Create Ubuntu Droplet at Digital Ocean

Create Ubuntu Droplet at Digital Ocean

by John Vincent


Posted on March 01, 2017



This is part of a series of discussions regarding Deploying to a Digital Ocean Droplet. For more details, please see Overview of johnvincent.io website

Create Ubuntu Droplet at Digital Ocean

Useful reference

Sign in to Digital Ocean

  • Create Droplet
  • Ubuntu 16.04 x64
  • Standard: $5/month
  • Choose a datacenter region
  • No SSH key
  • Hostname: website (name that makes sense)

The Ubuntu droplet is created and an IP provided.

Set Root Password

Dashboard

  • Select droplet
  • Access (left nav)
  • Reset Root Password
    • Password is emailed.

Get password from your email.

  • Launch Console
  • root
    • {password-from-your-email}
  • Change password

How To Connect To Your Droplet with SSH

Useful reference

Initial Setup reference

  • Connect to droplet
    • ssh root@{your-ip}
The authenticity of host '<your-ip> (<your-ip>)' can't be established.
Are you sure you want to continue connecting (yes/no)?
  • Yes

Basic configuration

  • Add user
    • adduser {remote-user}
    • {password}
  • Root privileges
    • usermod -aG sudo {remote-user}

Add Public Key Authentication

From Mac

cd .ssh
ssh-keygen
Enter file in which to save the key (/Users/<my-user>/.ssh/id_rsa): id_digital_ocean
  • passphrase: do not provide a passphrase

Generates two files

  • private: id_digital_ocean
  • public: id_digital_ocean.pub

Store key in keychain

chmod 600 id_digital_ocean*
ssh-add -K id_digital_ocean

Add to .ssh/config

Host mywebsite
    UseKeychain yes
    AddKeysToAgent yes
    HostName <your-ip>
    User <your-user>
    IdentityFile ~/.ssh/id_digital_ocean

Copy public key to remote server

cd
cd .ssh
ssh-copy-id <remote-user>@<your-ip>

Verify Public Key on Remote Server

  • Login to digital ocean droplet
  • su - <remote-user>
  • cd .ssh
  • view authorized_keys
    • Key should be present

Disable Password Authentication

As root or your sudo user, open the SSH daemon configuration

sudo vi /etc/ssh/sshd_config

set:

PasswordAuthentication no

ensure:

PubkeyAuthentication yes
ChallengeResponseAuthentication no

reload the SSH daemon:

sudo systemctl reload sshd

Test Log In

ssh <remote-user>@<your-ip>

should log in without any passwords.

Set Up a Basic Firewall

Firewall Rules Reference

List applications:

sudo ufw app list

Available applications: OpenSSH

Ensure firewall allows SSH connection:

sudo ufw allow OpenSSH

enable the firewall:

sudo ufw enable

You can see that SSH connections are still allowed by typing:

sudo ufw status

Add Swap

Swap reference

Check System for Swap

sudo swapon -s

Check current disk usage

df -h

Create Swap File

sudo dd if=/dev/zero of=/swapfile bs=1G count=4

if this fails with:

dd: memory exhausted by input buffer of size 1073741824 bytes (1.0 GiB)

then try:

sudo fallocate -l 4G /swapfile

Check swap file

ls -lh /swapfile

Enabling the Swap File

Secure the swap file:

sudo chmod 600 /swapfile

tell our system to set up the swap space:

sudo mkswap /swapfile

enable the swap:

sudo swapon /swapfile

verify:

sudo swapon -s

Make the Swap File Permanent

Edit configuration file:

sudo vi /etc/fstab

Add to the end:

/swapfile   none    swap    sw    0   0

Tweak your Swap Settings

Current swappiness value by typing:

cat /proc/sys/vm/swappiness

For a VPS system, this number needs to be close to zero.

Edit configuration:

sudo vi /etc/sysctl.conf

At the bottom, add:

vm.swappiness=10

Another related value that you might want to modify is the vfs_cache_pressure. This setting configures how much the system will choose to cache inode and dentry information over other data.

cat /proc/sys/vm/vfs_cache_pressure
sudo vi /etc/sysctl.conf
add:
vm.vfs_cache_pressure = 50

Check Swap

sudo swapon --summary
free -h

Install Basics

sudo apt-get update
sudo apt-get install zip wget

Install Node and Npm

Node V6 - Best for Production

$ curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
$ sudo apt-get install -y nodejs
which node
/usr/bin/node

which npm
/usr/bin/npm

node -v
v6.11.1

npm -v
v3.10.10

Node V4 - Reference Purposes Only

Install Node Version 4

sudo apt-get update
sudo apt-get install nodejs
sudo apt-get install npm
nodejs -v
v4.2.6

npm -v
3.5.2
Uninstall
which node
which npm
sudo apt-get remove nodejs
sudo apt-get remove npm
cd /etc/apt/sources.list.d

and remove any node list.

sudo apt-get update