sudo apt updatesudo apt install postgresql postgresql-contribsudo systemctl enable postgresqlsudo systemctl start postgresqlsudo -u postgres psqlCREATE USER user WITH PASSWORD '';ALTER USER user WITH SUPERUSER;CREATE DATABASE db OWNER user;Allow connections from different IPs
nano /etc/postgresql/14/main/pg_hba.conflisten_addresses = '*' # what IP address(es) to listen on;
nano /etc/postgresql/14/main/postgresql.confsudo apt purge postgresql* -y
sudo apt autoremove --purge -y
sudo rm -rf /etc/postgresql /var/lib/postgresql /var/log/postgresql
sudo rm -rf /var/run/postgresqlAllow SSH (so you can still log in)
sudo ufw allow from <YOUR_IP> to any port 22sudo ufw delete allow 22Allow HTTP/HTTPS
sudo ufw allow 80sudo ufw allow 443Enable firewall
sudo ufw enableCheck status
sudo ufw statusGenerate a key
ssh-keygen -t ed25519 -C "username"Copy to VPS
ssh-copy-id -i ~/.ssh/KEY.pub root@ipEdit ssh config
sudo nano /etc/ssh/sshd_configPasswordAuthentication no
PermitRootLogin no
PubkeyAuthentication no
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R root:root ~/.sshsudo systemctl restart sshcertbot certonly --nginx -d domaincertbot renew --dry-run# ------------------------------
# HTTP (port 80) redirect for BOTH domains
# ------------------------------
server {
listen 80;
server_name thejungle.pro;
return 301 https://$host$request_uri;
}
# ------------------------------
# HTTPS: thejungle.pro (3x-ui)
# ------------------------------
server {
listen 443 ssl;
server_name thejungle.pro;
ssl_certificate /etc/letsencrypt/live/thejungle.pro/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/thejungle.pro/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location /sub/ {
proxy_pass http://remnawave;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /redirect {
if ($arg_link) {
return 302 $arg_link;
}
return 400 "Missing 'link' parameter";
}
}