Python FastAPI Tutorial (Part 18): Deploy to a VPS - Security, Nginx, SSL, and Custom Domain
TL;DR
Corey Schafer demonstrates how to deploy a production-ready FastAPI application to a Virtual Private Server (VPS), emphasizing fundamental deployment concepts including security hardening, SSH key authentication, and health check implementation before moving to managed cloud solutions.
🚀 VPS Fundamentals & Application Readiness 2 insights
Start with VPS to learn universal deployment concepts
Beginning with manual VPS deployment teaches underlying infrastructure fundamentals that transfer to any provider (Linode, AWS, DigitalOcean) and significantly improves debugging capabilities when using managed services later.
Implement database health check endpoints
Add a health check route that executes SQLAlchemy's `text("SELECT 1")` query to verify database connectivity, returning HTTP 503 when unreachable to signal load balancers and monitoring systems to redirect traffic.
⚙️ Server Provisioning 2 insights
Select cost-effective Ubuntu LTS instances
Provision an Ubuntu 24.04 LTS server with a $5/month shared CPU plan in a geographic region closest to your users, ensuring long-term support for security updates.
Immediately update system packages
Execute `apt update && apt upgrade` upon first login to install the latest security patches and bug fixes before configuring any services.
🔒 Security Hardening & Access Control 3 insights
Create non-root user with sudo privileges
Immediately create a dedicated non-root user with sudo access to limit the 'blast radius' of potential security breaches, avoiding the unlimited system power of the root account for daily operations.
Configure ED25519 SSH key authentication
Generate modern ED25519 SSH key pairs for passwordless login, which provide superior security and performance compared to legacy RSA keys or password-based authentication methods.
Deploy code via GitHub with proper ignore rules
Push application code to GitHub with a comprehensive .gitignore file excluding sensitive .env files, then clone the repository onto the server rather than using manual file transfer methods.
Bottom Line
Master fundamental VPS deployment with SSH key authentication and non-root user security before adopting containerized solutions, as these core skills remain essential for debugging and securing any production web application.
More from Corey Schafer
View all
Python FastAPI Tutorial (Part 17): Testing the API - Pytest, Fixtures, and Mocking External Services
This tutorial demonstrates how to implement comprehensive testing for FastAPI applications using pytest with async support, covering critical setup patterns like environment variable configuration before app imports, using AsyncClient for async endpoints, mocking AWS S3 with Moto, and maintaining a separate PostgreSQL test database to ensure production parity.
Python FastAPI Tutorial (Part 16): AWS S3 and Boto3 - Moving File Uploads to the Cloud
This tutorial demonstrates how to migrate a FastAPI application from local disk storage to AWS S3 for production file uploads, covering S3 bucket setup, IAM security configuration, and Boto3 integration while maintaining separation between image processing and storage layers.
Python FastAPI Tutorial (Part 15): PostgreSQL and Alembic - Database Migrations for Production
This tutorial transitions a FastAPI application from SQLite to PostgreSQL for production readiness, implementing Alembic for database migrations to enable safe, version-controlled schema changes without data loss.
Python FastAPI Tutorial (Part 14): Password Reset - Email, Tokens, and Background Tasks
This tutorial demonstrates implementing a secure password reset flow in FastAPI using cryptographically secure hashed tokens stored in a database, asynchronous email sending via aiostmplib to prevent blocking, and Jinja2 templates for HTML emails, following security best practices like one-hour expiration and single-use validation.