Skip to content
/ vps_optimize Public

Automated Linux hardening and TCP/IP stack tuning. Enables BBR congestion control, optimizes buffers, and secures SSH for high performance.

andrewwangdev.com/2026/01/04/day3/

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AndrewWangDev/vps_optimize

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
optimize.sh
optimize.sh
 
 

Repository files navigation

Simple Security and Performance Optimization for New VPS

License: MIT Release

A comprehensive solution to securely modify the default SSH port, enable BBR acceleration, optimize TCP buffers, configure FQ queuing, and enable connection reuse to enhance TCP/IP network stack performance.

1. Modifying the SSH Port

Changing the default SSH port (22) reduces exposure to malicious scans and automated probes. However, modifying it directly can be risky; if the connection drops before the configuration is verified, you could be locked out. Follow this safe procedure:

  1. Planning and Firewall Configuration Choose an unused high-numbered port (e.g., 19220). Log in to your cloud provider's console or server firewall and add an inbound rule to allow TCP traffic on this port.

  2. Handling systemd Socket Activation (For Ubuntu 22.04+) In newer Ubuntu versions, SSH is managed via systemd socket activation. Modifying the config file directly may not take effect. You must switch back to the traditional service mode first:

    # Stop and disable socket activation mode
sudo systemctl stop ssh.socket
sudo systemctl disable ssh.socket

# Enable and start the standard SSH service
sudo systemctl enable ssh.service
sudo systemctl start ssh.service

  3. Modify SSH Configuration ```bash

    Backup the current configuration

    sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

    Edit the configuration using nano

    sudo nano /etc/ssh/sshd_config

  4. Add the New Port In the editor, find the line #Port 22. Uncomment it and add your new port on the next line (e.g., Port 19220).
    Press Ctrl+O to save and Ctrl+X to exit.

  5. Restart Service and Verify ```bash

    Restart the SSH service

    sudo systemctl restart ssh

    Verify listening status (you should see both 22 and the new port)

    ss -ntl

  6. Test Connection with the New Port DO NOT close your current SSH session! Open a new terminal window and test the connection using the new port:

    ssh -i your_key.pem -p 19220 root@your_remote_ip

    Proceed only after confirming the login is successful.

  7. Remove the Old Port Once the new port is confirmed working, remove port 22 to enhance security.

    # Edit the config again to remove or comment out Port 22
sudo nano /etc/ssh/sshd_config

# Restart SSH service
sudo systemctl restart ssh

# Verify port 22 is closed
ss -ntl

# Remove the backup file
sudo rm -f /etc/ssh/sshd_config.bak

  8. Update Firewall Rules Finally, go to your cloud provider's firewall settings and remove the inbound rule for TCP port 22.

2. VPS Optimize: One-Click Network Optimization Script

A one-click shell script designed to optimize Linux server network performance. It aims to increase throughput and reduce latency, making it ideal for new VPS instances used as web or proxy servers.

Features and Principles

The script optimizes the TCP network stack by adjusting kernel parameters (sysctl). Key optimizations include:

  • Enable BBR Congestion Control: Developed by Google, BBR (Bottleneck Bandwidth and Round-trip propagation time) significantly improves throughput in high-latency or packet-loss environments.
  • TCP Buffer Optimization: Increases TCP read/write buffers (rmem, wmem), allowing the connection to send more data without waiting for acknowledgments, thus improving efficiency.
  • Enable FQ Queue Management: Fair Queue (FQ) is an advanced packet scheduling algorithm that works in tandem with BBR to better manage traffic and reduce queuing delay.
  • Additional Network Tuning:
    • Disables IPv6 to prevent potential network issues.
    • Optimizes connection reuse (tcp_tw_reuse) and keep-alive parameters to handle high volumes of short-lived connections.

Usage

Warning: This script will overwrite your /etc/sysctl.conf file.

  1. Download the Script ```bash wget https://raw.githubusercontent.com/androwbrown/vps_optimize/main/optimize.sh

    OR
```bash
curl -O [https://raw.githubusercontent.com/androwbrown/vps_optimize/main/optimize.sh](https://raw.githubusercontent.com/androwbrown/vps_optimize/main/optimize.sh)

  2. Grant Execution Permissions ```bash chmod +x optimize.sh

  3. Run with Root Privileges The script automatically backs up your current configuration to /etc/sysctl.conf.bak.

    sudo ./optimize.sh

  4. Apply Configurations Run the following command to make the kernel parameters take effect immediately:

    sudo sysctl -p

Important Notes

  • Compatibility: Designed primarily for modern Debian/Ubuntu-based distributions. Adjustments may be required for other systems (e.g., CentOS).
  • Environment Specific: These are general optimizations and may not be the "optimal" solution for every specific network environment. Feel free to fine-tune parameters based on your needs.
  • Backup: If you encounter network issues, you can restore your original settings at any time: 
    sudo cp /etc/sysctl.conf.bak /etc/sysctl.conf
sudo sysctl -p

📄 License

This project is open-sourced under the MIT License.

About

Automated Linux hardening and TCP/IP stack tuning. Enables BBR congestion control, optimizes buffers, and secures SSH for high performance.

andrewwangdev.com/2026/01/04/day3/

Topics

tcp vps vps-setup

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

vps_optimize Latest
Jan 4, 2026

Packages

No packages published

Languages