I have installed nginx on an Arch Linux VPS with Vultr. I intend to use it to serve files to myself and two colleagues. I have setup three accounts for us all with login names and passwords via the .htaccess and .htpasswd files. I will also be adding a certificate with let’s encrypt before the server will be used.
The data we will be sharing is commercially sensitive. Is there anything else I need to worry about? Is there anything else I can do to harden the server?
Do yourself a favor and use a commercial provider until you have an idea of that answer yourself. Or encrypt them before upload.