TetsuVPS is a security automation platform I built to solve a common problem when deploying applications to VPS servers: server hardening. Kamal is a deployment tool that ships Docker containers to any server. While it handles deployment, it leaves security configuration entirely up to developers. TetsuVPS bridges this gap by providing one-click enterprise-grade security hardening.
The Problem
When deploying applications to a VPS, developers typically start with a fresh Ubuntu server. Most developers don't know which security measures to implement, how to configure them correctly, or how to verify they're working.
Manual server hardening requires:
- Setting up UFW firewall rules correctly
- Hardening SSH configurations
- Managing AppArmor security profiles
- And much more
This process demands deep security expertise and hours of configuration—time that indie developers and small teams simply don't have. Even worse, incorrect configuration can break application networking or interfere with deployments.
The Solution
TetsuVPS automates the entire security hardening process using the dev-sec.io framework—the same open-source security baseline trusted by Fortune 500 companies. I adapted this framework to work seamlessly with containerized deployments, ensuring security configurations never break Docker networking or deployment workflows.
Getting Started
TetsuVPS can be easily installed on any VPS by running a single bash command. This command fetches the installation script from my server and sets up the TetsuVPS agent on your server.
Once installed, you can start a security scan to identify vulnerabilities across 130+ automated checks. The scan runs through all security configurations and identifies what needs to be fixed.
Scan Results
After the scan completes, you'll see a detailed breakdown of security issues found on your server. The dashboard shows passed checks, failed checks, and exactly what needs attention.
As you can see in the example above, the server had 28 passed checks but also 28 failed security checks. Each failed check represents a potential vulnerability that needs to be addressed.
One-Click Hardening
Instead of manually fixing each issue, TetsuVPS allows you to fix all identified vulnerabilities with a single click. When you click "Start Hardening", TetsuVPS applies Ansible configurations that implement all the necessary security fixes automatically.
The hardening process runs through each security configuration, applying proven dev-sec.io baselines to secure your server. This includes configuring firewalls, hardening SSH, setting up fail2ban, and much more.
Results After Hardening
After the hardening process completes, running another scan shows the dramatic improvement. All previously failed checks are now passing, bringing your server from 50% security compliance to 100%.
The scan now shows 55 passed checks with 0 failures. Your server is now protected with enterprise-grade security configurations, all applied automatically without any manual intervention.
Technical Implementation
TetsuVPS implements security standards from:
- dev-sec.io hardening framework - Battle-tested security baselines used by enterprises
- Ubuntu Security Features - Official Ubuntu security recommendations
- NSA Guide to Secure Configuration - Government-grade security standards
The key technical challenge was making enterprise security work seamlessly with containerized deployments. Traditional security hardening often conflicts with Docker's networking requirements. I solved this by:
- Pre-configuring dev-sec.io profiles for Docker compatibility
- Preserving Docker networking and port accessibility
- Ensuring container operations remain unaffected
- Testing against real deployment scenarios
Unlike manual implementation requiring Ansible, InSpec, and Python expertise, TetsuVPS handles everything through a simple web interface. No playbooks to debug, no environments to manage, no profiles to write.
Key Features
Free Security Scanning
- No credit card required for vulnerability scans
- 130+ automated security checks
- Clear, actionable results dashboard
- Regular re-scanning to monitor security posture
One-Click Hardening
- Enterprise-grade security applied in seconds
- Docker-aware configurations that preserve deployment workflows
- Based on proven dev-sec.io framework
- Automatic fail2ban, UFW, SSH, and AppArmor configuration
Container-Friendly Design
- Built for containerized deployment patterns
- Tested compatibility with Docker networking
- Maintains port accessibility for your applications
- No interference with container operations
Target Audience
TetsuVPS is designed for:
- Indie developers deploying to VPS who lack dedicated security teams
- Small startups deploying production applications
- Development teams wanting enterprise security without enterprise complexity
- Anyone managing their own servers who needs production-ready security
Business Model
The platform follows a freemium model:
- Free tier - Unlimited security scans with no credit card required
- Paid tier - One-click remediation and automated hardening
This approach lets developers understand their security vulnerabilities for free, then upgrade when they're ready to fix them automatically.
Tech Stack
- React - Frontend
- Laravel - Backend
- Ansible - For automated fixes
- Ruby/InSpec - To test for vulnerabilities
- Docker - Containerized deployment
Challenges & Learnings
Making Enterprise Security Accessible The biggest challenge was taking complex enterprise security frameworks and making them accessible to developers without security expertise. I focused on clear visualizations, plain-language explanations, and removing all technical barriers to implementation.
Docker Compatibility Ensuring security hardening doesn't break containerized deployments required extensive testing. I had to understand both the dev-sec.io framework deeply and how Docker networking operates, then find the sweet spot where they work together perfectly.
Impact
TetsuVPS democratizes enterprise-grade security for VPS deployments. It enables indie developers and small teams to deploy with the same security standards used by Fortune 500 companies, without needing dedicated security engineers or spending hours on manual configuration.
Links
Launched June 2025