Use UFW to lock down an Ubuntu server
Any server on the public internet is bound to be attacked by bots looking for weak or leaked passwords and unsafely configured services. Even security experts can misconfigure a database, or an unwitting member of the team can accidentally open up a vulnerability, leaving your devices or network open to attack.
If you have an existing server, you can view this bot traffic by running sudo less /var/log/auth.log. If your server is like many on the web, you'll see lots of "invalid user admin" or "invalid user test".
Tailscale simplifies network security by letting you keep your servers away from the public web, while keeping it easy to connect.
The best way to secure a server with Tailscale is to accept connections from Tailscale, and ignore any public internet traffic. Since your Tailscale network is invisible, except to those in your network, attackers won't even be able to find it.
Before you begin this guide, you'll need an Ubuntu server to secure. This guide assumes you're setting up a DigitalOcean Ubuntu server, but the steps should be similar for most hosting providers and versions of Ubuntu.
