CT
ChinaDigitalTools
Blog
Guide12 min readMay 2026

Deploy a Website on Tencent Cloud: Step-by-Step Tutorial (2026)

Share

Deploying a website on Tencent Cloud is one of the most cost-effective ways to get your project online in Asia. Whether you're building a personal blog, a portfolio, or a production application, Tencent Cloud's Cloud Virtual Machine (CVM) gives you full control at a fraction of the cost of AWS or Azure. In this tutorial, we'll walk through every step — from creating your account to serving your site over HTTPS with a valid SSL certificate.

By the end of this guide, you'll have a fully functional website running on Ubuntu 22.04 with Nginx, a free Let's Encrypt SSL certificate, and basic security hardening. Let's get started.

Step 1: Create a Tencent Cloud Account

Head over to the Tencent Cloud official website and sign up for an account. You'll need a valid email address and phone number for verification. Tencent Cloud requires real-name authentication for all users, so have your ID or passport ready.

Once registered, navigate to the CVM (Cloud Virtual Machine) section from the product menu. New users often qualify for a free trial or significant discounts on their first CVM instance, so check the promotions page before purchasing.

Step 2: Launch a CVM Instance (Seoul Region, Ubuntu 22.04)

Click Create Instance in the CVM console. Use the following configuration for the best balance of performance and cost:

  • Region: Seoul (ap-seoul) — low latency to both China and Japan, excellent network quality
  • Model: Standard S5 (1 vCPU, 1 GB RAM) — sufficient for most static sites and small apps
  • Image: Ubuntu 22.04 LTS (Public Image)
  • Storage: 50 GB Premium Cloud Disk
  • Bandwidth: Pay-by-traffic, 5 Mbps cap
  • Security Group: Allow inbound ports 22 (SSH), 80 (HTTP), and 443 (HTTPS)

Set a strong root password or upload your SSH public key during setup. After the instance is created, note the public IP address from the CVM dashboard — you'll need it for the next step.

Step 3: Connect via SSH

Open your terminal and connect to the server using the public IP address:

ssh root@your_server_ip

If you set a password during instance creation, you'll be prompted to enter it. If you uploaded an SSH key, the connection should authenticate automatically. On your first connection, you'll see a host key verification prompt — type yes to continue.

Once connected, you should see the Ubuntu welcome banner. You're now inside your server.

Step 4: Update System and Basic Security

First things first — update all system packages to the latest versions:

sudo apt update && sudo apt upgrade -y

This may take a few minutes depending on available updates. Next, install some essential tools:

sudo apt install -y curl wget git ufw

Create a non-root user for daily operations. Running everything as root is a security risk:

adduser deploy
usermod -aG sudo deploy

Switch to the new user to verify it works:

su - deploy

Step 5: Install Nginx

Nginx is a lightweight, high-performance web server that powers a huge portion of the internet. Install it with:

sudo apt install nginx -y

After installation, Nginx should start automatically. Verify it's running:

sudo systemctl status nginx

You should see active (running) in green. Open your browser and navigate to http://your_server_ip — you should see the default Nginx welcome page.

Enable Nginx to start on boot:

sudo systemctl enable nginx

Step 6: Deploy Your Static Website

Nginx serves files from /var/www/html by default. Let's set up a proper site directory:

sudo mkdir -p /var/www/mywebsite
sudo chown -R $USER:$USER /var/www/mywebsite

Create a simple index page to test:

cat > /var/www/mywebsite/index.html << 'EOF'
<!DOCTYPE html>
<html>
<head>
  <title>My Website</title>
</head>
<body>
  <h1>Hello from Tencent Cloud!</h1>
  <p>Successfully deployed on CVM with Nginx.</p>
</body>
</html>
EOF

Now create an Nginx server block configuration:

sudo tee /etc/nginx/sites-available/mywebsite > /dev/null << 'EOF'
server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;

    root /var/www/mywebsite;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}
EOF

Enable the site by creating a symlink and disabling the default:

sudo ln -s /etc/nginx/sites-available/mywebsite /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default

Test the configuration and reload Nginx:

sudo nginx -t
sudo systemctl reload nginx

If you see syntax is ok and test is successful, your site is now live. For deploying a React, Next.js, or other framework build, simply copy the build output to /var/www/mywebsite using scp or rsync:

# From your local machine
scp -r ./dist/* deploy@your_server_ip:/var/www/mywebsite/

Step 7: DNS Setup

To point your domain to the server, configure DNS records at your domain registrar or Tencent Cloud's DNSPod (which is free and excellent for domains targeting Chinese users).

Add the following A records:

  • Host: @Value: your_server_ip (TTL: 600)
  • Host: wwwValue: your_server_ip (TTL: 600)

DNS propagation usually takes a few minutes but can take up to 48 hours in rare cases. Verify with:

dig yourdomain.com +short

Once the output shows your server IP, DNS is working. You should be able to visit http://yourdomain.com and see your website.

Step 8: SSL Certificate with Certbot

A valid SSL certificate is essential for security and SEO rankings. Let's Encrypt provides free certificates via the Certbot tool. Install it:

sudo apt install certbot python3-certbot-nginx -y

Obtain and install the SSL certificate:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Certbot will prompt you for an email address (for renewal notifications) and ask whether to redirect HTTP to HTTPS. Choose Redirect to ensure all traffic uses HTTPS.

Certbot automatically sets up automatic renewal via a systemd timer. Verify the renewal timer:

sudo systemctl list-timers | grep certbot

You can also do a dry run to confirm renewal works:

sudo certbot renew --dry-run

Your site is now accessible over HTTPS with a valid certificate. Visit https://yourdomain.com and verify the padlock icon in your browser.

Step 9: Security Hardening

A fresh server needs hardening before it's production-ready. Let's lock things down.

Configure UFW Firewall

UFW (Uncomplicated Firewall) makes iptables management simple. Set up the firewall to only allow necessary traffic:

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Verify the rules:

sudo ufw status verbose

Disable Password Authentication and Use SSH Keys

Password-based SSH login is vulnerable to brute-force attacks. Switch to key-based authentication. First, copy your public SSH key to the server (run this from your local machine):

ssh-copy-id deploy@your_server_ip

Then edit the SSH daemon configuration:

sudo nano /etc/ssh/sshd_config

Apply these changes:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

Restart SSH to apply:

sudo systemctl restart sshd

Important: Before closing your current session, open a new terminal and verify you can still SSH in with your key. Do not disconnect until you've confirmed access works.

Install Fail2Ban

Fail2Ban automatically blocks IPs that show malicious signs, such as too many failed login attempts:

sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

The default configuration works well out of the box for SSH protection. Check the status:

sudo fail2ban-client status sshd

Automatic Security Updates

Enable automatic security updates so your server stays patched:

sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure -plow unattended-upgrades

Select Yes when prompted. Security updates will now be installed automatically.

Final Verification

Let's verify everything is working correctly. Run through this checklist:

  • Visit https://yourdomain.com — should load your site with a valid SSL certificate
  • Visit http://yourdomain.com — should redirect to HTTPS
  • SSH as root — should be denied
  • SSH with password — should be denied
  • Check firewall: sudo ufw status — only ports 22, 80, 443 should be open

Summary

Congratulations! You've successfully deployed a website on Tencent Cloud with a complete production setup. Here's what you've accomplished:

  • Created and configured a CVM instance on Tencent Cloud Seoul region
  • Installed and configured Nginx to serve your website
  • Set up DNS records to point your domain to the server
  • Secured your site with a free Let's Encrypt SSL certificate via Certbot
  • Hardened the server with UFW firewall, SSH key authentication, Fail2Ban, and automatic security updates

The total cost for this setup can be as low as $4–5/month with Tencent Cloud's promotional pricing for a 1-core, 1GB instance. For higher traffic sites, consider upgrading to a 2-core instance with 4GB RAM, which still comes in under $15/month.

If you found this guide helpful, check out our other tutorials on cloud deployments and VPS comparisons. Happy deploying!

Share

Ready to launch? Our Seoul VPS Setup Guide gives you the complete playbook — 9 chapters, 4 automation scripts, and lifetime updates.

Get the Seoul VPS Setup Guide — $19