Summary Of Compass Us Vps Deployment Steps And Common Troubleshooting Methods

1.

overview and preparation

① confirm purchase information: vps account, control panel, bare metal ip and management console login address.
② verify system image: commonly used are ubuntu 20.04/22.04, centos 7/8, debian 11, etc.
③ prepare domain name and dns: make sure the domain name is manageable, obtain the dns provided by compass or use a third-party dns service (such as cloudflare).
④ ssh and keys: it is recommended to add the public key to the console and disable password login; the ssh port can be changed to other than 22 to reduce the risk of scanning.
⑤ backup strategy: enable snapshots or backup plans before deployment, and record the initial snapshot id so that problems can be quickly rolled back.
⑥ bandwidth and regional considerations: select a computer room (east coast/west coast) close to the target user, and evaluate the bandwidth peak and burst capabilities.

2.

basic system configuration (taking ubuntu 20.04 as an example)

① log in and update: ssh root@203.0.113.45; execute apt update && apt upgrade -y.
② time zone and host name: timedatectl set-timezone asia/shanghai; hostnamectl set-hostname vps-us-01.
③ create a non-root user: adduser deployer; usermod -ag sudo deployer; configure ssh key.
④ firewall basics: ufw default deny incoming; ufw default allow outgoing; ufw allow 22/tcp (or custom port); ufw enable.
⑤ security hardening: install fail2ban, close root ssh login (/etc/ssh/sshd_config permitrootlogin no) and restart the ssh service.

3.

web service deployment (nginx + php-fpm)

① install components: apt install -y nginx php8.1-fpm php8.1-mysql.
② configure the site: create a server block in /etc/nginx/sites-available/, with root pointing to /var/www/example.
③ test and enable: nginx -t; systemctl restart nginx; make sure port 80/443 is open in the security group/firewall.
④ ssl certificate: use certbot to obtain the let's encrypt certificate (certbot --nginx -d example.com -d www.example.com).
⑤ performance parameters: worker_processes auto; worker_connections 1024; enable gzip and cache headers to improve throughput.

4.

database and cache (mysql/mariadb + redis)

① installation and initialization: apt install -y mariadb-server redis-server; mysql_secure_installation completes basic security.
② remote access restrictions: set bind-address to 127.0.0.1 or use a private network to strictly limit users and source ips.
③ backup strategy: use mysqldump or percona xtrabackup to make regular backups and push them to object storage.
④ cache deployment: redis configures requirepass, and persistence uses rdb/aof according to business selection.
⑤ connection pool and optimization: adjust innodb_buffer_pool_size (example: 4gb memory machine is set to 2.5gb), enable slow query log and optimize index.

5.

network, domain name and cdn configuration suggestions

① dns resolution: add a/aaaa records and necessary cname to the domain name service provider. the ttl can be short or long depending on the debugging stage.
② reverse dns (ptr): if you need to send emails or reduce misjudgments, submit a ptr record request corresponding to the ip to compass.
③ cdn integration: it is recommended to use cloudflare or fastly to accelerate static resources and hide the real ip, reducing traffic peaks and going directly to the vps.
④ https force and hsts: force 301 redirection to https through nginx, and configure hsts (pay attention to the initial configuration with caution).
⑤ load balancing: when a single instance reaches a bottleneck, use a private network or cloud lb for horizontal expansion, database read-write separation or master-slave replication.

6.

ddos defense and security strategy

① border protection: use cloud ddos protection or upper-layer cdn (such as cloudflare) for high traffic filtering.
② firewall rules: limit ping rate, ssh only allows trusted ips, enable conntrack and syn cookies.
③ automatic ban: configure fail2ban to automatically ban ssh/nginx login violence and abnormal requests.
④ logs and alarms: centralize logs to elk/graylog, and set threshold alarms for traffic, cpu, and number of connections.
⑤ emergency response: prepare the script to switch to whitelist mode, suspend non-essential services and notify the upstream bandwidth provider.

7.

common troubleshooting and command examples

① unable to ssh: check the security group/firewall port, sshd status (systemctl status sshd), tcpdump -n port 22.
② website 502/504: check the php-fpm/nginx log (tail -n 200 /var/log/nginx/error.log; systemctl status php8.1-fpm).
③ database connection failed: check bind-address, mysqld status, netstat -tulnp | grep 3306.
④ dns resolution problem: dig +short example.com @8.8.8.8; check the domain name resolution chain and ttl.
⑤ high cpu/memory: top/htop checks the process, iotop checks the disk i/o, ss -s or netstat -anp checks a large number of connections.

8.

real cases and server configuration examples

① case overview: an e-commerce customer used compass us vps to deploy promotional activities, and needed short-term capacity expansion and ddos protection in the face of high concurrency peaks.
② initial configuration: ubuntu 20.04, 2 vcpu, 4gb ram, 80gb nvme, 1gbps traffic, public ip 203.0.113.45.
③ optimization measures: all front-end statics are cached by cloudflare cdn, nginx enables caching and gzip, and mysql adjusts innodb_buffer_pool_size=2g.
④ effect data: during the event, the peak number of concurrent connections was 12k, and the peak value of single-instance cpu was 85%. after cdn offloading, the response time dropped from 900ms to 120ms.
⑤ review suggestions: speed up the separation of reading and writing, use redis session cache, and prepare automatic expansion scripts.

9.

sample vps configuration and latency comparison table

① the following table lists typical compass us vps solutions, configurations and measured average icmp delays in eastern china (sample data).

plan	cpu	memory	disk	bandwidth	price/month	delay to east (ms)
basic	1 vcpu	1gb	25gb ssd	200mbps	$5	110
standard	2 vcpus	4gb	80gb nvme	1 gbps	$15	95
pro	4 vcpus	8gb	160gb nvme	1 gbps	$30	88

10.

operation and maintenance and long-term optimization suggestions

① regular updates and patches: check at least monthly and perform kernel and software updates during off-peak periods.
② monitoring and alarming: deploy prometheus + grafana or use third-party monitoring to set node and service level sla.
③ flexible expansion: use containerized or mirrored deployment processes, combined with automated scripts to achieve rapid expansion and rollback.
④ backup and drills: regularly drill recovery from backup and failover to ensure that rto/rpo meets business line requirements.
⑤ document and permission management: maintain deployment documents and change records, and allocate team accounts based on the principle of least privilege.