← 回總覽

使用 Tailscale 和 Cloudflare 加固新 VPS 的最佳实践

📅 2026-03-16 22:11 @levelsio 软件编程 4 分鐘 4069 字 評分: 84
VPS 安全 Tailscale Cloudflare DevOps 网络安全
📌 一句话摘要 作者建议将使用 Tailscale 进行私有 SSH 访问以及利用 Cloudflare 代理所有公共 Web 流量作为新 VPS 设置的安全基准。 📝 详细摘要 这条推文概述了设置新虚拟专用服务器(VPS)的稳健安全工作流。作者主张立即安装 Tailscale 以处理私有的 SSH(22 端口)访问,同时收紧防火墙,仅接收来自 Cloudflare IP 地址的 HTTPS(443 端口)流量。这种“零信任”方法确保服务器永远不会直接暴露在公共互联网中,显著减少了针对自动化机器人和黑客的攻击面。 📊 文章信息 AI 评分:84 来源:@levelsio(@levelsi
Skip to main content ![Image 1: LogoBestBlogs](https://www.bestblogs.dev/ "BestBlogs.dev")Toggle navigation menu Toggle navigation menuArticlesPodcastsVideosTweetsSourcesNewsletters

⌘K

Change language Switch ThemeSign In

Narrow Mode

Best Practices for Securing a New VPS with Tailscale and Cloudflare ===================================================================

Best Practices for Securing a New VPS with Tailscale and Cloudflare =================================================================== ![Image 2: @levelsio](https://www.bestblogs.dev/en/tweets?sourceId=SOURCE_f2ae0250) ### @levelsio

@levelsio

When I set up a new Hetzner VPS first thing I do install Tailscale and once I'm in via Tailscale lock down the firewall to only accept web traffic on HTTPS 443 for Cloudflare IPs and SSH 22 for Tailscale IP

That way nobody can get in

I know I keep repeating this but it should be basics of setting up a new VPS

So basic IMHO it should be part of any VPS service to default install Tailscale and enable it so it's the only way to get in

Why?

A VPS server is just like your laptop or destop computer but now imagine if it's connected to the entire internet with 8 billion people that can access it and try hack it

You want to only have it accessible to you

And if you want to host a website on your VPS (like I do), you should only let Cloudflare access your VPS so it can stand in front and block any hack attempts

Never expose a VPS to the world wide web which realistically is the world WILD web Show More

!Image 3: Areeb ur Rub

#### Areeb ur Rub

@areeburrub · 2h ago @levelsio @nfcodes I created a redis instance on hetzner with public port open for few minutes and someone was running a cryptominer the next moment taking 50% CPU 💀

After that I always use @Tailscale 👌

3

1

35

101.9K

Mar 16, 2026, 2:11 PM View on X

72 Replies

53 Retweets

1,243 Likes

123.3K Views ![Image 4: @levelsio](https://www.bestblogs.dev/en/tweets?sourceid=f2ae0250) @levelsio @levelsio

One Sentence Summary

The author recommends a security baseline for new VPS setups: using Tailscale for private SSH access and Cloudflare to proxy all public web traffic.

Summary

This tweet outlines a robust security workflow for setting up a new Virtual Private Server (VPS). The author advocates for installing Tailscale immediately to handle SSH (Port 22) access privately, while locking down the firewall to only accept HTTPS (Port 443) traffic from Cloudflare IP addresses. This 'Zero Trust' approach ensures the server is never directly exposed to the public internet, significantly reducing the attack surface against automated bots and hackers.

AI Score

84

Influence Score 407

Published At Today

Language

English

Tags

VPS Security

Tailscale

Cloudflare

DevOps

Cybersecurity HomeArticlesPodcastsVideosTweets

Best Practices for Securing a New VPS with Tailscale and ... ===============

查看原文 → 發佈: 2026-03-16 22:11:23 收錄: 2026-03-17 00:00:55

🤖 問 AI

針對這篇文章提問,AI 會根據文章內容回答。按 Ctrl+Enter 送出。