If you haven’t already, I’d suggest looking at my previous post Debian 12 Baseline Hardening which will leave you with a decent foundation to build upon before adding any services.

A new blog by any self-respecting *nix sysadmin absolutely demands a “How to Set Up an NGINX Reverse Proxy” tutorial, no matter what kind of network you’ve nurtured or adopted, you’ll end up implementing one somewhere. This is probably my fifth or sixth such post—buried in long-forgotten corners of the Internet—but hey, why not do it again with a dash of modern flair?

…

In this post I’m going to outline a few hardening steps that I like to take in order to create a strong foundation on a fresh Debian 12 sever. You can use this post as a checklist to reduce attack surface before you begin adding services.

Create Non-root User

You probably already created a non-root user during the install process, though if you didn’t then it’s better to have one for daily tasks, you really don’t want root to be able to log in over SSH anyway.

…

And we’re off!

…