HOW TO SECURE YOUR RAW DOG VPS SERVER - Disable password auth, use only key-based auth (both Hetzner and Digital Ocean do this by default usually) - Install fail2ban on SSH - Enable unattended-upgrades with auto reboot - Enable firewall in Hetzner/Digital Ocean dashboard and only allow a few ports like 443 for HTTPS and your SSH port - If you really wanna be safe in your firewall only allow SSH from your own home IP (but annoying cause your home IP can change and you might travel), alternative then is install Tailscale and only allow from Tailscale IPs - Use LetsEncrypt certbot for SSL (HTTPS) - Change SSH port number (obscurity but helps) - Uninstall Apache, install Nginx - Ask Claude Code or Cursor CLI to security audit its own code regularly Most important: - ALWAYS hire a professional security auditor before you handle real user data or go into production! Don't be another Tea app!