Securely setting up a vps with a cloud-init script and caddy for hosting a static website seems simple enough. Turns out if you never did it, it becomes harder than you thought.
Table of Contents
Getting your vps
For hosting some small static sites like a blog you can use the smallest and cheapest instance you can find. Oracle even offers a free tier for theirs. This blog is hosted on Ionos servers because they also offered cheap domains. Speaking of domain...
Make yourself a name on the net
Having access to a vps usually also includes a static ip, what you probably don't get is a domain, which you will need in order to use https and in general to be found on the internet. As I said i got mine for cheap through Ionos. There might be some sites which offer a domain for free. Alternatively you can also get a subdomain through a dyndns service, for example with duckdns.
Whatever possibility you choose, you will need to set your A record (ipv4) and if applicable AAAA record (ipv6) to the ip-adress of you vps. Once done your server will be accessible through you domain (once we set up the server).
Setting up the server
Setting up the server manually takes a lot of time and is not really reproducible. That is why I used cloud-init. Cloud-init lets you create templates that are applied to your operating system on first boot. Ionos gives the option to paste a cloud-init script when choosing which distribution to install on the vps. I chose Debian 13, which is the latest release at the time of writing. The cloud-init script I used was generated with the help of gemini, which I instructed with current best practices.