegram
3. Make sure you approved the pairing code

"API key invalid" error?

Make sure your Anthropic API key is correct and has credits.

Need to reconfigure?

Run the wizard again:

openclaw onboard

Security audit

Run a security check on your installation:

openclaw security audit --deep

What You've Accomplished

By following this guide, you've successfully:

• Set up a secure, dedicated user for OpenClaw
• Installed OpenClaw on your VPS
• Created a Telegram bot and connected it to OpenClaw
• Paired your Telegram account for secure access
• Started chatting with your personal AI assistant

Your AI assistant is now live! It can chat with you, remember context across conversations, search the web, run commands on your server, and much more.

FAQ

Is OpenClaw free to use?

OpenClaw itself is free and open source. However, you'll need to pay for:

• Your VPS hosting
• Anthropic API usage (pay-per-token)
• Optional: ElevenLabs for voice features

Can I connect other messaging apps?

Yes! OpenClaw supports Discord, WhatsApp, Signal, Slack, and more. Run openclaw onboard again to add additional channels.

How do I update OpenClaw?

≥curl -fsSL https://openclaw.ai/install.sh | bash

Then restart your gateway.

Where is my OpenClaw data stored?

All data is stored locally on your VPS in ~/.openclaw/ (config) and your workspace folder (memory, files). Nothing is sent to external servers except API calls to Anthropic.

Is OpenClaw secure?

OpenClaw has full access to whatever machine it runs on. That's why we strongly recommend:

• Using an isolated VPS (not your main computer)
• Not connecting sensitive accounts
• Being careful about prompt injection in group chats
• Running openclaw security audit --deep to check your setup

We'll cover the npm installation method for Claude Code on Ubuntu, including Node.js setup, authentication configuration, VS Code integration, troubleshooting common errors, and optimizing your development environment for AI-assisted coding.

What is Claude Code CLI?

Claude Code CLI is Anthropic's command-line interface for AI-powered development. Unlike browser-based AI tools or IDE extensions that require constant context switching, Claude Code runs directly in your terminal alongside your existing development workflow.

The CLI provides programmatic access to Claude's coding capabilities through a conversational interface. You can request code generation, debugging assistance, architecture reviews, and refactoring suggestions without opening separate applications or copying code between tools.

Claude Code integrates with your project files automatically. When you run claude in a project directory, it analyzes your codebase structure, recognizes frameworks and technologies, and provides context-aware assistance. This tight integration makes it significantly more useful than generic AI chat interfaces for actual development work.

The tool supports all major programming languages and frameworks, with particular strength in web development, systems programming, and data science workflows. It handles everything from quick syntax questions to complex architectural decisions.

If you want an AI assistant that goes further than code, running 24/7 across WhatsApp, Telegram, and other messaging apps with full system access, OpenClaw VPS hosting is worth looking at. Just know it needs an isolated server environment because of how much system access it has.

How to Install Claude Code on Ubuntu Linux - Quick Setup

If you just want Claude Code up and running right now, here's the fastest path forward:

# First, install Node.js 20
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs

# Install Claude Code globally
npm install -g @anthropic-ai/claude-code

# Configure your API key
claude config

# Start using it
claude

That's it - you're ready to start coding with AI assistance.

This quick install gets Claude Code running in under 2 minutes on any Ubuntu system.

Note: If you want to test this on a fresh VPS, SSD Nodes offers a 14-day money-back guarantee. Spin up a server, try Claude Code, and get a full refund if it's not for you.

In the sections below, we'll walk you through what each step does, show you how to troubleshoot common issues, and explore advanced configurations for VPS environments. You'll also learn how to integrate Claude Code with VS Code, automate workflows with the API, and optimize performance for remote development. Stick around to really master Claude Code on Ubuntu.

System Requirements for Ubuntu Linux

Before installing Claude Code on Ubuntu, verify your system meets these requirements.

Minimum Ubuntu Version

Claude Code CLI supports Ubuntu 20.04 LTS (Focal Fossa) and later versions. This includes Ubuntu 22.04 LTS (Jammy Jellyfish) and Ubuntu 24.04 LTS (Noble Numbat). The CLI works on both desktop and server installations, making it perfect for local development machines, remote VPS environments, and headless servers.

Earlier Ubuntu versions (18.04 and below) may encounter compatibility issues with Node.js dependencies and OpenSSL requirements. If you're running an older version, consider upgrading to a supported LTS release.

Hardware Requirements

Good news - Claude Code runs efficiently on pretty modest hardware:

• RAM: 4GB minimum, 8GB recommended for large projects
• Storage: 500MB for installation plus project workspace
• CPU: Any modern x86_64 processor (Intel or AMD)
• Network: Active internet connection for API requests

These requirements are easily met by most modern VPS plans. Even a basic 8GB RAM VPS from SSD Nodes provides comfortable headroom for Claude Code alongside your development stack, with enough resources left over for databases, web servers, and other development tools running simultaneously. For choosing the right VPS configuration, see our guide to best VPS hosting for developers.

Required Software Dependencies

The npm installation method requires Node.js 18 or newer. Ubuntu's default repositories may provide older versions, so you'll need NodeSource repositories for current releases.

Git is recommended but not strictly required. Claude Code works with version control systems but doesn't depend on them for core functionality. If you need to install Git on your system, see our tutorial on installing Git on Debian 12 (works for Ubuntu too).

Installing Claude Code on Ubuntu via npm

The npm installation is the most straightforward path if you're already using Node.js in your workflow. Let's walk through it.

Step 1: Install Node.js on Ubuntu

Ubuntu's default repositories contain outdated Node.js versions. Use NodeSource repositories for current releases:

# Add NodeSource repository for Node.js 20.x
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -

# Install Node.js and npm
sudo apt install -y nodejs

# Verify installation
node --version  # Should show v20.x.x or newer
npm --version   # Should show v10.x.x or newer

This installs both Node.js and npm package manager. The NodeSource repository ensures you get recent versions with security updates and compatibility improvements.

Step 2: Install Claude Code CLI via npm

With Node.js installed, add Claude Code globally:

# Install Claude Code CLI globally
npm install -g @anthropic-ai/claude-code

# Verify installation
claude --version

The -g flag installs Claude Code globally, making the claude command available system-wide. This installation goes into your npm global directory, typically ~/.npm-global or /usr/local/lib/node_modules depending on your npm configuration.

Critical security note: Never use sudo npm install -g for Claude Code or any user-level development tools. Running npm with sudo creates permission conflicts and security vulnerabilities in your home directory. If you encounter permission errors, fix your npm configuration rather than using sudo.

Step 3: Configure npm Permissions (If Needed)

If you see EACCES permission errors during global npm installs, configure npm to use a user-level directory:

# Create npm global directory in home folder
mkdir -p ~/.npm-global

# Configure npm to use new directory
npm config set prefix '~/.npm-global'

# Add npm bin directory to PATH
echo 'export PATH=~/.npm-global/bin:$PATH' >> ~/.bashrc
source ~/.bashrc

# Now install without sudo
npm install -g @anthropic-ai/claude-code

This setup ensures npm packages install to your home directory where you have proper permissions. The configuration persists across terminal sessions and npm updates.

Step 4: Verify npm Installation

Test your installation with these commands:

# Check Claude Code version
claude --version

# Run system diagnostics
claude doctor

# Test basic functionality
claude --help

The claude doctor command checks for common configuration issues, missing dependencies, and authentication problems. It provides actionable error messages if something needs attention.

Authenticating Claude Code on Linux

After installation, authenticate Claude Code with your Anthropic account to access API capabilities.

Setting Up Your Anthropic API Key

Generate an API key from the Anthropic Console:

1. Visit console.anthropic.com
2. Navigate to API Keys section
3. Click "Create Key" and provide a descriptive name
4. Copy the generated key immediately (it won't be shown again)

Store your API key securely - treat it like a password. Anyone with access to your key can make API requests on your account.

Interactive Claude Authentication

The simplest authentication method uses Claude Code's built-in configuration:

# Launch configuration wizard
claude config

This will prompt you to choose your terminal theme. And will give you two options of authentication:

Claude Code can be used with your Claude subscription or billed based on API usage through your Console account.
Select login method:
 ❯ 1. Claude account with subscription · Pro, Max, Team, or Enterprise

 2. Anthropic Console account · API usage billing

You can either use your Claude subscription or the Anthropic console for API usage billing.

Verifying Authentication

Test your authentication with these commands:

# Test with actual code assistance
echo "print('hello')" | claude "explain this code"

You should get a Claude response to your prompt:

Installing Claude Code in VS Code

While Claude Code CLI operates from the terminal, you can integrate it with Visual Studio Code for IDE-based workflows.

VS Code Extension Installation

Install the official Claude Code extension:

1. Open VS Code on your Ubuntu system
2. Press Ctrl+Shift+X to open Extensions panel
3. Search for "Claude Code"
4. Click Install on the official Anthropic extension
5. Reload VS Code when prompted

The extension connects to your existing Claude Code CLI installation and inherits authentication settings. You don't need separate API configuration.

Using Claude Code from VS Code Terminal

The most flexible approach uses Claude Code CLI directly in VS Code's integrated terminal:

1. Open integrated terminal: In the navigation menu, go to Terminal > New Terminal
2. Navigate to your project directory
3. Run claude as you would in any terminal

This gives you full CLI functionality while keeping everything in VS Code's interface.

You get syntax highlighting, file navigation, and all your usual IDE features alongside AI assistance.

Troubleshooting Common Installation Issues

Running into problems? Don't worry - most Claude Code installation issues come down to permissions, outdated dependencies, or authentication config. Let's fix them.

Permission Denied Errors

If you see "Permission denied" when installing via npm:

# Don't use sudo - fix npm permissions instead
mkdir -p ~/.npm-global
npm config set prefix '~/.npm-global'
echo 'export PATH=~/.npm-global/bin:$PATH' >> ~/.bashrc
source ~/.bashrc

# Reinstall Claude Code
npm install -g @anthropic-ai/claude-code

For native binary installations, ensure .local/bin is in your PATH and has execute permissions. For a deep dive into Linux file permissions, see our comprehensive guide to chmod 755, 644, and drwxrwxrwx:

# Check PATH contains .local/bin
echo $PATH | grep '.local/bin'

# If not, add it
echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc

# Ensure binary is executable
chmod +x ~/.local/bin/claude

Node.js Version Conflicts

Ubuntu's default Node.js often causes issues. Use NodeSource for current versions:

# Remove old Node.js
sudo apt remove nodejs

# Clean npm cache
rm -rf ~/.npm

# Install from NodeSource
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs

# Reinstall Claude Code
npm install -g @anthropic-ai/claude-code

Check your Node.js version regularly - Claude Code requires v18 or newer:

node --version  # Must show v18.0.0 or higher

Claude Code Error Editing File

The "error editing file" issue typically occurs when Claude Code lacks permissions to write to your project directory:

# Check directory permissions
ls -la /path/to/your/project

# Ensure you own the directory
sudo chown -R $USER:$USER /path/to/your/project

# Verify write permissions
touch /path/to/your/project/test.txt
rm /path/to/your/project/test.txt

If you're working in a shared directory or mounted filesystem, permission issues become more complex. Ensure your user account has write access to the entire project tree.

Missing Dependencies

Some Ubuntu installations lack required system libraries:

# Install common missing dependencies
sudo apt update
sudo apt install -y build-essential curl git

# For native binary on minimal systems
sudo apt install -y libc6

# Verify installations
gcc --version
curl --version
git --version

Docker containers or minimal Ubuntu installations often omit these tools. The build-essential package provides compilers and development tools Claude Code may need for certain operations.

Using Claude Code CLI for Development

Now that you've got Claude Code installed, let's explore what it can actually do for your development workflow.

Starting Your First Session

Let's get you started. Navigate to any project directory and launch Claude Code:

# Navigate to your project
cd ~/projects/my-application

# Start Claude Code
claude

# You'll see an interactive prompt
# Claude>

Claude Code analyzes your project structure, recognizes frameworks and languages, and loads context automatically. This happens silently in the background - you can start asking questions immediately.

Basic Code Assistance

Ask Claude Code about your project:

Claude> What does this project do?
Claude> Explain the folder structure
Claude> Where is the main entry point?
Claude> What frameworks are being used?

These queries help you understand unfamiliar codebases quickly. Claude Code reads your files and provides structured explanations of project architecture.

Code Generation

Generate code directly through conversation:

Claude> Create a function to validate email addresses
Claude> Write a REST API endpoint for user authentication  
Claude> Generate unit tests for the UserService class

Claude Code creates files in your project directory after confirming changes with you. It follows your project's existing code style and conventions automatically.

Debugging Assistance

Get help identifying and fixing bugs:

Claude> This function throws a TypeError - why?
Claude> The authentication isn't working - check the login flow
Claude> Optimize this database query - it's too slow

Claude Code examines your code, identifies issues, and suggests fixes with explanations. It can also implement fixes directly when you approve them.

Git Integration

Claude Code also handles version control operations with Git and you can just prompt it and it will create the appropriate Git commands:

Claude> Commit these changes with a descriptive message
Claude> Create a new branch for the authentication feature
Claude> Show me what changed since last commit

Git operations run through Claude Code's conversational interface, making version control accessible even if you're not comfortable with git commands.

Claude Code vs Cursor: Feature Comparison

Developers often compare Claude Code CLI with Cursor, another AI-powered coding tool. Here's how they differ in architecture and use cases.

Architecture Differences

Claude Code is a pure command-line interface that operates in your terminal. It integrates with any text editor or IDE through standard terminal workflows. You edit files in your preferred editor, then consult Claude Code for assistance, code generation, or debugging.

Cursor is a fork of VS Code with AI capabilities built directly into the editor interface. The AI integration is tighter - Cursor suggests code as you type, provides inline completions, and handles refactoring through IDE commands.

The fundamental difference: Claude Code keeps AI assistance separate from your editing environment. Cursor merges them into a single interface.

Workflow Integration

Claude Code excels when you want AI assistance without changing your entire development environment. If you use Vim, Emacs, Sublime Text, or any other editor, Claude Code adds AI capabilities without requiring you to switch tools.

Cursor works best when you're willing to adopt it as your primary IDE. The tight integration provides smoother workflows for certain tasks, but requires committing to Cursor's environment.

For VPS development over SSH, Claude Code is usually the better choice. It runs entirely in the terminal, works perfectly over SSH connections, and doesn't require forwarding graphical applications.

Cost Comparison

Claude Code uses Anthropic's API pricing directly. You pay only for actual API requests at standard rates. No subscription fees, no artificial limits - just usage-based pricing.

Cursor offers subscription tiers with included compute time. The subscription model provides predictable costs but may be more expensive for light users or less cost-effective for heavy users compared to direct API access.

For development teams with multiple contributors, Claude Code's API model can scale more efficiently. Each developer uses their own API key with usage tracked individually.

Best Use Cases

Choose Claude Code when you:

• Already have a preferred editor or IDE
• Develop primarily over SSH or on remote VPS instances
• Want flexible AI integration with any toolchain
• Prefer command-line workflows
• Need fine-grained control over API usage and costs

Choose Cursor when you:

• Want an all-in-one AI-powered IDE
• Value tight integration between editor and AI
• Prefer graphical interfaces over terminal tools
• Don't mind switching your primary development environment

Using Claude Code with n8n Automation

Claude Code's API can integrate with workflow automation platforms like n8n for sophisticated development automation.

n8n Integration Basics

n8n is a workflow automation tool that can trigger Claude Code operations based on events, schedules, or webhooks. Running n8n on your VPS alongside Claude Code creates powerful automation possibilities.

Install n8n on your Ubuntu VPS following our complete n8n installation guide:

# Install n8n globally
npm install -g n8n

# Start n8n
n8n start

# Access at http://your-vps-ip:5678

Connect n8n to Claude Code through HTTP requests to Anthropic's API or by executing Claude Code CLI commands directly through n8n's Execute Command node. For more automation ideas, check out our guide on using n8n to automate VPS management.

Example: Automated Code Review

Create an n8n workflow that:

1. Monitors your Git repository for new commits
2. Extracts changed files from the commit
3. Sends code to Claude Code API for review
4. Posts review comments back to your Git platform

This provides continuous automated code review without manual intervention. The workflow runs entirely on your VPS, processing code as soon as developers push changes.

If you're running multiple VPS instances for different projects or clients, you can extend this pattern further. For instance, you could automatically spin up review environments on separate servers using the SSD Nodes VPS API ($2/month add-on), which lets you programmatically control server operations, deploy applications from 1-Click catalogs, and manage snapshots - all through the same n8n workflows that handle your code reviews. This creates a complete CI/CD pipeline that manages both code quality and infrastructure without leaving your automation platform.

Example: Documentation Generation

Automate documentation with this n8n workflow:

1. Schedule runs daily or on commit
2. Scan project for changed files
3. Send code to Claude Code for documentation generation
4. Commit generated docs to repository

Documentation stays current without developer effort. Claude Code analyzes code changes and updates corresponding documentation automatically.

Deployment Automation

Use n8n and Claude Code for smart deployments:

1. Webhook trigger from CI/CD pipeline
2. Claude Code analyzes deployment risks
3. Conditional execution based on risk assessment
4. Automatic rollback if issues detected

This adds intelligence to deployment pipelines, catching potential problems before they reach production.

For mission-critical deployments, consider taking VPS snapshots before deployment begins. If Claude Code identifies high-risk changes but you proceed anyway, having a snapshot means you can restore your entire server state in minutes if something goes wrong. Many VPS platforms automate daily snapshots, but triggering manual snapshots through n8n before risky deployments adds an extra safety layer without manual intervention.

Claude Code API Integration

Beyond the CLI, you can integrate Claude Code capabilities directly into applications through Anthropic's API. This approach works similarly to programmatic VPS control - see our guide on VPS API automation use cases for parallel concepts.

Direct API Access

Use Claude Code's underlying API for programmatic access:

# Example API call using curl
curl https://api.anthropic.com/v1/messages \
  -H "content-type: application/json" \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
  -d '{
    "model": "claude-sonnet-4-20250514",
    "max_tokens": 4096,
    "messages": [
      {"role": "user", "content": "Explain this code: print(\"hello\")"}
    ]
  }'

This returns JSON responses you can parse programmatically, making it easy to build custom tools that leverage Claude's capabilities.

Python Integration

Integrate Claude Code into Python applications:

import anthropic

client = anthropic.Anthropic(
    api_key="your-api-key"
)

message = client.messages.create(
    model="claude-sonnet-4-20250514",
    max_tokens=4096,
    messages=[
        {"role": "user", "content": "Generate a Python function for Fibonacci"}
    ]
)

print(message.content)

The official Python SDK handles authentication, retries, and error handling automatically. Install with pip install anthropic.

JavaScript Integration

For Node.js applications:

import Anthropic from '@anthropic-ai/sdk';

const client = new Anthropic({
  apiKey: process.env.ANTHROPIC_API_KEY,
});

const message = await client.messages.create({
  model: 'claude-sonnet-4-20250514',
  max_tokens: 4096,
  messages: [
    {role: 'user', content: 'Write JavaScript code for user authentication'}
  ],
});

console.log(message.content);

Install the SDK with npm install @anthropic-ai/sdk. This provides TypeScript type definitions and handles streaming responses.

Understanding Claude Code Usage Limits

Claude Code usage is subject to rate limits and quotas that vary by subscription tier.

When Does Claude Code Usage Reset?

API usage resets monthly on your billing cycle date. If you signed up on the 15th, usage resets on the 15th of each month at 00:00 UTC.

Free tier accounts have lower limits that reset daily at 00:00 UTC. Paid accounts get higher limits with monthly resets.

Check your current usage through the Anthropic Console dashboard. It shows tokens used, requests made, and when your limit resets.

Rate Limits

Claude Code enforces these rate limits:

• Free tier: 50 requests per day
• Build tier ($20/month): 1,000 requests per day
• Scale tier: Custom limits based on needs

Rate limits prevent abuse but rarely affect normal development workflows. Each conversation with Claude Code typically uses 1-5 requests depending on complexity.

If you hit rate limits, responses include retry-after headers indicating when to try again. The Claude Code CLI automatically handles rate limiting with exponential backoff.

Token Limits

Each API request consumes tokens based on input (your code and questions) plus output (Claude's responses):

• Input tokens: Count words in your prompts and code
• Output tokens: Count words in Claude's responses
• Context tokens: Include conversation history

Claude Sonnet 4.5 supports 200K token context windows. This fits most source files entirely, enabling Claude to understand your complete codebase structure.

Large files or extensive conversations consume more tokens. Monitor usage in the Console to understand your consumption patterns.

Performance Optimization Tips

Optimize Claude Code for faster responses and more efficient resource usage on your VPS.

Reducing Startup Time

Native binary installations start faster than npm versions. The binary loads in milliseconds while Node.js runtime adds overhead.

For scripts that invoke Claude Code repeatedly, consider keeping a persistent session open rather than starting new processes each time.

Managing Context Window

Claude Code loads project files into its context window. Large projects or binary files can consume significant tokens.

Use .claudeignore files to exclude irrelevant directories:

# Create .claudeignore in project root
cat > .claudeignore << 'EOF'
node_modules/
.git/
dist/
build/
*.log
.env
EOF

This prevents Claude Code from analyzing dependency directories, build artifacts, and other files that don't need AI attention.

Caching Strategies

Claude Code implements automatic caching for repeated queries against the same codebase. When you ask multiple questions about the same files, subsequent responses return faster.

Keep terminal sessions open between related queries to take advantage of caching. Starting fresh sessions loses cache benefits.

Network Optimization

API requests to Anthropic's servers introduce latency. For VPS deployments, choose data center locations near Anthropic's infrastructure:

• US East Coast: Lowest latency to Anthropic's primary regions
• Europe: Acceptable latency for most use cases
• Asia Pacific: Higher latency but still usable

When selecting VPS locations for development work with Claude Code, consider both your geographic proximity and Anthropic's infrastructure. Having servers in multiple locations lets you test performance from different regions - useful if you're building applications for a global audience. With 14 data center locations worldwide, you can place development servers close to where your code will ultimately run while keeping response times reasonable for Claude Code API calls.

Security Best Practices

Let's make sure your Claude Code installation and API credentials are locked down tight. For comprehensive VPS security guidance, see our critical steps to secure VPS servers.

API Key Management

Never commit API keys to version control. Use environment variables or secure configuration files with restricted permissions:

# Secure config file permissions
chmod 600 ~/.claude/config.json

# Verify no one else can read it
ls -la ~/.claude/config.json

# Should show: -rw------- (owner read/write only)

For shared development servers, use per-user API keys rather than shared credentials. This provides audit trails and limits damage if one account is compromised.

Code Review Before Execution

Claude Code can generate and execute code directly. Always review generated code before running it:

Claude> Show me the code before executing it
Claude> Explain what this change does

Claude Code asks for confirmation before modifying files or executing commands. Never disable these safety prompts unless you really know what you're doing.

Network Security

When running Claude Code on VPS instances, you should absolutely secure your server, here are a few quick things you can do:

# Ensure SSH uses key authentication
sudo nano /etc/ssh/sshd_config
# Set: PasswordAuthentication no
# Set: PubkeyAuthentication yes

# Restart SSH service
sudo systemctl restart sshd

# Configure firewall
sudo ufw allow 22/tcp
sudo ufw enable

API credentials transmitted to Anthropic use HTTPS encryption, but local security on your VPS matters equally. SSH key authentication is critical - password-based logins create vulnerabilities that automated attacks exploit within hours of server deployment.

If you're new to VPS security or encounter issues during SSH configuration, SSD Nodes offers 24/7 support to help with security hardening and initial server setup. This prevents lockouts when modifying authentication settings - a common problem that can leave you unable to access your server if SSH configuration goes wrong.

Comparing AI Coding Tools

Claude Code competes in a crowded market of AI-assisted development tools. Here's how it stacks up against alternatives.

GPT-5 vs Claude Code

OpenAI's models (GPT-4, potential GPT-5) offer strong code generation but differ in several ways:

Context Window: Claude Sonnet 4.5 provides 200K token context, significantly more than GPT-4's limits. This allows Claude Code to analyze larger codebases without truncation.

Code Understanding: Claude excels at explaining existing code and understanding architectural patterns. GPT models sometimes focus more on generation than comprehension.

Pricing: Claude Code uses straightforward API pricing. OpenAI charges differently for GPT-3.5, GPT-4, and future models, with varying capabilities at each tier.

Availability: Claude Code runs anywhere with internet access. OpenAI's tools sometimes face regional restrictions or capacity limitations.

Gemini CLI vs Claude Code

Google's Gemini provides CLI access similar to Claude Code:

Integration: Gemini CLI uses Google Cloud infrastructure. If you're already on GCP, integration is seamless. Claude Code works well with any cloud provider.

Multimodal Support: Gemini handles images, audio, and video alongside code. Claude Code focuses primarily on text and code, with some image understanding capability.

Ecosystem: Claude Code integrates well with Anthropic's broader tools. Gemini connects to Google's extensive AI ecosystem including Vertex AI and Google Cloud services.

Performance: Both offer strong code generation. Claude often provides more detailed explanations and better understands nuanced requirements.

Real-World Use Cases

Let's look at how developers are actually using Claude Code in their day-to-day work.

Full-Stack Development

A web development agency uses Claude Code for rapid prototyping:

# Generate Express.js API
cd ~/projects/new-api
claude "Create an Express server with authentication and user CRUD endpoints"

# Review generated code
cat server.js

# Generate frontend
claude "Create a React component for user management that calls these APIs"

# Run and test
npm install
npm start

This workflow delivers working prototypes in minutes rather than hours. The agency iterates quickly with clients, gathering feedback before investing in full development. Understanding these development workflows becomes easier with our beginner's guide to DevOps terminology.

DevOps Automation

A systems administrator automates infrastructure tasks with Claude Code alongside other tools for managing multiple Linux servers:

# Generate Ansible playbook
claude "Write an Ansible playbook to deploy Nginx with SSL certificates"

# Review and customize
nano nginx-playbook.yml

# Generate Terraform config
claude "Create Terraform configuration for a 3-node Kubernetes cluster"

Claude Code handles boilerplate infrastructure-as-code, letting administrators focus on business-specific requirements. For structured automation workflows, consider our step-by-step Ansible guide.

Database Migration

A data engineer needs to migrate schemas between database systems:

# Analyze existing schema
claude "Explain this PostgreSQL schema" < schema.sql

# Generate migration
claude "Convert this PostgreSQL schema to MySQL compatible SQL" < schema.sql > mysql-schema.sql

# Create data migration
claude "Write Python script to migrate data from PostgreSQL to MySQL"

Claude Code understands database differences and generates appropriate migration code with error handling.

For testing migrations safely, spinning up isolated database servers takes seconds with pre-configured environments. Rather than manually installing MySQL, PostgreSQL, or other database systems, using SSD Nodes' 1-Click application deployment gets you from empty VPS to running database in under 5 minutes. This lets you test Claude Code's generated migration scripts against fresh database installations that match your production environment exactly.

API Integration

Developers building third-party integrations use Claude Code for API clients:

# Generate API client from documentation
cat api-docs.md | claude "Create a Python client library for this API"

# Add error handling
claude "Add retry logic and rate limiting to this API client"

# Generate tests
claude "Write pytest tests for all API client methods"

This approach speeds up integration projects, reducing time spent on repetitive API client code.

Troubleshooting Advanced Issues

Beyond basic installation problems, you might encounter these complex scenarios.

Memory Usage Problems

Claude Code maintains conversation history and file context in memory. Long sessions or large projects can consume significant RAM:

# Check Claude Code memory usage
ps aux | grep claude

# Restart session to clear context
# Exit and restart claude

For extremely large projects (>100MB of code), use .claudeignore to exclude non-essential files. Focus Claude Code on the specific modules you're working with.

Concurrent Session Conflicts

Multiple Claude Code sessions in different terminals can conflict:

# List running Claude sessions
ps aux | grep claude

# Kill specific session
kill <pid>

# Or kill all Claude processes
pkill claude

Claude Code uses lock files to prevent conflicts, but crashes or forced terminations can leave stale locks. Check ~/.claude/.lock and remove it if no Claude processes are actually running.

Keeping Claude Code Updated

Regular updates provide bug fixes, new features, and improved AI models.

Automatic Updates (npm)

npm-installed Claude Code checks for updates automatically:

# Check current version
claude --version

# Update to latest version
npm update -g @anthropic-ai/claude-code

# Verify update succeeded
claude --version

Updates apply globally and affect all users on the system. In multi-user environments, coordinate updates to avoid disrupting other developers.

Getting Help and Support

Stuck on something not covered here? You've got several places to turn for help.

Official Documentation

Anthropic maintains comprehensive Claude Code documentation at docs.anthropic.com. The docs cover API details, authentication, model capabilities, and integration examples.

The documentation includes cookbook examples for common use cases, API reference details, and troubleshooting guides.

Community Resources

The Claude Code community provides peer support:

• Anthropic Discord: Active community discussion
• GitHub Issues: Bug reports and feature requests
• Stack Overflow: Tagged questions about Claude Code integration

Search existing issues and discussions before posting new questions - someone may have already solved your problem.

Conclusion

You've now got Claude Code running on Ubuntu Linux with AI assistance right in your terminal. The npm installation takes just minutes, and you're ready to start building.

When you're choosing where to run Claude Code, look for straightforward pricing with no bandwidth overages or unexpected charges. SSD Nodes locks in your rate from day one, so your monthly bill stays predictable while you focus on writing code.

Start simple. Test Claude Code on your current projects, then explore the API integration and automation features as you get comfortable. The tool works like a conversation, not a complicated system you need to master before it's useful.

For remote development work, Claude Code eliminates the usual friction of SSH sessions and context switching. Everything stays in your terminal where it belongs.

Frequently Asked Questions

How do I install Claude Code on Ubuntu?

Install Claude Code on Ubuntu using either npm (npm install -g @anthropic-ai/claude-code) or the native binary installer (curl -fsSL https://claude.ai/install.sh | bash). Both methods require Ubuntu 20.04 or newer. The npm method needs Node.js 18+, while the native binary has no Node.js dependency. After installation, authenticate with your Anthropic API key using claude config.

Can I use Claude Code without installing Node.js on Linux?

Yes, the native binary installation doesn't require Node.js. Download the installer script with curl -fsSL https://claude.ai/install.sh | bash and it installs a standalone binary in ~/.local/bin/claude. This method works perfectly on minimal Ubuntu installations, Docker containers, or any environment where you prefer to avoid npm and Node.js overhead.

How do I fix "error editing file" in Claude Code?

The "error editing file" issue happens when Claude Code lacks permissions to write to your project directory. Fix it by ensuring your user owns the directory (sudo chown -R $USER:$USER /path/to/project) and has write permissions (chmod -R u+w /path/to/project). If working on mounted filesystems or shared directories, verify your user account has appropriate access rights.

What's the difference between Claude Code and Cursor?

Claude Code is a command-line tool that works with any text editor and runs in your terminal. Cursor is a complete IDE (VS Code fork) with AI built directly into the interface. Claude Code excels for terminal-based workflows, SSH development, and integration with existing tools. Cursor provides tighter AI integration within a graphical IDE environment. Choose Claude Code for flexibility and terminal workflows, or Cursor for all-in-one IDE experience.

How do I integrate Claude Code with VS Code?

Install the official Claude Code extension from the VS Code marketplace. The extension connects to your existing Claude Code CLI installation and uses the same API authentication. Alternatively, use Claude Code directly in VS Code's integrated terminal (Ctrl+`) without any extension - this provides full CLI functionality within the IDE interface.

Can I use Claude Code in n8n workflows?

Yes, integrate Claude Code with n8n using either the Execute Command node to run CLI commands or HTTP Request nodes to call Anthropic's API directly. This enables workflow automation like automatic code reviews on commits, scheduled documentation generation, or intelligent deployment validation. Both n8n and Claude Code run perfectly on Ubuntu VPS instances.

When does Claude Code usage reset?

Claude Code usage resets monthly on your billing cycle date (for paid accounts) or daily at 00:00 UTC (for free tier accounts). Check your current usage and reset date in the Anthropic Console dashboard. Usage includes both API requests and token consumption from code analysis and generation tasks.

How does Claude Code compare to GPT-5 for coding?

Claude Sonnet 4.5 offers 200K token context windows (larger than GPT-4), strong code understanding alongside generation, and straightforward API pricing. GPT models excel at raw generation speed but may provide less detailed explanations. Claude Code integrates naturally with any development environment, while GPT-based tools often require specific IDE integration. Both are capable - choose based on context window needs, pricing preferences, and existing ecosystem integration.

Which is better: Gemini CLI or Claude Code?

Claude Code provides deeper code explanations and better understands architectural patterns. Gemini CLI offers multimodal capabilities (images, audio, video) and tight Google Cloud integration. For pure coding assistance on Ubuntu, Claude Code's focused approach and clear API structure often provide better results. Choose Gemini if you're heavily invested in Google Cloud ecosystem or need multimodal AI capabilities.

How do I install Claude Code CLI via npm on Linux?

First install Node.js 18+ from NodeSource repositories: curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt install -y nodejs. Then install Claude Code globally: npm install -g @anthropic-ai/claude-code. Never use sudo with npm install - configure user-level npm directories instead if you encounter permission errors. Verify installation with claude --version and run claude doctor to check configuration.

What command installs Claude Code via npm?

Use npm install -g @anthropic-ai/claude-code to install Claude Code globally via npm. The -g flag installs it system-wide, making the claude command available in all directories. After installation, authenticate with claude config and enter your Anthropic API key when prompted.

Or maybe you're working with a development team where everyone needs different levels of access to the same project files. Sound familiar? These scenarios highlight exactly why understanding the difference between chown and chmod matters in real-world Linux administration.

Note: Want an easy way to calculate Linux permissions? Check out our handy Chmod Calculator.

What's the Difference Between chown and chmod?

The fundamental difference is simple: chmod controls what actions can be performed on a file (read, write, execute), while chown controls who owns the file (which user and group). Think of chmod as setting the rules of engagement, and chown as deciding who gets to play by those rules in the first place.

When you run chmod 755 script.sh, you're defining permissions—the owner can read, write, and execute, while others can only read and execute.

When you run chown alice:developers script.sh, you're changing ownership—now Alice owns the file and it belongs to the developers group, but the permissions (755) remain unchanged.

These commands work together to create Linux's two-layer security model: ownership determines identity, permissions determine capability. You'll use chmod when you need to restrict or expand what people can do with a file. You'll use chown when you need to transfer responsibility for a file to a different user or group.

What Does chmod Stand For?

The chmod command stands for "change mode" where "mode" refers to the permission settings of a file or directory. The name comes from the early days of Unix, when file permissions were simply called the "mode" of a file. When you execute chmod, you're literally changing the access mode that determines who can read, write, or execute that file.

What is chmod and How Does It Work?

The chmod command modifies file permissions using either symbolic notation (letters like rwx) or numeric notation (numbers like 755). It operates on three permission levels (owner, group, and others) and controls three types of access: read (r/4), write (w/2), and execute (x/1).

Here's how chmod works in practice:

# Give everyone read and execute permissions
$ chmod 755 deploy.sh

# Make a file readable and writable only by owner
$ chmod 600 config.yml

# Add execute permission for owner
$ chmod u+x script.sh

# Remove write permission from group and others
$ chmod go-w shared-file.txt

The numeric method adds up permission values: read (4) + write (2) + execute (1) = 7 for full permissions. The symbolic method uses letters (u for user/owner, g for group, o for others) combined with operators (+ to add, - to remove, = to set exactly).

For a complete breakdown of permission numbers like 755, 644, and 700, check out our detailed guide to Linux file permissions, which covers everything from basic symbolic notation to advanced permission patterns.

What Does chown Do?

The chown command changes file ownership, specifically, it modifies which user and/or group owns a particular file or directory. Every file in Linux has both a user owner and a group owner, and chown lets you change either or both of these ownership attributes.

When you change ownership with chown, the permissions set by chmod don't change, only the identity of who those permissions apply to changes. This is crucial for understanding how the two commands complement each other rather than overlap.

What is chown and When Do You Need It?

The chown command (short for "change owner") transfers file ownership from one user or group to another. You need chown in several common scenarios: when files need to belong to a different user after deployment, when setting up shared directories for team collaboration, when configuring web server files to be owned by the web server user, or when fixing ownership issues after copying files between systems.

Here are practical examples of chown in action:

# Change owner to alice
$ chown alice project-file.txt

# Change both owner and group
$ chown alice:developers project-file.txt

# Change only the group
$ chown :developers project-file.txt

# Change ownership recursively for entire directory
$ chown -R www-data:www-data /var/www/html

The syntax follows a simple pattern: chown [user]:[group] [file]. You can change just the user, just the group (using :group), or both at once. The -R flag applies changes recursively to all files and subdirectories, which is essential when managing directory trees.

Understanding the chown Command in Linux

The chown command is your primary tool for managing file ownership in Linux environments. It's particularly critical in multi-user systems where different people or processes need ownership of different files. Unlike chmod, which anyone can use to modify their own files' permissions (within limits), chown typically requires superuser privileges because changing file ownership has significant security implications.

The Syntax of chown

The basic chown syntax follows this pattern:

chown [OPTIONS] [USER][:GROUP] FILE

Let's break down the components:

User specification: You can specify a username or numeric user ID (UID). For example, chown 1000 file.txt and chown john file.txt both work if user john has UID 1000.

Group specification: After a colon or period, add the group name or numeric group ID (GID). Both chown :developers file.txt and chown .developers file.txt change the group ownership.

Combined syntax: The most common pattern is user:group, which changes both simultaneously: chown alice:team project.conf.

Shorthand options: Using chown alice: file.txt (with a trailing colon but no group name) changes the file's group to Alice's login group.

Common chown Options

The chown command supports several useful flags that modify its behavior:

Recursive operation (-R): Applies ownership changes to directories and all their contents. This is essential when managing web directories or project folders:

# Change ownership of entire web directory
$ sudo chown -R www-data:www-data /var/www/myapp

Preserve root (--preserve-root): Prevents accidentally changing ownership of the root directory /, which could break your entire system. Modern versions of chown enable this by default.

Verbose output (-v): Reports every file that gets modified, useful for debugging or confirming changes:

$ sudo chown -Rv alice:developers /home/shared/
changed ownership of '/home/shared/file1.txt' from root:root to alice:developers
changed ownership of '/home/shared/file2.txt' from root:root to alice:developers

Reference file (--reference): Copies ownership from one file to another, matching both user and group:

# Make file2.txt have the same ownership as file1.txt
$ chown --reference=file1.txt file2.txt

Dereference (-h): By default, if you run chown on a symbolic link, it changes the ownership of the target file. Use -h to change the symlink itself instead.

Change Ownership of Files in Linux: Practical Examples

Let's walk through real-world scenarios where you need to change file ownership on a Linux system. These examples reflect situations you'll encounter regularly when managing servers, especially in development environments.

Scenario 1: Deploying a Web Application

After you upload files to your VPS via SFTP or git, they're typically owned by your user account. But your web server (nginx or Apache) runs as a different user, usually www-data on Ubuntu/Debian or nginx/apache on other distributions. The web server needs to own these files to serve them properly:

# Transfer ownership to web server user
$ sudo chown -R www-data:www-data /var/www/html/myapp

# Verify the change
$ ls -l /var/www/html/myapp
drwxr-xr-x 3 www-data www-data 4096 Dec 26 10:00 public
-rw-r--r-- 1 www-data www-data 2048 Dec 26 10:00 index.php

This ensures the web server can read your application files and, if needed, write to specific directories like uploads or cache folders.

Scenario 2: Team Development on Shared VPS

When multiple developers work on the same VPS for development, you need shared directories where everyone can contribute. Here's how to set this up properly:

# Create a shared project directory
$ sudo mkdir /var/projects/teamapp

# Change ownership to a shared group
$ sudo chown -R :developers /var/projects/teamapp

# Verify group ownership
$ ls -ld /var/projects/teamapp
drwxrwxr-x 2 root developers 4096 Dec 26 10:15 /var/projects/teamapp

Now any user in the developers group can work with these files. You'd typically combine this with chmod g+w to ensure group members can write to the directory, but the ownership change via chown is what grants them membership-based access in the first place.

Scenario 3: Fixing Ownership After File Transfers

When you copy files from one user's directory to another, or when you extract archives, ownership often doesn't match your needs:

# Files extracted from backup owned by wrong user
$ ls -l backup/
-rw-r--r-- 1 olduser olduser 5120 Nov 10 08:00 database.sql
-rw-r--r-- 1 olduser olduser 2048 Nov 10 08:00 config.php

# Fix ownership to current user
$ sudo chown -R alice:alice backup/

# Verify the fix
$ ls -l backup/
-rw-r--r-- 1 alice alice 5120 Nov 10 08:00 database.sql
-rw-r--r-- 1 alice alice 2048 Nov 10 08:00 config.php

This is particularly common when migrating projects between servers or restoring from backups where the original user accounts no longer exist.

Scenario 4: Database File Ownership

Database servers like MySQL or PostgreSQL need to own their data directories. If you've moved database files or restored from backup, you might need to fix ownership:

# MySQL data directory ownership
$ sudo chown -R mysql:mysql /var/lib/mysql

# PostgreSQL data directory
$ sudo chown -R postgres:postgres /var/lib/postgresql/14/main

Without correct ownership, the database server can't start or access its data files, leading to service failures.

Change Owner of Directory Linux: The Recursive Approach

Directories present unique challenges because they typically contain many files and subdirectories. When you need to change ownership of an entire directory tree, the -R (recursive) flag becomes essential.

Using chown -R for Directory Trees

The recursive flag tells chown to descend into directories and change ownership of everything it finds:

# Change ownership of directory and all contents
$ sudo chown -R username:groupname /path/to/directory

This single command replaces what would otherwise require changing ownership on potentially thousands of individual files. For a project directory with 500 files across multiple subdirectories, chown -R handles everything in one operation.

Real-World Directory Ownership Example

Consider setting up a shared project directory on a development VPS where your team collaborates:

# Create the project structure
$ sudo mkdir -p /var/projects/webapp/{src,tests,config,logs}

# Set ownership to project lead with developer group
$ sudo chown -R alice:developers /var/projects/webapp

# Verify the recursive change worked
$ ls -lR /var/projects/webapp
/var/projects/webapp:
drwxr-xr-x 2 alice developers 4096 Dec 26 10:30 config
drwxr-xr-x 2 alice developers 4096 Dec 26 10:30 logs
drwxr-xr-x 2 alice developers 4096 Dec 26 10:30 src
drwxr-xr-x 2 alice developers 4096 Dec 26 10:30 tests

Every subdirectory and any future files created inherit appropriate ownership patterns, though you'll want to combine this with proper chmod settings and potentially setgid bits to ensure new files get correct group ownership automatically.

Important Note: When NOT to Use Recursive chown

Be cautious with recursive ownership changes on system directories. Running sudo chown -R username / would try to change ownership of your entire filesystem, breaking system files and potentially making your system unbootable. Always specify the exact path you intend to modify:

# DANGEROUS - Don't do this
$ sudo chown -R alice /

# SAFE - Specific path
$ sudo chown -R alice /home/alice/projects

Modern chown versions include --preserve-root by default to prevent the first scenario, but it's still worth understanding the risk.

Unix chown Command: Understanding the Relationship with chmod

While chown and chmod are separate commands, they work together to create Linux's comprehensive security model. Understanding when to use each—and when to use both—separates effective system administration from constant permission headaches.

The Two-Layer Security Model

Linux file security operates on two distinct layers:

Layer 1: Ownership (chown): Establishes identity (who owns the file and which group it belongs to). This is the "who" of file access.

Layer 2: Permissions (chmod): Defines capabilities (what the owner, group members, and others can do with the file). This is the "what" of file access.

You can't skip either layer. A file might have perfect permissions (chmod 644), but if it's owned by the wrong user (needs chown), those permissions apply to the wrong person. Conversely, a file might be owned by the right user, but without appropriate permissions set via chmod, that user still can't access it properly.

Combining chown and chmod for Complete Control

Most real-world scenarios require both commands working in tandem. Here's a complete example of setting up a web application directory:

# Start with a fresh directory
$ sudo mkdir /var/www/myapp

# Step 1: Set ownership to web server user
$ sudo chown -R www-data:www-data /var/www/myapp

# Step 2: Set directory permissions (755)
$ sudo find /var/www/myapp -type d -exec chmod 755 {} \;

# Step 3: Set file permissions (644)
$ sudo find /var/www/myapp -type f -exec chmod 644 {} \;

# Step 4: Make specific directories writable for uploads/cache
$ sudo chmod 775 /var/www/myapp/storage
$ sudo chmod 775 /var/www/myapp/cache

# Verify the complete setup
$ ls -la /var/www/myapp
drwxr-xr-x 5 www-data www-data 4096 Dec 26 11:00 .
drwxr-xr-x 3 root     root     4096 Dec 26 10:45 ..
-rw-r--r-- 1 www-data www-data 2048 Dec 26 11:00 index.php
drwxrwxr-x 2 www-data www-data 4096 Dec 26 11:00 storage

This workflow demonstrates the relationship: chown establishes that www-data owns everything, then chmod defines what www-data (and others) can actually do with those files.

Common Permission and Ownership Patterns

Certain combinations of chown and chmod appear repeatedly in Linux administration:

Web server files:

$ sudo chown -R www-data:www-data /var/www/html
$ sudo chmod -R 755 /var/www/html
# Owner (www-data) has full control, others can read/execute

SSH private keys:

$ chown username:username ~/.ssh/id_rsa
$ chmod 600 ~/.ssh/id_rsa
# Only owner can read/write, everyone else blocked completely

Shared development directory:

$ sudo chown -R :developers /var/projects/shared
$ sudo chmod -R 775 /var/projects/shared
# Group has write access, others can read

Log files:

$ sudo chown syslog:adm /var/log/application.log
$ sudo chmod 640 /var/log/application.log
# Owner can write logs, group can read them, others blocked

Each pattern serves a specific security purpose. The chown portion identifies who's involved, the chmod portion defines the access rules.

chown vs chmod: When to Use Each Command

Knowing which command solves which problem is crucial for efficient Linux administration. Here's how to decide between chown and chmod based on the situation you're facing.

Use chmod When You Need to Control Access Levels

Reach for chmod when the question is "what can people do with this file?" You're not changing who owns it, you're changing what's allowed:

Scenario: You have a script that shouldn't be executable by random users.
Solution: chmod 644 script.sh (removes execute permission for everyone)

Scenario: A configuration file contains sensitive credentials.
Solution: chmod 600 config.ini (only owner can read/write)

Scenario: A shared directory needs to allow group members to create files.
Solution: chmod 775 /shared/projects (adds write permission for group)

Scenario: You've created a new shell script that needs to run.
Solution: chmod +x deploy.sh (adds execute permission)

The common thread: you're modifying capabilities, not identities.

Use chown When You Need to Transfer Ownership

Reach for chown when the question is "who should own this file?" The permissions might be perfect, but they're assigned to the wrong user or group:

Scenario: Files uploaded via SFTP are owned by your user account, but the web server needs to own them.
Solution: sudo chown -R www-data:www-data /var/www/html/uploads

Scenario: A developer leaves the team and their project files need new ownership.
Solution: sudo chown -R newlead:developers /var/projects/legacy-app

Scenario: Database files were restored from backup with wrong ownership.
Solution: sudo chown -R mysql:mysql /var/lib/mysql

Scenario: You're setting up a collaborative directory for a specific team.
Solution: sudo chown -R :engineering /var/projects/api-v2

The common thread: you're changing who's responsible for the file, not what they can do with it.

Use Both When Setting Up New Services

Most service configurations require both commands working together. When you deploy a new application to a VPS server, you'll typically need to:

1. Set ownership to the appropriate user/group (chown)
2. Set permissions for security and functionality (chmod)

Here's a complete Rails application deployment example:

# Deploy the application
$ git clone https://github.com/example/rails-app.git /var/www/rails-app

# Set ownership to app user
$ sudo chown -R rails:rails /var/www/rails-app

# Set secure defaults for files and directories
$ sudo find /var/www/rails-app -type d -exec chmod 755 {} \;
$ sudo find /var/www/rails-app -type f -exec chmod 644 {} \;

# Make scripts executable
$ sudo chmod +x /var/www/rails-app/bin/*

# Secure credentials
$ sudo chmod 600 /var/www/rails-app/config/database.yml
$ sudo chmod 600 /var/www/rails-app/config/master.key

# Allow application to write to specific directories
$ sudo chmod 775 /var/www/rails-app/tmp
$ sudo chmod 775 /var/www/rails-app/log
$ sudo chmod 775 /var/www/rails-app/public/uploads

This combination ensures the application owns its files (chown), has appropriate access levels (chmod for most files), and can write where needed (additional chmod on specific directories).

Practical chown and chmod Scenarios for Development Teams

Development teams working on shared VPS infrastructure face unique permission challenges. Getting the ownership and permission balance right prevents the "it works on my machine" problem from becoming "nobody can access our files."

Multi-User Development Environment Setup

When multiple developers share a VPS for collaborative projects, you need ownership and permissions that enable cooperation without creating security holes:

# Create a shared group for the team
$ sudo groupadd webdev

# Add team members to the group
$ sudo usermod -a -G webdev alice
$ sudo usermod -a -G webdev bob
$ sudo usermod -a -G webdev charlie

# Create project directory with group ownership
$ sudo mkdir /var/projects/company-site
$ sudo chown -R :webdev /var/projects/company-site

# Set permissions for collaborative work
$ sudo chmod -R 775 /var/projects/company-site

# Set setgid bit so new files inherit group ownership
$ sudo chmod g+s /var/projects/company-site

The setgid bit (set group ID) is crucial here—it ensures that when Alice creates a file in this directory, it automatically belongs to the webdev group rather than her personal group. This prevents the common issue where one developer's files are inaccessible to teammates.

Handling File Uploads and User-Generated Content

Web applications that accept file uploads need careful ownership and permission configuration. The web server must be able to write uploaded files, but you don't want to give it write access to your entire application:

# Application owned by deployment user
$ sudo chown -R deploy:deploy /var/www/webapp

# Upload directory owned by web server with group sticky bit
$ sudo chown -R www-data:deploy /var/www/webapp/public/uploads
$ sudo chmod 2775 /var/www/webapp/public/uploads

# Verify the setup
$ ls -ld /var/www/webapp/public/uploads
drwxrwsr-x 2 www-data deploy 4096 Dec 26 11:30 /var/www/webapp/public/uploads

The 2775 permission includes the setgid bit (the "2" prefix), which means uploaded files will be accessible to both the web server user (www-data) and deployment users in the deploy group.

Managing Deployment Permissions

Automated deployment systems need specific ownership patterns to work correctly. Here's a typical CI/CD setup where a deployment user manages application files:

# Create deployment user
$ sudo useradd -m -s /bin/bash deploy
$ sudo usermod -a -G www-data deploy

# Set up application ownership
$ sudo chown -R deploy:www-data /var/www/production-app

# Directories need group write for deployment
$ sudo find /var/www/production-app -type d -exec chmod 775 {} \;

# Files should be group readable but not writable
$ sudo find /var/www/production-app -type f -exec chmod 664 {} \;

# Except uploaded content which web server owns
$ sudo chown -R www-data:www-data /var/www/production-app/storage/uploads
$ sudo chmod -R 755 /var/www/production-app/storage/uploads

This structure lets the deployment user update application code while the web server can read files and write to designated upload areas.

Temporary Permission Escalation

Sometimes developers need temporary elevated permissions for specific tasks. Rather than constantly using sudo, you can grant ownership temporarily:

# Developer needs to debug production logs
$ sudo chown alice:alice /var/log/webapp/production.log
$ sudo chmod 600 /var/log/webapp/production.log

# Alice can now read logs directly
$ tail -f /var/log/webapp/production.log

# When finished, restore proper ownership
$ sudo chown syslog:adm /var/log/webapp/production.log
$ sudo chmod 640 /var/log/webapp/production.log

This is safer than opening permissions globally, as it limits elevated access to specific files for specific timeframes.

Common chown and chmod Mistakes to Avoid

Even experienced administrators make permission mistakes that can create security vulnerabilities or break applications. Here are the most common pitfalls and how to avoid them.

Mistake 1: Using chmod 777 as a Quick Fix

When something doesn't work, the temptation is strong to just run chmod 777 and move on. Don't do this. It grants full read, write, and execute permissions to everyone on the system:

# DANGEROUS - Never do this
$ chmod 777 /var/www/html
$ chmod -R 777 /var/www/application

This creates massive security holes. Anyone with access to your system can modify or execute these files. Instead, identify the specific permission problem:

# Better approach - diagnose then fix specifically
$ ls -l /var/www/html/index.php
-rw-r--r-- 1 alice alice 2048 Dec 26 12:00 index.php

# Web server can't read because it's owned by alice
# Fix: Change ownership, not permissions
$ sudo chown www-data:www-data /var/www/html/index.php

Mistake 2: Forgetting Recursive Operations Affect Everything

The -R flag is powerful but dangerous if you're not careful about what directory you target:

# DANGEROUS - This breaks system files
$ sudo chown -R username /etc

# SAFE - Be specific about subdirectories
$ sudo chown -R username /etc/myapp

Always double-check your path before running recursive ownership or permission changes. One typo can affect thousands of files.

Mistake 3: Changing Permissions Without Changing Ownership

You set perfect permissions, but the file still doesn't work because it's owned by the wrong user:

# This doesn't help if www-data doesn't own the file
$ sudo chmod 644 /var/www/config.php

# Need both ownership and permissions
$ sudo chown www-data:www-data /var/www/config.php
$ sudo chmod 644 /var/www/config.php

Remember that permissions are applied to the owner, group, and others based on the ownership attributes. Changing permissions without checking ownership first is treating the symptom, not the cause.

Mistake 4: Breaking SSH by Wrong Key Permissions

SSH is notoriously strict about key file permissions. If they're too permissive, SSH refuses to use them:

# This breaks SSH access
$ chmod 644 ~/.ssh/id_rsa
$ ssh user@server
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'id_rsa' are too open.

# Fix: Private keys must be 600, owned by you
$ chmod 600 ~/.ssh/id_rsa
$ chown username:username ~/.ssh/id_rsa

The SSH directory itself also needs specific permissions: chmod 700 ~/.ssh ensures only you can access it.

Mistake 5: Not Testing Permission Changes

After changing permissions or ownership, always verify the change worked and didn't break anything:

# Make changes
$ sudo chown -R www-data:www-data /var/www/myapp
$ sudo chmod -R 755 /var/www/myapp

# Verify ownership
$ ls -l /var/www/myapp
drwxr-xr-x 3 www-data www-data 4096 Dec 26 12:30 public
-rw-r--r-- 1 www-data www-data 2048 Dec 26 12:30 index.php

# Test the application
$ curl http://localhost/myapp/
# Should return content, not permission errors

This catch errors before they affect users or break production systems.

Advanced Permission Concepts: Beyond Basic chown and chmod

Once you've mastered the fundamentals, these advanced concepts give you even more precise control over file access in complex scenarios.

The setuid and setgid Bits

Special permission bits allow programs to run with elevated privileges or ensure files inherit group ownership:

setuid (Set User ID): When set on an executable, it runs with the permissions of the file's owner, not the user executing it. The classic example is the passwd command, which needs root privileges to modify /etc/shadow:

# The passwd command has setuid set
$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 68208 Nov 29 2022 /usr/bin/passwd
# Notice the 's' in place of 'x' for owner permissions

You can set the setuid bit with chmod 4755 (the "4" represents setuid) or chmod u+s.

setgid (Set Group ID): On directories, this ensures new files inherit the directory's group ownership rather than the creator's primary group:

# Set setgid on a shared directory
$ sudo chmod g+s /var/projects/shared
$ ls -ld /var/projects/shared
drwxrwsr-x 2 root developers 4096 Dec 26 13:00 /var/projects/shared
# Notice the 's' in the group permissions

This is essential for collaborative directories where multiple users need consistent group access.

The Sticky Bit for Shared Directories

The sticky bit prevents users from deleting files they don't own, even if the directory permissions would normally allow it. This is commonly used on /tmp:

# Check /tmp permissions
$ ls -ld /tmp
drwxrwxrwt 15 root root 4096 Dec 26 13:15 /tmp
# Notice the 't' at the end

# Set sticky bit on a shared directory
$ sudo chmod +t /var/shared/uploads
$ ls -ld /var/shared/uploads
drwxrwxr-t 2 root root 4096 Dec 26 13:20 /var/shared/uploads

Now users can create files in this directory, but they can only delete their own files, not files created by others.

Access Control Lists (ACLs) for Fine-Grained Control

Traditional Unix permissions are limited to owner, group, and others. ACLs allow you to grant specific permissions to specific users without changing the file's group:

# Give user 'bob' read access to a file without changing ownership
$ setfacl -m u:bob:r file.txt

# View ACL permissions
$ getfacl file.txt
# file: file.txt
# owner: alice
# group: developers
user::rw-
user:bob:r--
group::r--
mask::r--
other::---

ACLs solve the problem where you need to grant access to multiple specific users without creating complex group structures.

Testing Your Understanding: Hands-On Practice

The best way to master chown and chmod is through hands-on practice. If you want to experiment safely without risking a production system, spin up a development VPS where you can try these commands freely, and even if you mess up, you can just reinstall your OS and start fresh.

Here are some practical exercises to solidify your understanding:

Exercise 1: Basic Ownership and Permission Changes

# Create test files
$ mkdir -p ~/practice/testdir
$ touch ~/practice/testfile.txt
$ touch ~/practice/script.sh

# Practice chown
$ sudo chown :users ~/practice/testfile.txt
$ ls -l ~/practice/testfile.txt
# Should show group changed to 'users'

# Practice chmod
$ chmod 755 ~/practice/script.sh
$ ls -l ~/practice/script.sh
# Should show -rwxr-xr-x

# Try symbolic notation
$ chmod u+x,g-w,o-r ~/practice/testfile.txt
$ ls -l ~/practice/testfile.txt
# Should show modified permissions

Exercise 2: Web Server Scenario

# Simulate web application setup
$ mkdir -p ~/webapp/{public,storage,logs}
$ touch ~/webapp/public/index.html
$ touch ~/webapp/storage/cache.db

# Set appropriate ownership (using your username instead of www-data)
$ sudo chown -R $USER:$USER ~/webapp

# Set appropriate permissions
$ chmod 755 ~/webapp/public
$ chmod 775 ~/webapp/storage
$ chmod 775 ~/webapp/logs
$ chmod 644 ~/webapp/public/index.html

# Verify your setup
$ ls -lR ~/webapp

Exercise 3: Multi-User Collaboration

# Create a shared project structure
$ sudo mkdir -p /tmp/team-project/{src,docs,bin}
$ sudo chown -R :users /tmp/team-project
$ sudo chmod -R 775 /tmp/team-project

# Set setgid so new files inherit group
$ sudo chmod g+s /tmp/team-project

# Test creating files as different users
$ touch /tmp/team-project/src/myfile.txt
$ ls -l /tmp/team-project/src/myfile.txt
# Should show group ownership of 'users'

Troubleshooting Common Permission Issues

When things go wrong with file permissions or ownership, these diagnostic steps help identify and fix the problem quickly.

Diagnosing Permission Problems

Start by examining the current state:

# Check ownership and permissions
$ ls -l problematic-file.txt
-rw-r--r-- 1 alice developers 2048 Dec 26 14:00 problematic-file.txt

# Check which user is trying to access it
$ whoami
bob

# Check if bob is in the developers group
$ groups bob
bob : bob developers

# Check if the process trying to access it runs as a different user
$ ps aux | grep process-name
www-data 1234 0.0 0.1 12345 6789 ? Ss 14:00 0:00 process-name

This reveals the mismatch: Bob is in the developers group and should have read access, but if a process runs as www-data, it only gets "other" permissions (the final r--).

Common Solutions

Web server can't read files: Usually an ownership issue, not permissions:

$ sudo chown -R www-data:www-data /var/www/html

Users can't write to shared directory: Need both group ownership and write permissions:

$ sudo chown -R :developers /shared/project
$ sudo chmod -R 775 /shared/project
$ sudo chmod g+s /shared/project  # setgid for new files

Application can't write to logs: Ownership and directory permissions both matter:

$ sudo chown -R appuser:appuser /var/log/myapp
$ sudo chmod 755 /var/log/myapp
$ sudo chmod 644 /var/log/myapp/*.log

SSH key rejected: Too permissive permissions on private key:

$ chmod 600 ~/.ssh/id_rsa
$ chmod 700 ~/.ssh

Conclusion: Mastering File Ownership and Permissions

Understanding the difference between chown and chmod is fundamental to effective Linux system administration. These commands work together to create a flexible, secure environment where the right users have the right access to the right files.

Remember the core principle: chown controls who owns files (identity), while chmod controls what can be done with them (capability). Most real-world scenarios require both commands working in concert, setting ownership first with chown, then defining permissions with chmod.

As you work with these commands more, the patterns become second nature. Web applications need files owned by the web server user with read permissions for everyone. Shared development directories need group ownership with setgid bits. SSH keys need restrictive 600 permissions owned by a single user. Collaborative projects need careful balance of user and group permissions.

The best way to truly master these concepts is through hands-on practice on your own SSD Nodes VPS environment, where you can experiment freely without risk. Whether you're deploying applications, managing development teams, or securing production systems, chown and chmod are tools you'll use daily (getting comfortable with them now pays dividends throughout your Linux administration career).

Note: The best way to master these permissions is to get your own Linux VPS server and learn by doing. The best part? We provide the best low-cost reliable VPS plans in the market!

Want an easy way to calculate Linux permissions? Check out our handy Chmod Calculator.

$ ls -l
drwxr-xr-x  3 dd users   4096 Jun  10 08:01 Pictures
-rw-r--r--  1 dd users   2048 Jun  15 14:30 readme.txt

$ ls -l filename

$ stat filename

$ ls -l
drwxr-xr-x  3 dd users   4096 Jun  10 08:01 Pictures
...
...

c: Character device
b: Block device
s: socket
p: pipe
l: symbolic link etc.

$ ls -l filename

$ chmod 644 config.conf

$ chmod 711 /home/username

$ chmod 700 ~/.ssh

$ chmod 600 ~/.ssh/id_rsa
$ chmod 600 ~/.ssh/id_ed25519

$ chmod 755 my-directory
$ ls -ld my-directory
drwxr-xr-x 2 username group 4096 Dec 20 10:00 my-directory

$ chmod +x hello.sh
         OR
$ chmod a+x hello.sh
// 'a' means all

$ chmod u+x hello.sh

$ chmod u+xw hello.sh

$ chmod ug+w hello.sh

$ chmod u=rwx,g=rw,o=rw example.txt

# Remove write permission from group
$ chmod g-w readme.txt

# Remove execute permission from both owner and group
$ chmod ug-x script.sh

# Remove all permissions from group and others recursively
$ chmod -R go-rwx test_directory

# Remove write and execute from others
$ chmod o-wx script.sh

# Remove all permissions from others
$ chmod o-rwx confidential.txt

# Remove read from group, write from others
$ chmod g-r,o-w shared-file.txt

# Remove write permission from group and others
$ chmod go-w config.conf
# Result: -rw-r--r-- (644 permissions)

# Remove write from group/others, remove execute from all
$ chmod go-w,a-x /var/www/uploads/file.jpg
# Result: Files become 644 (rw-r--r--)

# Remove all access for group and others
$ chmod -R go-rwx /backups/project-archive/
# Result: Only owner can access

$ chmod a-x my-directory/
$ cd my-directory/
bash: cd: my-directory/: Permission denied

# CAREFUL: This locks out everyone from entire web directory
$ chmod -R go-rwx /var/www/html/  # Can break your website!

# Better: Target specific subdirectories
$ chmod -R go-rwx /var/www/html/private/

# Add execute for owner, remove for group and others
$ chmod u+x,go-x script.sh

# Add read for owner, remove write for group
$ chmod u+r,g-w document.txt

$ chmod go-w important.txt
$ ls -l important.txt
-rw-r--r-- 1 john users 2048 Dec 20 10:00 important.txt

$ chmod 755 hello.sh
// Sets all permission to owners and read/execute permission to group and others

$ chmod 0755 hello.sh
// Same as 755

$ chmod u+s hello.sh
        OR
$ chmod 4664 hello.sh

// Sets the suid bit of the file hello.sh

$ ls -l hello.sh
-rwSrw-r-- 1 peter peter 0 Jun 13 10:16 hello.sh

// The fourth character in the permission shows the suid bit is set.
// The capital 'S' signifies that executable bit is not set otherwise executable bit will be 's'

$ chmod g+s test_directory
          OR
$ chmod 2755 test_directory

$ ls -ld test_directory/
drwxrwsr-x 3 peter peter 4096 Jun 12 10:30 test_directory/

$ chmod o+t some_directory

$ ls -ld some_directory
drwxrwxr-t 2 peter peter 4096 Jun 12 11:47 some_directory

$ chmod o-t some_directory

$ chown dd hello.sh
// changes the owner of the file only.

$ chown dd:users hello.sh
             OR
$ chown dd.users hello.sh

$ chown dd. hello.sh
      OR
$ chown dd: hello.sh

$ chown .users hello.sh
        OR
$ chown :users hello.sh

 $ chown -R dd:admin some_directory

Every minute, automated bots scan for vulnerabilities.

They probe ports, test passwords, and look for any way inside your system.

I learned this the hard way in 2019 when one of my WordPress sites got compromised. We had all the usual security plugins, but we forgot the most basic protection: a proper firewall.

The attackers found an open port we didn't even know existed and used it to inject malware into every page.

That incident taught me something crucial: firewalls aren't just helpful. They're essential. The stats back this up too. Check Point's 2025 report shows cyber attacks increased 47% globally, with 20.5 million DDoS attacks blocked in Q1 2025 alone.

Here's how a properly configured VPS firewall with SSD Nodes Firewall Groups protects five different types of servers from the most common attacks.

How to Setup a VPS Firewall

This article will walk you through how to setup a VPS firewall and explain why you need a firewall in the first place. As well as going through 5 essiential firewall use cases.

Note: SSD Nodes Advanced Firewall Groups is a paid add-on you can assign to your server during checkout or in your dashboard from the Add-ons tab. For less than half a cup of coffee per month, you get the peace of mind that your servers aren't sitting wide open to attackers.

1. Website Protection: Stopping the Flood Before It Starts

Web servers face the most diverse attacks in 2025. DDoS attacks now reach record-breaking volumes of 11.5 Tbps, while hackers constantly probe for SQL injection points and brute force admin panels.

These attacks happen automatically through botnets that scan every IP address on the internet looking for vulnerable WordPress installations, exposed admin panels, or misconfigured services.

WordPress sites get hit especially hard because of their popularity and plugin ecosystem. Q1 2025 data shows WordPress vulnerabilities increased 24%, with 58.86% requiring no authentication to exploit.

The most dangerous attacks target the wp-options table where malware gets stored, and checkout forms in WooCommerce stores where credit card data flows.

How SSD Nodes Firewall Groups Protect Your Website

With the increasing danger of malicious attacks. Here is a quick step by step guide to protect your website with SSD Nodes Firewall Groups:

Step 1: Create a Web Server Group

• Open your SSD Nodes dashboard and go to Firewall Groups
• Click "Create Group" and name it "Web Server Protection"
• Set direction to "Inbound"

Step 2: Allow Essential Web Traffic

• Click the icon of the "Web Server Protection" group. Then “Create Rule”.
• Create rule 1: Accept TCP port 80 (HTTP) from all sources
• Create rule 2: Accept TCP port 443 (HTTPS) from all sources
• Create rule 3: Accept TCP port 22 (SSH) from your office IP only

Step 3: Block Everything Else

• Create rule 4: Drop all other TCP traffic from all sources

This catches port scans, unusual connection attempts, and unknown protocols

Step 4: Apply to Your Server

• Link the firewall group to your web server
• Click "Apply Rules" to activate protection

For detailed instructions check out our Introducing Firewall Groups article.

This setup blocks 99% of automated attacks while keeping your site accessible.

The beauty of this configuration lies in its simplicity and effectiveness.

Most web attacks rely on finding open ports that shouldn't be exposed to the internet. By explicitly allowing only the ports your website actually needs and blocking everything else, you eliminate the attack surface that bots constantly probe.

The key security principle here is restricting SSH access to known IP addresses, which alone prevents most brute force attempts since attackers can't even reach the SSH service from unauthorized locations.

2. Game Server Security: Protecting Your Gaming Community

Gaming servers face massive DDoS attacks that often target both the server infrastructure and individual players.

These attacks aren't random, they're often coordinated efforts by rival gaming communities, cheaters trying to disrupt competitive matches, or extortion attempts against popular servers.

The scale has grown massively with the rise of gaming-as-a-service platforms and the increasing value of rare in-game items.

Counter-Strike 2 patched a vulnerability that exposed player IP addresses, which could lead to targeted DDoS attacks.

Minecraft servers were once vulnerable to a Log4j exploit that enabled remote code execution.

But you can prevent many of these attacks through a good firewall setup.

SSD Nodes Protection for Game Servers

Here how to use SSD Nodes Firewall Groups to protect your game servers:

Step 1: Identify Your Game Ports

• Minecraft Java: TCP/UDP 25565
• Valheim: UDP 2456-2458
• Counter-Strike 2: UDP/TCP 27015
• Rust: UDP 28015

Step 2: Create Game-Specific Rules

• Allow your game's specific ports from all sources (players need access)
• Allow SSH (port 22) from your admin IP only
• Allow RCON or admin ports from trusted IPs only

Step 3: Monitor and Adjust

• Check connection logs weekly
• Add suspicious IP ranges to your block list
• Update rules when your game updates ports

Gaming firewalls need careful balance between security and accessibility. You need protection without blocking legitimate players from around the world.

The challenge though, lies in distinguishing between legit gaming traffic and malicious attacks since both often use similar protocols and patterns

3. Database Server Security: Your Last Line of Defense

Database attacks increased dramatically in 2025 as cybercriminals realized that databases contain the most valuable information.

These vulnerabilities demonstrate how even mature database systems face ongoing security challenges that require both patching and network-level protection.

Database servers should never face the open internet directly, yet many developers expose MySQL port 3306 or PostgreSQL port 5432 for convenience during development or testing. This practice creates massive security holes because database protocols weren't designed for internet exposure.

The Shodan search engine regularly finds thousands of exposed database instances with default credentials or no authentication at all. Even with strong passwords, direct database exposure increases attack surface and creates unnecessary risk.

Database Protection with SSD Nodes

To protect your database, you can follow these steps:

Step 1: Create Database-Only Group

• Name: "Database Server Access"
• Direction: Inbound
• Goal: Block everything except application servers

Step 2: Application Server Access Only

Allow TCP ports 3306 (MySQL) 5432 (PostgreSQL) 6379 (Redis) from your server IPs or localhost only.

Step 3: Admin Access

• Allow SSH (port 22) from your admin workstation IP only
• Never allow database ports from 0.0.0.0/0 (anywhere)
• Use VPN if you need remote database access

Step 4: Backup and Monitoring

• Allow necessary monitoring tools from specific IPs
• Configure backup script access through internal network only

The principle here is simple but critical: databases should only communicate with applications, never directly with the internet.

Every direct database connection from unknown IP addresses should trigger immediate security alerts. This network segmentation approach creates a security perimeter where even if application servers get compromised, the database remains protected behind additional access controls.

Modern cloud architectures support this through VPC networks, security groups, and private subnets that keep database traffic isolated from public internet access.

4. Development Environment Safety: Protecting Your Testing Ground

Development servers often have the worst security practices in any organization. Developers expose ports 3000, 8080, and 8000 for testing convenience, use default passwords because "it's just dev," and skip security updates to avoid breaking their development workflow.

This creates a false sense of security since development environments often contain production data copies, API keys, and source code that attackers find extremely valuable.

Attackers specifically hunt for development servers because they know these environments typically have weaker security controls while containing sensitive information about production systems.

SSD Nodes Dev Environment Protection

To secure your development environment, follow these steps in your SSD Nodes dashboard:

Step 1: Create Development Access Group

• Name: "Dev Environment Access"
• Plan for multiple development ports
• Restrict access to your team only

Step 2: Common Development Ports

To secure access for development teams, a firewall should be configured to allow specific application ports only from authorized IP addresses. For example, allowing TCP port 3000 for React/Node.js development from office IPs, TCP port 8080 for alternative HTTP from team IPs, etc

Step 3: Team Access Management

• Create IP whitelist for all team members
• Update firewall rules when team members change
• Use VPN for remote developers

Step 4: Staging Environment Rules

Always mirror production firewall rules in staging, and make sure to test security configurations before production deployment. And of course, never ever expose staging databases to the internet

Development firewall rules should mirror production security as closely as possible to catch configuration issues before they reach live systems.

This prevents the common problem where applications work perfectly in development but fail in production due to security restrictions.

Testing security configurations in development environments saves time and prevents outages caused by overly restrictive production firewalls that block legitimate application traffic.

5. API Server Security: Protecting Your Digital Interfaces

APIs face the worst attack landscape in 2025 because they've become the main way applications communicate and share data.

The most concerning trend is that 95% of API attacks come from authenticated users rather than external threats.

This is because of credential compromise, insider threats, or session hijacking attacks where legitimate user accounts get used for malicious purposes.

Traditional security fails against these attacks because the traffic appears legitimate from a network perspective.

REST APIs face broken object-level authorization attacks where users can access data they shouldn't see by manipulating object IDs in API calls. GraphQL APIs deal with query complexity attacks where deeply nested queries consume server resources, and introspection abuse where attackers map out the entire API schema to find vulnerabilities.

Both API types require careful rate limiting, input validation, and access control that goes beyond simple network filtering.

Your API Protection Essientials

Step 1: Create API Access Group

• Name: "API Server Protection"
• Secure HTTP and HTTPS traffic

Step 2: Basic API Access Rules

• Allow TCP port 443 (HTTPS)
• Allow TCP port 80 (HTTP)
• Block all non-HTTP protocols

Make sure to also use rate limit to prevent your server from being abused.

API firewalls work best when combined with application-layer protection becasue network-level filtering can only do so much.

Emergency SSH Lockdown: Complete Access Denial

Sometimes you need to completely shut down SSH access to your server. Maybe you detected suspicious login attempts. Maybe you're running maintenance and want zero external connections. Or maybe you just want peace of mind while you're away.

One Reddit user asked exactly this:

"How do you deny all incoming connections to SSH port 22 via cloud firewall? I want to deny all incoming TCP traffic to SSH port to prevent connecting. If I want to connect via SSH again I would simply remove the rule from the dashboard."

This is actually a smart security practice. Complete SSH denial creates an air gap that no attacker can cross.

Complete SSH Lockdown with SSD Nodes

Step 1: Create Emergency Lockdown Group

• Go to your SSD Nodes Firewall Groups dashboard
• Create new group: "Emergency SSH Lockdown"
• Set direction to "Inbound"

Step 2: Create the Lockdown Rule

• Protocol: TCP
• Port: 22
• Source: All
• Action: Drop
• Description: "Emergency SSH lockdown - remove to restore access"

Step 3: Apply the Lockdown

• Link this group to your server
• Click "Apply Rules"

SSH access will now be completely blocked.

Step 4: Restore Access When Needed

• Simply unlink the firewall group from your server
• Or delete the specific SSH drop rule

SSH access should return immediately.

Real-World Firewall Implementation Tips

Setting up firewall rules takes planning. So you must start simple with basic port allow/deny rules, then add complexity as you get comfortable with the system.

Overly complex initial configurations often create security holes or block legitimate traffic.
And please keep your rules current through regular maintenance.

Review firewall logs weekly to spot attack patterns and check for legitimate traffic getting blocked.

Update rules when services change ports or IP addresses, and remove outdated exceptions that just add unnecessary complexity.

Also, plan for emergencies before you need them, and test these emergency procedures regularly and document the steps so your team can use them during actual emergencies.

The Cost of Not Having a Firewall

Unprotected servers don't last long in 2025. Ransomware attacks increased 126% Year over Year in 2025, while the average data breach costs $4.88 million.

Small businesses think they're safe, but automated attacks don't discriminate. Bots scan every IP address on the internet. They probe every port. They test every common password.

Sure, a firewall won't stop every attack, but it does stop the easy ones. And most attacks are easy ones . bots looking for quick wins, not sophisticated hackers targeting your specific business.

Beyond Basic Protection

SSD Nodes' Firewall Groups give you enterprise-level protection through a simple interface. You don't need to memorize iptables commands or worry about locking yourself out of your server.

The key is thinking defensively.

Every open port is a potential entry point. Every service needs justification. Every rule needs a purpose.

Set up your firewall rules today. Your future self will thank you when the next wave of attacks hits. Check out SSD Nodes' Firewall Groups in your dashboard.

Traffic spikes, last-minute deployments, and the nagging fear that something will break at the worst possible time.

Maybe you're running an e-commerce site that's about to get hammered with Black Friday traffic.

Or you're managing client servers that absolutely cannot go down during the busiest shopping season of the year.

Either way, the last thing you need is a 3 AM emergency because you didn't prepare.

This guide gives you the essential tools and strategies to keep your VPS infrastructure solid through the holiday chaos. Think of it as your holiday survival kit for keeping servers up when you're checked out.

We'll cover monitoring, security hardening, automation, and backup strategies that actually work when things go sideways.

Plus, we'll talk about why now is the perfect time to lock in your hosting costs for 2025. Before Black Friday deals disappear and prices reset in January.

The Holiday Server Reality Check

Here's what happens every year: Traffic increases by 200-400% during shopping events. Sites that normally handle 5,000 daily visitors suddenly deal with 20,000.

Servers that cruise along at 20% CPU usage spike to 70%.

And that's just the legitimate traffic. Attackers know this is prime time too. Security scans increase. Login attempts multiply. Your server logs fill with probing attempts from bots looking for easy targets.

You need to be ready before the surge hits.

Essential Monitoring: Know Before Things Break

The first rule of holiday survival is simple: you can't fix what you can't see.

Most server disasters start small. A memory leak that slowly consumes RAM. A database query that gets slower each day. A log file that grows until it fills your disk.

If you catch these early, they're minor fixes. If you don't notice until your site goes down at midnight on Black Friday, you're in trouble.

Set Up Basic Monitoring

At minimum, you need to track:

• CPU usage: Sustained high usage indicates performance problems
• RAM consumption: Memory leaks will kill your server eventually
• Disk space: Running out of storage crashes everything
• Network traffic: Unusual spikes might indicate attacks or bot traffic

You don't need expensive monitoring solutions. Simple tools like htop should work fine:

# Check current resource usage
htop

# Monitor disk space
df -h

# Watch network connections
netstat -tuln

For something more automated, Linux server management tools like Netdata or Grafana can send alerts when things go wrong. The key is setting realistic thresholds, not so sensitive that you ignore false alarms, but not so loose that you miss real problems.

Why This Matters Now

With Black Friday approaching, this is the time to establish your baseline metrics. Run monitoring for a week or two under normal conditions. Then you'll know what "normal" looks like when holiday traffic hits.

And if you're planning to upgrade your SSD Nodes VPS servers or lock in better pricing during Black Friday sales, you'll have the data to choose the right specs based on actual usage patterns rather than guesses.

VPS Security Hardening: Lock Down Before the Rush

Security always matters, but the holidays make you a bigger target. More traffic means more attack attempts. More transactions mean more valuable data. More rushed deployments mean more chances to miss something.

Let's cover the essentials that stop 95% of attacks without requiring a security engineering degree.

Step 1: Update Everything Right Now

Seriously. Update your operating system, update your applications, update everything. Attackers exploit known vulnerabilities, and most of those vulnerabilities already have patches available.

For Ubuntu/Debian systems:

sudo apt update
sudo apt upgrade

For Rocky Linux/AlmaLinux/CentOS:

sudo dnf check-update
sudo dnf upgrade

Set aside an hour this week to update your entire infrastructure. Test that everything still works. Do this before the holiday rush, not during it.

For more security tips, check out VPS Security: 6 Critical Steps to Secure Your VPS Servers

Step 2: SSH Keys Are Non-Negotiable

Password-based SSH logins are asking for trouble. Brute-force bots try millions of password combinations. Eventually, they might guess yours.

SSH keys eliminate this risk entirely. Generate a key pair, copy the public key to your server, disable password authentication.

This takes 10 minutes to set up, and saves you from countless attack attempts.

# Generate SSH key on your local machine
ssh-keygen -t rsa

# Copy it to your server
ssh-copy-id user@your-server-ip

Once you've verified the key works, disable password logins.

For more, check out Connecting to Your VPS with SSH and Improving SSH Safety.

Step 3: Configure Your Firewall

Every port you leave open is a potential entry point. Close everything except what you actually need.

If you're comfortable with command-line tools, nftables gives you complete control. But honestly? Most people don't need that complexity, especially during crunch time.

SSD Nodes offers a dashboard-based Advanced Firewall that handles this without SSH commands. You create rule groups, define what traffic to allow or block, and apply them to your servers. It's $2/month and processes rules at the network level before traffic even hits your VPS.

For a basic web server, your rules might look like:

• Allow TCP port 80 (HTTP) from anywhere
• Allow TCP port 443 (HTTPS) from anywhere
• Allow TCP port 22 (SSH) from your office IP only
• Drop everything else

The key is specificity. Don't leave SSH open to the entire internet if you only connect from known locations.

Detailed firewall setup guide

Step 4: Deploy fail2ban

fail2ban watches your server logs for repeated failed login attempts, then automatically blocks the offending IPs. It's incredibly effective against brute-force attacks.

Installation is straightforward:

# Ubuntu/Debian
sudo apt install fail2ban

# Rocky Linux/AlmaLinux
sudo dnf install epel-release
sudo dnf install fail2ban

# Start the service
sudo systemctl start fail2ban
sudo systemctl enable fail2ban

The default configuration works well, but you can customize ban times and retry limits in /etc/fail2ban/jail.local. Once running, fail2ban quietly blocks thousands of attack attempts without any intervention from you.

VPS API Automation: Your Secret Weapon

Manual server management doesn't scale. When you're managing multiple servers or dealing with holiday traffic, automation through the SSD Nodes API saves you hours and prevents mistakes.

Automate Deployments

If you're still manually managing your servers, you're wasting time and risking errors.

The SSD Nodes VPS API gives you programmatic control over your infrastructure. Start, stop, restart servers. Deploy operating systems. Install applications from the 1-Click catalog. Create and restore snapshots. All through simple REST API calls.

# Example: Restart a server programmatically
• curl -X POST https://api.ssdnodes.com/servers/YOUR_SERVER_ID/action/restart \
  -H "Authorization: Bearer YOUR_TOKEN"

This is particularly valuable during the holidays when you might need to scale quickly or recover from issues without manually clicking through dashboards.

The VPS API is a $2/month add-on that can integrate with automation tools like n8n or custom scripts. You can build deployment pipelines, automated testing environments, or disaster recovery systems that respond to problems without your intervention.

Complete API documentation and examples

Automate Backups

Here's a nightmare scenario: Your database corrupts during a holiday sale. You lose customer orders. You have no backup.

Don't let this happen.

Automated snapshots capture your entire server state. If something breaks, you restore to a known-good configuration in minutes. SSD Nodes provides automated daily snapshots that run without manual intervention.

But don't just set it and forget it. Test your backups. Verify you can actually restore from them. Do this before the holidays, not during a crisis.

For critical data, consider multiple backup strategies:

• Automated server snapshots for complete system recovery
• Database-specific backups for granular data restoration
• Off-server backups for disaster recovery scenarios
  

  Performance Optimization: Speed Matters More During Peak Traffic

When traffic increases, every inefficiency gets amplified. A database query that takes 200ms under normal load might take 2 seconds when you're handling 10x the traffic.

Optimize Your Database

Slow database queries are the most common performance killer. Before the holiday rush, profile your queries and optimize the worst offenders.

# Enable MySQL slow query log
• slow_query_log = 1
• slow_query_log_file = /var/log/mysql/slow-query.log
• long_query_time = 2

Review the log, identify slow queries, add appropriate indexes. This single optimization can dramatically improve performance under load.

Implement Caching

Regenerating the same content for every visitor wastes resources. Cache aggressively the following:

• Page caching: Store rendered pages and serve them directly
• Object caching: Cache database queries with Redis or Memcached
• CDN caching: Offload static assets to a content delivery network

Even basic caching can reduce your server load by 60-80%.

Monitor Resource Usage

Use the monitoring you set up earlier to identify bottlenecks before they become problems. If you notice CPU consistently hitting 80%, you might need to optimize code or upgrade your server.

Speaking of upgrading, Black Friday is the ideal time to lock in better specs if you need more capacity. The price differences can be dramatic. An 8GB server that costs $576/year at most providers runs $101/year with SSD Nodes. Over three years, that can be $1,476 in savings.

The Black Friday Advantage

Here's something most people don't think about: hosting costs compound over time.

Save $400 on hosting this year, and that's $400 saved. Lock in those savings for three years, and you're looking at $1,200+ in total savings. That's real money that goes to development, marketing, or infrastructure improvements instead of inflated hosting bills.

SSD Nodes already offers the industry's lowest VPS pricing. Sometimes 70-90% below competitors for identical specs. But Black Friday takes those prices even further.

This happens once yearly. If you're planning any infrastructure changes for 2025, timing your purchase for Black Friday means locking in the year's best rates. The prices stay fixed for your entire term. No surprise increases, no price adjustments.

The math is straightforward: A 16GB server that costs $1,152/year elsewhere runs $159/year at regular SSD Nodes pricing. That's already an 86% savings. Black Friday discounts will push that even further.

Your Pre-Holiday Checklist

Here's what you need to do before the holiday rush hits:

Security:

• ☐ Update all system packages and applications
• ☐ Set up SSH keys and disable password authentication
• ☐ Configure firewall rules (close unnecessary ports)
• ☐ Install and configure fail2ban
• ☐ Enable two-factor authentication on your dashboard
• ☐ Review database access controls

Monitoring:

• ☐ Set up resource monitoring (CPU, RAM, disk, network)
• ☐ Configure alerts for critical thresholds
• ☐ Document your baseline metrics under normal load
• ☐ Test alert notifications actually reach you

Backups:

• ☐ Enable automated snapshots
• ☐ Verify you can restore from backups
• ☐ Document your restoration procedure
• ☐ Set up off-server backup copies for critical data

Performance:

• ☐ Optimize database queries
• ☐ Implement caching where appropriate
• ☐ Load test your applications
• ☐ Identify and fix bottlenecks

Automation:

• ☐ Set up API access for programmatic control
• ☐ Create deployment scripts for common tasks
• ☐ Build automated recovery procedures
• ☐ Test your automation actually works

Capacity Planning:

• ☐ Review current resource usage
• ☐ Calculate expected holiday traffic increases
• ☐ Plan upgrades if needed
• ☐ Watch for Black Friday hosting deals

The Bottom Line

Holiday server management doesn't require expensive enterprise tools or a dedicated DevOps team. You need solid fundamentals: monitoring that catches problems early, security that stops obvious attacks, automation that handles repetitive tasks, and backups that actually work.

Implement these strategies now, while things are calm. Test everything. Verify it works. Then when Black Friday traffic hits, you're prepared instead of panicking.

And about that Black Friday timing: if you've been thinking about upgrading servers, adding capacity, or just locking in better pricing for the year ahead, the next few weeks here at SSD Nodes will hold something that is unmatched in the VPS market. Check out our deals here.

In this comprehensive installation guide, you'll learn how to install n8n on a VPS using Docker, configure automatic SSL certificates with Caddy, and get your workflow automation platform running securely.

Easiest Way to Install and Deploy n8n on a VPS with HTTPS

If you're looking for the fastest way to get n8n VPS hosting up and running on Ubuntu 24.04, here are the essential commands:

# Install Docker (follow official Docker docs)
sudo apt update

# Create n8n data volume
docker volume create n8n_data

# Run n8n container
docker run -d --rm \
 --name n8n \
 -p 5678:5678 \
 -e GENERIC_TIMEZONE="America/New_York" \
 -e TZ="America/New_York" \
 -e N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true \
 -e N8N_RUNNERS_ENABLED=true \
 -e VUE_APP_URL_BASE_API=https://n8n.yourdomain.com/ \
 -e N8N_EDITOR_BASE_URL=https://n8n.yourdomain.com/ \
 -e WEBHOOK_URL=https://n8n.yourdomain.com/ \
 -e WEBHOOK_BASE_URL=https://n8n.yourdomain.com/ \
 -e WEBHOOK_TUNNEL_URL=https://n8n.yourdomain.com/ \
 -v n8n_data:/home/node/.n8n \
 docker.n8n.io/n8nio/n8n

# Install and configure Caddy
sudo apt install caddy
sudo nano /etc/caddy/Caddyfile  # Add your configuration
sudo systemctl restart caddy

Using Caddy and Docker is the easiest way to install and deploy n8n. For detailed instructions, including configuration options and troubleshooting tips for how to install n8n on VPS, continue reading below.

What is n8n VPS?

Before diving into the installation, let's quickly clarify what n8n means. n8n is a powerful, open-source workflow automation tool that lets you connect different apps and services together. When you deploy n8n on a VPS (Virtual Private Server), you get complete control over your automation platform, with full data privacy, customization options, and the ability to scale as your needs grow.

Unlike cloud-hosted solutions, a VPS gives you total ownership of your data and workflows, making it perfect for businesses with specific security requirements or those who want to avoid recurring subscription costs.

n8n VPS Requirements

To follow this tutorial and successfully install n8n on a VPS, you'll need:

• Ubuntu 24.04 with root or sudo access (If you haven't noticed, SSD Nodes offers the most affordable and reliable Ubuntu servers in the world. Our NVMe VPS options provide lightning-fast performance for your n8n workflows). You can follow this SSH guide to connect to your VPS.
• Domain name pointing to your server's IP address (e.g., n8n.yourdomain.com)
• Open firewall ports: 80 (HTTP), 443 (HTTPS), and 5678 (n8n default port)
• Basic familiarity with command-line operations

Note: Before proceeding with the installation, ensure that TCP ports 80, 443, and 5678 are open on your server's firewall. Port 80 allows the initial domain verification for SSL certificates, port 443 is needed for serving encrypted HTTPS traffic, and port 5678 is n8n's default application port.

Understanding n8n webhook_tunnel_url Meaning

Before we start with the easiest way to deploy n8n on a VPS, you'll first need to understand the meaning of webhook_tunnel_url in n8n. This configuration setting is crucial for testing and development workflows.

The webhook_tunnel_url is an n8n environment variable that enables webhook functionality during local development or testing phases. When you're building automation workflows that rely on external services sending data to your n8n instance via webhooks, the webhook_tunnel_url creates a publicly accessible URL that tunnels to your local or development environment.

In a production VPS deployment with a proper domain and HTTPS (which we'll cover in this guide), you typically won't need to configure the webhook_tunnel_url since your n8n instance will already be accessible via your domain name. However, understanding this concept helps you troubleshoot webhook-related issues and appreciate why having a proper VPS deployment with a dedicated domain is the superior approach for production workflows.

The webhook_tunnel_url becomes particularly relevant when you're developing locally and need to test webhooks from services like Stripe, GitHub, or Slack before deploying to your VPS. Once your n8n instance is running on a VPS with HTTPS (as we'll show you), your actual domain becomes your webhook URL, eliminating the need for tunnel configurations.

Now let's get to deploying n8n!

Step 1: Install Docker on Your VPS

To run n8n on your server efficiently, you'll use Docker, which provides a clean, isolated environment for your n8n instance. First, update your package repositories to ensure you're working with the latest available software:

sudo apt update

Next, follow the official instructions from Docker to install Docker Engine. Docker's official documentation provides the most up-to-date and reliable installation method for Ubuntu 24.04.

After Docker is installed, add your user to the docker group (optional, but recommended to run docker without sudo):

sudo usermod -aG docker $USER
newgrp docker

This step allows you to run Docker commands without needing sudo every time, making your workflow more efficient.

Now, start and enable Docker to run automatically on system boot:

sudo systemctl start docker
sudo systemctl enable docker

You can verify Docker is running correctly by checking its status:

sudo systemctl status docker

Step 2: Run n8n with Docker

Now that Docker is installed, it's time to deploy n8n on your VPS. First, create a persistent volume for n8n data. This ensures your workflows, credentials, and settings are preserved even if the container is stopped or restarted:

docker volume create n8n_data

Next, run the n8n container with all necessary configuration. We'll start with an interactive mode first to verify everything works:

docker run -it --rm \
 --name n8n \
 -p 5678:5678 \
 -e GENERIC_TIMEZONE="America/New_York" \
 -e TZ="America/New_York" \
 -e N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true \
 -e N8N_RUNNERS_ENABLED=true \
 -e VUE_APP_URL_BASE_API=https://n8n.yourdomain.com/ \
 -e N8N_EDITOR_BASE_URL=https://n8n.yourdomain.com/ \
 -e WEBHOOK_URL=https://n8n.yourdomain.com/ \
 -e WEBHOOK_BASE_URL=https://n8n.yourdomain.com/ \
 -e WEBHOOK_TUNNEL_URL=https://n8n.yourdomain.com/ \
 -v n8n_data:/home/node/.n8n \
 docker.n8n.io/n8nio/n8n

Important: Replace "America/New_York" with your timezone. Find yours from this page. Also, replace n8n.yourdomain.com with your actual domain name throughout all the environment variables.

You should see output indicating that the editor is now accessible:

Editor is now accessible via:
http://localhost:5678

This interactive mode (-it) is useful for testing, but for production n8n VPS hosting, you'll want to run the container in detached mode. Stop the current container (Ctrl+C) and run it again with the -d flag:

docker run -d --rm \
 --name n8n \
 -p 5678:5678 \
 -e GENERIC_TIMEZONE="America/New_York" \
 -e TZ="America/New_York" \
 -e N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true \
 -e N8N_RUNNERS_ENABLED=true \
 -e VUE_APP_URL_BASE_API=https://n8n.yourdomain.com/ \
 -e N8N_EDITOR_BASE_URL=https://n8n.yourdomain.com/ \
 -e WEBHOOK_URL=https://n8n.yourdomain.com/ \
 -e WEBHOOK_BASE_URL=https://n8n.yourdomain.com/ \
 -e WEBHOOK_TUNNEL_URL=https://n8n.yourdomain.com/ \
 -v n8n_data:/home/node/.n8n \
 docker.n8n.io/n8nio/n8n

You should receive a container ID similar to this:

af1eb22262acc60fc205b80e57ad76b3c50909f83d0036e4921db517ba95ec6f

This long alphanumeric string is your container's unique identifier, confirming that n8n is now running in the background.

To verify that n8n is running correctly, test it with curl:

curl localhost:5678

You'll see output that mentions JavaScript is required, which is perfectly normal and indicates n8n is responding:

This confirms that n8n is successfully running on port 5678 and ready to be accessed through a web browser.

Step 3: Install and Configure Caddy for Automatic HTTPS

Now that n8n is running, you need to set up HTTPS to secure your connection. Caddy makes this incredibly easy by automatically obtaining and renewing Let's Encrypt SSL certificates. This is one of the key advantages of this easy n8n deployment method.

First, install Caddy:

sudo apt update
sudo apt install caddy
caddy version

The caddy version command confirms that Caddy is installed correctly and shows you which version you're running:

Next, configure Caddy to reverse proxy requests to your n8n instance and handle SSL certificates automatically. Open the Caddyfile:

sudo nano /etc/caddy/Caddyfile

Add this configuration at the top of the file:

{
    email your-email@example.com
}
n8n.yourdomain.com {
    reverse_proxy localhost:5678
}

Important: Replace your-email@example.com with your actual email address (this is used by Let's Encrypt to send certificate expiration notices) and n8n.yourdomain.com with your actual domain name.

Your complete Caddyfile configuration should look like this:

{
    email your-email@example.com
}
:80 {
    # Set this path to your site's directory.
    root * /usr/share/caddy
    # Enable the static file server.
    file_server
    # Another common task is to set up a reverse proxy:
    # reverse_proxy localhost:8080
    # Or serve a PHP site through php-fpm:
    # php_fastcgi localhost:9000
}
n8n.yourdomain.com {
    reverse_proxy localhost:5678
}

Save and close the file (Ctrl+X, then Y, then Enter in nano).

Step 4: Start Caddy and Enable Automatic HTTPS

With your Caddyfile configured, it's time to start Caddy and let it work its magic. Enable and restart Caddy:

sudo systemctl restart caddy
sudo systemctl enable caddy

The restart command applies your new configuration, while enable ensures Caddy starts automatically when your server reboots.

Check if everything is working correctly:

sudo systemctl status caddy

You should see output indicating that Caddy is active and running:

● caddy.service - Caddy
     Loaded: loaded (/usr/lib/systemd/system/caddy.service; enabled)
     Active: active (running) 

If you see "active (running)" in green text, congratulations! Caddy is now running and has automatically obtained an SSL certificate for your domain.

Step 5: Access Your n8n Instance with HTTPS

Now for the moment of truth! Visit https://n8n.yourdomain.com in your browser (remember to replace with your actual domain name).

You should see:

• Automatic HTTPS with a green lock icon in your browser's address bar.
• n8n login/setup page ready for you to create your first account

Congratulations! You've successfully deployed n8n on your VPS with automatic HTTPS encryption. Your workflow automation platform is now secure, production-ready, and accessible from anywhere in the world.

Troubleshooting Common n8n VPS Installation Issues

Even with the easiest way to deploy n8n on a VPS, you might occasionally run into issues. Here are solutions to the most common problems:

502 Bad Gateway Error

If you see a 502 Bad Gateway error when accessing your domain:

• Check if n8n is running: docker ps (you should see the n8n container listed)
• Check Caddy logs: sudo journalctl -u caddy -f (look for error messages)
• Verify DNS: dig n8n.yourdomain.com (ensure your domain points to the correct IP address)

Certificate Issues

If HTTPS isn't working or you see certificate warnings:

• Ensure your domain points to the correct IP (DNS propagation can take up to 48 hours)
• Check ports 80 and 443 are open: sudo ufw allow 80 && sudo ufw allow 443
• Verify the email in Caddyfile is valid (Let's Encrypt uses this for important notifications)

n8n Not Starting

If n8n refuses to start or crashes immediately:

• Check Docker logs: docker logs n8n (this shows detailed error messages)
• Ensure timezone is correct (invalid timezones can cause startup failures)
• Verify port 5678 isn't blocked by your firewall or already in use by another application

Running n8n as a Permanent Service (Recommended)

The docker run command above uses the --rm flag, which means the container is removed when it stops. For a production n8n VPS setup, you'll want n8n to run permanently and restart automatically if it crashes or your server reboots.

The best way to achieve this is using Docker Compose. Create a docker-compose file:

nano docker-compose.yml

Add the following configuration:

version: '3.8'
services:
  n8n:
    image: docker.n8n.io/n8nio/n8n
    container_name: n8n
    restart: unless-stopped
    ports:
      - "5678:5678"
    environment:
      - GENERIC_TIMEZONE=America/New_York
      - TZ=America/New_York
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
      - N8N_RUNNERS_ENABLED=true
      - VUE_APP_URL_BASE_API=https://n8n.yourdomain.com/
      - N8N_EDITOR_BASE_URL=https://n8n.yourdomain.com/
      - WEBHOOK_URL=https://n8n.yourdomain.com/
      - WEBHOOK_BASE_URL=https://n8n.yourdomain.com/
      - WEBHOOK_TUNNEL_URL=https://n8n.yourdomain.com/
    volumes:
      - n8n_data:/home/node/.n8n
volumes:
  n8n_data:
    external: true

Remember to replace the timezone and domain name with your actual values.

Now, if you're currently running n8n with the docker run command, stop it first:

docker stop n8n

Then start n8n using Docker Compose:

docker compose up -d

With this configuration, n8n will automatically restart if it crashes and will start automatically when your server reboots, ensuring maximum uptime for your workflows:

What You've Accomplished

By following this guide, you've successfully:

• Deployed n8n in Docker with persistent data storage
• Configured automatic HTTPS with Let's Encrypt via Caddy
• Set up auto-renewing SSL certificates (no manual renewals needed!)
• Created a professional subdomain setup for clean, branded access
• Built a secure, production-ready deployment that can scale with your needs

Your n8n VPS installation is now complete! You can now securely create and run workflow automations, integrate hundreds of different services, and maintain complete control over your data. With automatic HTTPS and persistent storage, you have a robust foundation for building powerful automation workflows.

FAQ

Can I install n8n on a VPS?

Absolutely! In fact, installing n8n on a VPS is one of the best ways to run n8n. It gives you complete control over your data, allows for unlimited workflows and executions (compared to cloud-hosted plans), and lets you customize your installation exactly how you need it. This tutorial shows you the easiest way to deploy n8n on VPS using Docker and Caddy.

What are the minimum n8n VPS requirements?

For basic n8n usage, you'll need at least 1GB of RAM and 10GB of storage. However, for production use, we recommend at least 2GB of RAM and 20GB of storage. The exact requirements depend on the complexity and frequency of your workflows. If you're running many simultaneous workflows or handling large amounts of data, consider upgrading to a more powerful VPS.

Is n8n VPS hosting more affordable than cloud options?

Yes, hosting n8n on your own VPS is typically much more cost-effective than cloud-hosted plans, especially as your usage grows. With a VPS, you pay a fixed monthly fee regardless of the number of workflows or executions. Plus, you get complete data ownership and privacy. Check out our affordable VPS options designed specifically for applications like n8n.

How do I secure my n8n VPS installation?

This tutorial already includes automatic HTTPS via Let's Encrypt, which encrypts all traffic to your n8n instance. Additionally, make sure to: create a strong password for your n8n account, keep Docker and your VPS updated with security patches, configure firewall rules to only allow necessary ports, and consider setting up automated backups of your n8n_data volume.

How do I backup my n8n workflows and data?

Your n8n data is stored in the Docker volume named n8n_data. You can back up this volume using Docker commands or by backing up the volume's location on disk (typically /var/lib/docker/volumes/n8n_data). For automated backups, consider setting up a cron job that regularly copies this data to a secure location or cloud storage service.

What happens when my Let's Encrypt certificate expires?

Nothing! That's the beauty of using Caddy for your n8n VPS hosting. Caddy automatically renews your Let's Encrypt certificates before they expire (typically renewing at 30 days before expiration for 90-day certificates). You don't need to do anything manually. Just ensure your server stays online and connected to the internet, and Caddy handles the rest.

In this article, we'll take agencies as an example scenario to demonstrate how n8n and the SSD Nodes API work together to automate server management without the usual scripting headaches. The same patterns apply to managing client infrastructure, running CMS applications, or handling your own development environments.

n8n integrates perfectly with the SSD Nodes API to create powerful automation workflows. The visual nature makes these workflows accessible to non-developers while providing the flexibility that technical teams need.

Note: The SSD Nodes API add-on costs only $2/month, and you only need to purchase it once to use it for all your servers.

Why Visual Workflows Matter for VPS Management

Traditional automation requires specialized knowledge. Bash scripts, CI/CD configurations, deployment tools, these are all barriers for team members who need to understand or change how things work.

Visual workflow builders like n8n flip this completely. Your marketing manager can see exactly why servers restart before demos. Your project manager can tweak client onboarding without filing a developer ticket. Your operations team can document complex procedures in ways that don't require a CS degree to parse.

The visual representation makes debugging trivial. When stuff breaks, you see exactly where it failed and what data was there. Traditional scripts hide this in log files you have to hunt down and decipher.

n8n's HTTP Request node handles the technical things automatically. Authentication, error handling, response parsing. So that your server automation workflows focus on business logic, not implementation details.

Understanding n8n Integration with the SSD Nodes API

n8n talks to the SSD Nodes API through standard HTTP requests. You use your API token for authentication and hit the same endpoints documented in our API docs. The difference is visual configuration instead of command-line tools.

Each API call becomes a node in your workflow. Nodes link together to create automation sequences that can involve way more than just server management. Email notifications, Slack messages, calendar updates, database operations. Everything integrates seamlessly.

The real advantage is combining server management with other business systems. Client meeting gets scheduled? n8n automatically prepares demo environments. Monitoring detects issues? n8n restores servers and updates project management tools simultaneously.

Use Case 1: Automated Client Demo Environment Management with n8n and our VPS API

Marketing agencies and consulting firms constantly prepare demo environments for client presentations. This usually means manual server setup, application deployment, content preparation, which is work that's repetitive and error-prone when done by hand.

n8n automates the entire demo preparation pipeline through integration with calendar systems, the SSD Nodes API, and communication tools. Client demo gets scheduled? Automation handles it without manual intervention.

The Complete Demo Workflow

A marketing agency can build this workflow to handle their client demo prep:

Trigger: New calendar event containing "demo" in the title gets created in Google Calendar

1. Extract client information from the calendar event details
2. HTTP Request to SSD Nodes API to reinstall demo server with WordPress
3. Wait node for 10 minutes to allow installation to complete
4. SSH command through n8n to deploy the agency's portfolio theme and sample content
5. HTTP Request to get the server's IP address
6. Send Slack notification to the sales team with demo URL and login credentials
7. Create follow-up reminder in project management system

The entire process takes about 15 minutes and requires zero manual work. What used to be a 30-minute task someone had to remember to do now happens automatically whenever demos are scheduled.

Implementation Details

The workflow uses n8n's Google Calendar trigger node to monitor for new events. When a qualifying event appears, the workflow extracts relevant information using JavaScript expressions within n8n.

The server reinstall happens through an HTTP Request node configured with the app you want to install, which may be WordPress in this case. Example:

• curl -X POST https://api.ssdnodes.com/servers/40077/reinstall -H "Authorization: Bearer YOUR_TOKEN" -H "Content-Type: application/json" -d "{\"reinstall_type\":\"app\",\"os_app_id\":,\"authentication\":\"pwd\"}"

Note: Replace <OS_ID> with the ID of the app or OS you want to install (which you can get by calling /apps or /operating-systems)

A wait node is important because server reinstalls take 5-10 minutes. n8n pauses workflow execution until the installation completes, then continues with configuration steps.

SSH commands run through n8n's built-in SSH node, which connects to the freshly installed server and runs deployment scripts. This ensures the demo environment gets configured exactly the same way every time.

Error handling includes Slack notifications when installations fail and automatic retry logic for temporary API failures. The workflow handles edge cases like network timeouts gracefully.

Business Impact

This automation eliminates a major stress point for the agency's sales team. Demos don't fail anymore because someone forgot to prepare the environment or made configuration mistakes under time pressure.

The consistency improves client perception significantly. Every demo shows a perfect, freshly configured environment that represents the agency's capabilities accurately.

Team productivity increases because sales people focus on client conversations instead of technical setup. The automation handles the boring work so humans can do what they do best.

Use Case 2: n8n & VPS API Multi-Channel Incident Response Automation

System failures require coordinated response across multiple tools and team members. Manual incident response is slow and error-prone, especially during off-hours when people are tired or unavailable.

n8n can create comprehensive incident response workflows that automatically detect problems, attempt recovery, and coordinate communication across your entire team. The visual workflow makes it easy for operations teams to understand and modify response procedures.

The Incident Response Pipeline

A SaaS company or Dev agency can build this workflow to handle their application server failures:

Trigger: Webhook from monitoring system (Zabbix/Nagios) indicating server failure

1. Parse incident details from webhook payload
2. Create incident ticket in Jira with severity and affected services
3. Post initial alert to #incidents Slack channel
4. HTTP Request to attempt server restart through SSD Nodes API
5. Wait 5 minutes for restart to complete
6. HTTP Request to check server status
7. If still failing, HTTP Request to restore from latest snapshot
8. Wait 10 minutes for snapshot restoration
9. HTTP Request to verify recovery
10. Update Jira ticket with resolution details
11. Send SMS to on-call engineer if recovery failed
12. Post resolution summary to Slack

This workflow tries multiple recovery strategies automatically before escalating to human intervention. Most incidents resolve without waking anyone up.

Communication Orchestration

Incident response requires coordinated communication across multiple channels and stakeholders. The n8n workflow handles this automatically:

Slack Integration: Real-time updates to incident channels with server status, recovery attempts, and resolution details.

Email Notifications: Automated summaries to management with incident timeline and impact assessment.

SMS Alerts: Critical failures that require immediate human attention trigger SMS to on-call engineers.

This ensures everyone has the information they need without flooding communication channels with unnecessary notifications.

Use Case 3: Agency Client Lifecycle Management with n8n and SSD Nodes VPS API

Web agencies manage complex client lifecycles that involve onboarding, project work, environment transitions, and offboarding. Each phase requires specific server configurations and careful coordination between team members.

n8n can orchestrate the entire client lifecycle through integration with project management systems, the SSD Nodes API, and business tools. Clients get consistent experiences while internal teams follow standardized procedures.

Complete Client Onboarding Automation

A web development agency can automate their client onboarding process through this comprehensive workflow:

Trigger: New client added to CRM system (HubSpot/Salesforce)

1. Extract client details and project requirements from CRM
2. Create project folder structure in Google Drive
3. Generate project in time tracking system (Harvest/Toggl)
4. SSD Nodes API HTTP Request to reinstall client server with appropriate stack (WordPress/LAMP/etc)
5. Wait for installation completion
6. SSH commands to configure client-specific settings and branding
7. Generate client access credentials and documentation
8. Send welcome email with project details and access information
9. Create recurring tasks in project management system
10. Schedule kickoff meeting in calendar systems

This workflow ensures every client gets identical onboarding experiences while eliminating manual setup work for the agency team.

Project Transition Management

Agencies often need to transition clients between different environments as projects progress. Development to staging, staging to production, or between different project phases all require careful server management.

The workflow handles these transitions automatically:

Clean Environment Preparation: Target environments get reinstalled with fresh configurations appropriate for the new project phase.

Data Migration: Client data and configurations transfer from old environments to new ones through automated scripts.

Access Management: User credentials and permissions update automatically to match new environment requirements.

Documentation Updates: Project wikis and documentation reflect new environment details and access procedures.

Client Offboarding and Cleanup

When client projects end, proper cleanup prevents security issues and reduces costs. The n8n workflow handles complete client offboarding:

Environment Cleanup: Servers get reinstalled to remove all client-specific data and configurations.

Access Revocation: All client credentials and team member access gets revoked systematically.

Billing Finalization: Time tracking stops, final invoices are generated, and payment systems update automatically.

Handoff Documentation: Complete environment documentation and access credentials get prepared for client delivery.

Resource Reallocation: Cleaned servers become available for new client assignments through the SSD Nodes API.

This systematic approach ensures no client data remains on agency systems.

Building Effective n8n Workflows for Your VPS Servers

Successful n8n workflows require careful planning and attention to real-world operational needs. Visual workflows can become complex quickly, so organization and error handling are critical.

n8n Workflow Design Principles

Start Simple: Begin with basic workflows that solve specific problems, then add sophistication over time. Complex workflows are harder to debug and maintain.

Error Handling: Every external API call should include error handling paths. Network failures, API rate limits, and service outages all require error handling.

Documentation: Document workflow logic and decision points. Future team members need to understand what workflows do and why.

Testing: Build workflows with manual trigger nodes for testing purposes. You need to verify workflows work correctly before connecting them to production systems.

Monitoring: Include workflow health checks that notify teams when automation fails. Silent failures are worse than no automation at all.

Integration Best Practices

Authentication Management: Store API tokens securely using n8n's credential system. Never hardcode authentication in workflow nodes.

Rate Limit Awareness: Design workflows that respect API rate limits. Include appropriate delays between requests and error handling for limit violations.

Data Validation: Validate incoming data before using it in API calls. Bad data from triggers can cause workflow failures or unexpected behavior.

Rollback Procedures: Design workflows with rollback capabilities when possible. If automation causes problems, you need ways to undo changes automatically.

Communication Integration: Connect workflows to team communication systems. People need to know when automation succeeds or fails.

Getting Started with n8n and SSD Nodes API

To get started with the SSD Nodes API, log into your SSD Nodes account and look for "API Access" in the menu. Purchase a $2 subscription, then generate your first token and explore the documentation.

Setting up n8n integration with the SSD Nodes API is straightforward. You need an n8n instance (with n8n cloud or self-hosted with Docker on a VPS) plus API tokens from your SSD Nodes dashboard.

Start with read-only workflows that query server information and send notifications. This helps you understand the integration patterns without risking production systems.

Build your first automation around a real problem your team faces regularly. Manual demo preparation, client onboarding, or incident response are all great ideas for initial automation projects.

Test workflows thoroughly in development environments before connecting them to production systems. Use manual triggers and detailed logging to verify workflows behave correctly under various conditions.

The visual nature of n8n makes it easy to iterate on workflows as requirements change. You can modify automation logic without writing code or understanding complex deployment procedures.

Your servers become way more valuable when you can manage them with an API. Manual coordination doesn't scale, but API automation does.

Git and version control is probably the most important part of software development these days, and Debian is one of the most widely used operating systems among developers. No matter your current expertise level in software development, learning to use Git is extremely important for good collaboration and project management.

In this guide, I'll walk you through the process of installing and configuring Git on Debian 12 in a few steps.

Prerequisites

Before you install Git, you need:

• A Debian 12 server. Get your VPS hosting from a reputable and trustworthy provider like SSD Nodes. We offer powerful Debian servers and the best deals. Take a look at our offerings and prepare for your mind to be blown .

Check out our How to access your server using SSH guide to learn how to access your server and create a sudo user.

Step 1: Updating the System Package List

Start by updating the packages in the package manager cache to the latest available versions using the following command:

sudo apt update

Step 2: Install Git on Debian 12

Debian offers two primary ways to install Git:

1. Through the APT package manager, which is simpler and faster.
2. Compiling Git from source (which provides more control over the version you install). We'll cover both methods below.

Install Git Using APT

The easiest way to install Git on Debian 12 is by using the APT package manager. This method installs a stable version of Git directly from Debian’s official repositories. Here’s how to do it:

sudo apt install git

Once the installation is complete, you can verify the version of Git installed by running:

git --version

Output:

git version 2.39.5

At this point, Git should be ready for use. However, if you need a more up-to-date version, you can install Git from source. To do this, follow the instructions outlined in the next section.

Install Git From Source

If you need the latest version of Git or want to customize the installation, you can compile Git from source. This method requires a few additional steps, but it allows for greater flexibility.

First, install the necessary dependencies:

sudo apt install wget dh-autoreconf libcurl4-gnutls-dev libexpat1-dev \
  gettext libz-dev libssl-dev asciidoc xmlto docbook2x install-info build-essential

Next, download the latest Git source code. Visit the Git release page and find the latest version:

Next, use the following command to download and extract it (replace 2.47.0 with the latest version number):

• wget https://www.kernel.org/pub/software/scm/git/git-2.47.0.tar.gz

tar -zxf git-2.47.0.tar.gz

cd git-2.47.0

Now, generate the configuration script for Git:

make configure

Output:

GIT_VERSION = 2.47.0
    GEN configure

Run this configuration script, specifying that the Git binaries should be installed under the /usr directory:

./configure --prefix=/usr

The output will inform you that the checks are done and the configuration files are created:

configure: creating ./config.status
config.status: creating config.mak.autogen
config.status: executing config.mak.autogen commands

Compile Git and build the documentation:

make all doc info

Finally, install Git, along with its documentation:

sudo make install install-doc install-html install-info

Verify that Git was installed successfully:

git --version

You should see a version that matches the tarball you’ve downloaded:

git version 2.47.0

Step 3: Configuring Git

Once Git is installed on your Debian 12 server, the next step is to configure it. This is important because Git needs to associate your commits with your identity. Run the following commands to set up your name and email address:

git config --global user.name "Your Name"
git config --global user.email "youremail@example.com"

These settings will be used in every Git commit you make, so make sure they are accurate. You can verify the configuration at any time by running:

git config --list

Step 4: Using Git

Now that Git is installed and configured, it’s time to start using it. Below, we’ll cover some of the most common tasks you'll perform with Git, such as cloning and creating repositories, staging and committing changes, and also managing branches.

Cloning an Existing Repository

If you want to work on an existing project, you can clone its repository. Cloning creates a local copy of the remote repository on your machine, similar to downloading a directory with its files from the web.

To clone a repository, use:

git clone https://github.com/user/repo.git

This command downloads the entire repository, including its history.

Create a New Repository

To demonstrate how to use git in a project, create a new directory and navigate to it:

mkdir myproject
cd myproject

Then, run the following command to mark this myproject directory as a Git repository:

git init

This will create a hidden .git directory, which Git uses to track changes in your project. From here, you can start adding files and making commits.

Git Staging

Before committing changes, you need to stage them. Staging allows you to choose which changes should be part of the next commit.

Changes can be in the form of new files, or modifications to existing files.

For example, let’s add a new file called index.html to your project:

touch index.html

Use git status to check the status of your Git repository:

git status

The output will be similar to the following:

This informs you that there is an untracked file called index.html with a helpful message telling you how to make it trackable.

To add this new index.html to the Git repository and make it trackable, use the git add command:

git add index.html

This adds the new file to the staging area, meaning Git is now tracking it and will include it in the next commit.

Check git status again:

On branch master

No commits yet

Changes to be committed:
  (use "git rm --cached <file>..." to unstage)
    new file:   index.html

You can also stage all new files and modifications at once by using:

git add .

This command adds all modified and untracked files to staging, preparing them for the next commit.

Committing Changes

Once your changes are staged, the next step is to commit them. Commits are snapshots of your project at a given point in time. To commit your staged changes, run:

git commit -m "Describe your changes here"

Make sure your commit message is clear and actually describes what the new code does.

Adding a Github Remote Repository and Pushing Changes

To collaborate on a project hosted on the web, such as projects on GitHub, you first need to add a remote repository after initializing your local Git repository.

The first step is to create a repository on GitHub. Go to the Create a New Repository page, and create a repository.

Once the repository is created, copy the repository URL and use it to add a remote repository to your local Git repository:

git remote add origin <repository-url>

This command sets up the connection between your local repository and the remote one.

You can check if the remote repository was added successfully by running:

git remote -v

Once you've added the remote repository and committed your changes, you can push them to the remote branch using git push:

git push -u origin main

This command pushes your commits to the main branch of the remote repository. If you're working on a different branch, replace main with the correct branch name, you may need to replace it with master in certain cases.

If you’re using Github, Git will ask for your GitHub username and password. Type in your username and enter your personal access token for the password.

To create a personal token on Github, navigate to the New personal access token page. Select the scopes that you want to control, and then click Generate Token.

You’ll be redirected to a page with your new token.

For more information, check out Managing your personal access tokens.

After using your personal access token as a password. The git push -u origin main command will give you the following output:

Enumerating objects: 3, done.
Counting objects: 100% (3/3), done.
Writing objects: 100% (3/3), 215 bytes | 215.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
To https://github.com/user/repo
 * [new branch]      main -> main
branch 'main' set up to track 'origin/main'.

Your Github repository will then host your code:

Git Branching

Git makes it easy to work on different features or fixes in isolation using branches. To create a new branch, run:

git branch <branch-name>

Then, switch to that branch with:

git checkout <branch-name>

This allows you to work on a separate branch without affecting the main project. Once your changes are ready, you can merge the branch back into the main branch. For more on branches, check out this page.

Undoing Changes

Mistakes happen, but don’t worry! Git gives you great tools to undo errors. If you want to undo changes that haven’t been committed yet, use:

git checkout -- <filename>

This will revert the specified file to the last committed state. If you need to undo a commit, you can use:

git reset --soft HEAD^

This undoes the last commit but leaves your changes in the staging area, allowing you to re-commit them after making adjustments.

For more on undoing changes with Git, check out: How to Undo Anything with Git

Step 6: Troubleshooting Common Git Issues

Sometimes, you might encounter issues while using Git. Here are some common problems and how to solve them:

• “Command not found” Error: If you receive a “git: command not found” error, it means Git isn’t installed or isn’t in your system’s PATH. Verify the installation and check your environment variables.
• Permission Denied (Public Key): This error often occurs when pushing or pulling from a remote repository like GitHub. It usually means your SSH keys aren’t configured correctly. To fix this, generate a new SSH key using ssh-keygen and add it to your GitHub account.
• Merge Conflicts: Merge conflicts happen when Git can’t automatically merge two branches because of conflicting changes. You’ll need to manually resolve the conflict by editing the files and then marking them as resolved using:

  git add 
  

  After resolving the conflict, you can commit the changes.

• Detached HEAD State: If you find yourself in a detached HEAD state, it means you’re not on a branch, but rather on a specific commit. To fix this, switch back to your branch with:

  git checkout main

These common issues are easy to fix once you understand the root cause, so don’t be discouraged if you encounter them!

Conclusion

By following this guide, you should now have a fully functional Git setup on your Debian 12 system. You've learned how to install Git, configure it, and perform essential tasks such as creating repositories, cloning, committing changes, and working with branches. We've also covered how to connect your local repository to GitHub for easy collaboration and remote backups.

Git is a powerful tool that can make managing your code much more efficient, whether you're working solo or with a team. Don’t hesitate to explore Git’s vast array of features as you grow more comfortable with it. And if you run into any issues, you now have some troubleshooting steps to guide you.

FAQ

How do I upgrade Git to the latest version on Debian 12?

To upgrade Git to the latest version on Debian 12, first check if a newer version is available through the APT package manager by running sudo apt update and sudo apt upgrade git. If no newer version is available, you can download and compile the latest Git version from source to manually update it as I’ve already explained in this tutorial.

How do I uninstall Git from Debian 12?

To uninstall Git from Debian 12, you can use the following command: sudo apt remove git. This will remove the Git package from your system. If you also want to remove configuration files and dependencies no longer needed, you can run sudo apt autoremove.

How do I configure Git to ignore specific files on Debian 12?

To configure Git to ignore specific files or directories in a repository on Debian 12, create a .gitignore file in the root of your repository. Inside this file, list the names of files or directories you want Git to ignore. For example, you can add *.log to ignore all log files or node_modules/ to ignore the node_modules directory.