Create Ubuntu Droplet at Digital Ocean
by John Vincent
Posted on August 9, 2018
This is part of a series of discussions regarding Deploying to a Digital Ocean Droplet. For more details, please see Overview of johnvincent.io website
Create Ubuntu Droplet at Digital Ocean
- Create Droplet
Ubuntu 16.04 x64
- Standard: $5/month
- Choose a data center region
- No SSH key
- hostname: website (name that makes sense)
The Ubuntu droplet is created and an IP provided.
Set Root Password
Dashboard
- Select droplet
- Access (left nav)
- Reset Root Password
- Password is emailed.
Get password from your email.
-
Launch Console
-
root
- {password-from-your-email}
-
Change password
How To Connect To Your Droplet with SSH
- Connect to droplet
- ssh root@{your-ip}
The authenticity of host '<your-ip> (<your-ip>)' can't be established.
Are you sure you want to continue connecting (yes/no)?
- Yes
Basic configuration
-
Add user
adduser {remote-user}
- {password}
-
Root privileges
usermod -aG sudo {remote-user}
Add Public Key Authentication
From Mac
cd .ssh
ssh-keygen
Enter file in which to save the key (/Users/<my-user>/.ssh/id_rsa): id_digital_ocean
- passphrase: do not provide a passphrase
Generates two files
- private:
id_digital_ocean
- public:
id_digital_ocean.pub
Store key in keychain
chmod 600 id_digital_ocean*
ssh-add -K id_digital_ocean
Add to .ssh/config
Host mywebsite
UseKeychain yes
AddKeysToAgent yes
HostName <your-ip>
User <your-user>
IdentityFile ~/.ssh/id_digital_ocean
Copy public key to remote server
cd
cd .ssh
ssh-copy-id <remote-user>@<your-ip>
Verify Public Key on Remote Server
- Login to digital ocean droplet
su - <remote-user>
cd .ssh
- view
authorized_keys
- Key should be present
Disable Password Authentication
As root or your sudo user, open the SSH daemon configuration
sudo vi /etc/ssh/sshd_config
set:
PasswordAuthentication no
ensure:
PubkeyAuthentication yes
ChallengeResponseAuthentication no
reload the SSH daemon:
sudo systemctl reload sshd
Test Log In
ssh <remote-user>@<your-ip>
should log in without any passwords.
Set Up a Basic Firewall
List applications:
sudo ufw app list
Available applications: OpenSSH
Ensure firewall allows SSH connection:
sudo ufw allow OpenSSH
enable the firewall:
sudo ufw enable
You can see that SSH connections are still allowed by typing:
sudo ufw status
Add Swap
Check System for Swap
sudo swapon -s
Check current disk usage
df -h
Create Swap File
sudo dd if=/dev/zero of=/swapfile bs=1G count=4
if this fails with:
dd: memory exhausted by input buffer of size 1073741824 bytes (1.0 GiB)
then try:
sudo fallocate -l 4G /swapfile
Check swap file
ls -lh /swapfile
Enabling the Swap File
Secure the swap file:
sudo chmod 600 /swapfile
tell our system to set up the swap space:
sudo mkswap /swapfile
enable the swap:
sudo swapon /swapfile
verify:
sudo swapon -s
Make the Swap File Permanent
Edit configuration file:
sudo vi /etc/fstab
Add to the end:
/swapfile none swap sw 0 0
Tweak your Swap Settings
Current swappiness
value by typing:
cat /proc/sys/vm/swappiness
For a VPS system, this number needs to be close to zero.
Edit configuration:
sudo vi /etc/sysctl.conf
At the bottom, add:
vm.swappiness=10
Another related value that you might want to modify is the vfs_cache_pressure
. This setting configures how much the system will choose to cache inode
and dentry
information over other data.
cat /proc/sys/vm/vfs_cache_pressure
sudo vi /etc/sysctl.conf
add:
vm.vfs_cache_pressure = 50
Check Swap
sudo swapon --summary
free -h
Install Basics
sudo apt-get update
sudo apt-get install zip wget
Install Node and npm
Node V6 - Best for Production
$ curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
$ sudo apt-get install -y nodejs
which node
/usr/bin/node
which npm
/usr/bin/npm
node -v
v6.11.1
npm -v
v3.10.10
Node V4 - Reference Purposes Only
sudo apt-get update
sudo apt-get install nodejs
sudo apt-get install npm
nodejs -v
v4.2.6
npm -v
3.5.2
Uninstall
which node
which npm
sudo apt-get remove nodejs
sudo apt-get remove npm
cd /etc/apt/sources.list.d
and remove any node list.
sudo apt-get update