Skip to main content
New UniFi OS Server Hosting now available — Learn More »
Home
Partners Get a Quote

The Definitive Guide to Hosting Your Own Bondix Server (2026 Edition)

Update / release notes: Guide originally published 2024 — fully rebuilt and updated July 2026. We keep this guide current as packages and versions change. If you hit a step that doesn’t work, get in touch and we’ll fix it.

This is the definitive guide to setting up, securing and hosting your own Bondix server, so you can start bonding multiple connections on your Teltonika routers (or, with the new Bondix Universal Client, on supported OpenWrt hardware).

In this guide we’ll set up a Bondix server on an Ubuntu LTS virtual server using DigitalOcean (we’ve confirmed every step also works identically on Vultr), harden the server, install Bondix, and finish with a Let’s Encrypt SSL certificate that renews automatically.

This guide is the written companion to our video walkthrough — watch the full “How to Set Up & Secure Your Own Bondix Server” video below, or read on.

How to Set Up & Secure Your Own Bondix Server — video walkthrough

Rather not do any of this? We host Bondix tunnels for you from £20/month — you just connect your router: SimpliWiFi Bondix Hosting.

Before you start

You’ll need an account with a hosting provider. We use both of these in production:

You’ll also need:

A note on server sizing: the $6/month entry droplet (1 vCPU, 1GB RAM, 1TB transfer) is plenty for a single tunnel. If you’re planning multiple tunnels, size the server properly first — we cover exactly how in our server sizing video, including the 50MB-RAM-per-tunnel rule and the 50% headroom we build into our own hosted farms.

Part 1 — Create the virtual server

Log into DigitalOcean, go to Droplets in the left-hand menu, and click Create Droplet. Work through the options:

Region — pick the datacentre closest to you (or your client). We’re using London.

Image — choose Ubuntu, and select the current LTS release (24.04 LTS at the time of writing; the steps are identical on 22.04 LTS). Don’t pick the newest non-LTS release — LTS is what we’ve done countless Bondix installations on, and it’s rock solid.

Size — Basic shared CPU, regular disk, $6/month (1 vCPU / 1GB RAM / 25GB disk / 1TB transfer). Fine for one tunnel; see the sizing video above for more.

Backups — optional, but if this is going to be a production server, enable automatic backups. It costs very little and a production server should always have some form of backup.

Authentication — set a strong root password. We’ll be locking this account down later, but you need it for the initial setup. Don’t lose it.

Hostname — this matters. The hostname you set here is the address you’ll use to reach the Bondix web interface, and it’s what the SSL certificate will be issued against. Use a fully-qualified domain name on a domain you control, e.g. bondix.yourdomain.com. In our example we’re using bondix-test.simpliwifi.cloud.

Tags are optional — useful if you run a lot of servers, but the hostname is usually enough. Click Create Droplet. It takes 20–30 seconds to spin up.

⚠️ Once you have your IP address — STOP. Go no further until you’ve done Part 2.

Part 2 — Create the DNS A record

Take the public IPv4 address of your new server and go to your DNS provider. Create an A record matching the hostname you set in Part 1:

Type: A
Name: bondix-test          (i.e. the host part of bondix-test.simpliwifi.cloud)
Value: <your server's public IPv4 address>

If this is a brand-new domain, propagation can take up to 72 hours. On an established domain it’s usually under an hour. The Let’s Encrypt step later in this guide will fail if this record hasn’t propagated, so get it in now.

Part 3 — First login and system updates

SSH into the server as root using the IP address (PuTTY on port 22, or ssh root@<ip> from a terminal). DigitalOcean also provides a browser console from the droplet page if you prefer.

First job: bring the server fully up to date.

sudo apt update
sudo apt upgrade -y

This updates the package sources and applies all pending patches and security updates. It can take a few minutes on a fresh image. When it’s done, reboot and log back in:

sudo reboot

Part 4 — Create an admin user

Don’t run everything as root. Create a dedicated admin user — we’ll call ours bondixadmin:

sudo adduser bondixadmin

Set a strong password when prompted (the extra fields — full name, etc. — can be skipped with Enter). Now give the new user sudo privileges, so it can elevate to root when needed:

sudo usermod -aG sudo bondixadmin

From here on, log in as bondixadmin rather than root.

Part 5 — Change the SSH port

Port 22 gets hammered by automated attacks the moment a server appears online. Changing the port won’t stop a determined attacker, but it dramatically cuts the background noise and load from drive-by attempts.

Edit the SSH config:

sudo nano -w /etc/ssh/sshd_config

Find the line #Port 22, uncomment it (remove the #) and change it to your chosen port — we use 2222:

Port 2222

Save and exit (CTRL+X, Y, Enter), then reload SSH:

sudo systemctl reload sshd

Keep your current session open and test a new connection on port 2222 before you disconnect — if anything’s wrong, you can still fix it from the live session. Note that the firewall rule for port 2222 comes in the next step; on some provider images UFW is pre-enabled, in which case add the firewall rule from Part 6 before reloading SSH.

Part 6 — Configure the UFW firewall

Bondix needs a small, specific set of ports open:

PortProtocolPurpose
80TCPLet’s Encrypt certificate issuance/renewal
443TCPBondix secure web interface
44343UDPBondix server → client tunnel traffic
2222TCPOur relocated SSH port

Add the rules:

sudo ufw allow http
sudo ufw allow https
sudo ufw allow 44343/udp
sudo ufw allow 2222/tcp

Note the tunnel port is UDP — the /udp matters. Now enable the firewall:

sudo ufw enable

It will warn that the command may disrupt existing SSH connections — say yes (our SSH rule is already in). Verify:

sudo ufw status

You should see all four rules listed for both IPv4 and IPv6.

Part 7 — Set the timezone

Hosting provider images often ship with the wrong timezone, which makes logs and real-time data confusing to read. Fix it:

sudo dpkg-reconfigure tzdata

Select your region and city (Europe → London for us) using the arrow keys, TAB and Enter.

Part 8 — Automatic package cleanup

As updates are applied over time, old package versions accumulate and slowly eat disk space. Clean up now:

sudo apt autoremove -y

And schedule it to run monthly so you never think about it again:

sudo sh -c 'echo "sudo apt autoremove -y" >> /etc/cron.monthly/autoremove'
sudo chmod +x /etc/cron.monthly/autoremove

The second command makes the cron file executable — without it, the job silently never runs.

Part 9 — Install the Bondix server

Now the easy bit. Download the official Bondix server installation script:

wget https://releases.bondix.dev/endpoint/install-bondix-server.sh
chmod +x install-bondix-server.sh
sudo ./install-bondix-server.sh

When prompted for the installation directory, the default is fine — just hit Enter. The install completes in seconds.

⚠️ Two things appear on screen at the end of the install that you must save:

1. Your web admin username and password — this is your login for the Bondix web interface.
2. The advanced config access credentials — same password, used for the advanced configuration area.

Copy these somewhere safe now. (If you ever lose the password, it can be reset by editing the server configuration file with nano — see Part 12 for where that file lives.)

Part 10 — First login to the Bondix web interface

Browse to https://<your-hostname> (e.g. https://bondix-test.simpliwifi.cloud).

You’ll get a “connection is not private” warning — this is expected at this stage, because the server is still using a self-signed certificate. On this one occasion it’s fine to click Advanced → Proceed.

Log in with username admin and the password from Part 9. You now have a working Bondix server — it just needs licensing, a proper SSL certificate, and its first tunnel.

Part 11 — Let’s Encrypt SSL with certbot

We’ll use certbot to issue a proper certificate and renew it automatically every 90 days. Install certbot:

sudo apt install certbot -y

Request a certificate in standalone mode:

sudo certbot certonly

Certbot will ask a series of questions:

  1. How to authenticate — choose option 1 (spin up a temporary web server). This is why we opened port 80.
  2. Email address — enter a real one; this is where expiry/renewal-failure warnings go.
  3. Terms of service — agree.
  4. Share email with the EFF — your choice; we say no.
  5. Domain name — enter the exact hostname from Part 1, e.g. bondix-test.simpliwifi.cloud. If your DNS A record hasn’t propagated, this step fails — go back to Part 2.

On success, your certificate and key are stored under:

/etc/letsencrypt/live/<your-hostname>/fullchain.pem
/etc/letsencrypt/live/<your-hostname>/privkey.pem

Note the folder is named after your domain — you’ll need these exact paths next.

Part 12 — Tell Bondix to use the certificate

Open the Bondix server configuration file:

sudo nano /opt/bondix/server.json

(Adjust the path if you chose a non-default install directory in Part 9.) This file is also where the admin passwords live, incidentally. Add a comma to the end of the current last configuration entry, then add the HTTPS block below on a new line, substituting your own hostname in both certificate paths:

{"target": "server", "action": "add-https", "host": "0.0.0.0", "port": "443", "allowMonitor": true,
 "cert": "/etc/letsencrypt/live/your.domain.name/fullchain.pem",
 "key": "/etc/letsencrypt/live/your.domain.name/privkey.pem"}

So for our example server, both paths would use bondix-test.simpliwifi.cloud in place of your.domain.name. Make sure the final entry in the file has no trailing comma, then save (CTRL+X, Y, Enter). Restart Bondix to load the new configuration:

sudo systemctl restart bondix

If the service fails to start, you almost certainly have a JSON syntax error — re-open the file and check your commas. Browse to https://<your-hostname> again: the certificate warning is gone, and you have a fully secured Bondix web interface.

Part 13 — Make certificate renewals automatic (new for 2026)

Certbot renews the certificate automatically, but Bondix only reads the certificate at startup — so a renewed certificate won’t take effect until Bondix restarts. Wire that up with a certbot deploy hook, which runs only when a renewal actually happens:

sudo sh -c 'printf "#!/bin/bash\nsystemctl restart bondix\n" > /etc/letsencrypt/renewal-hooks/deploy/restart-bondix'
sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/restart-bondix

Test the whole renewal chain without touching the real certificate:

sudo certbot renew --dry-run

You should see “Congratulations, all simulated renewals succeeded.” Your server will now keep itself secure for as long as it runs.

Done — what’s next

You now have a fully patched, firewalled, SSL-secured Bondix server ready to accept bonding tunnels. Next steps:

Don’t fancy the maintenance?

That’s literally what we do all day: hosted Bondix from £20/month, official Bondix licences, and Teltonika hardware — all UK-hosted and fully managed.

View Bondix Hosting

Or start with a free 48-hour Bondix trial and connect your Teltonika router to one of our servers first — no commitment, full bonding, real UK infrastructure.

SimpliWiFi is Bondix’s authorised hosted solutions partner and official Bondix & Teltonika distributor in the UK & EU.

Related Articles