How To Set Up A Virtual Server On DigitalOcean

  1. Register with DigitalOcean.
You can use the following link to get $10 USD credit upon signing up.
  1. Create a droplet (server) on DigitalOcean. A droplet means a virtual server.
Select the following:
  • Ubuntu operating system.
  • $5/month plan. You can switch to a different plan later.
  • Select a region that is closest to the majority of your target audience.
Screen Shot 2017-03-16 at 2.23.06 PM.png
  1. Change root password
  • SSH to the new server. You should receive an email containing the server IP address, username and password.
ssh root@123.98.***.***
  • Set your new password
  1. Set hostname
  • Buy a domain if you haven’t got one. Let’s say your domain is “yourdomain.com”.
  • The hostname can be anything you want to call your server instead of the IP address, for example “bluedroplet.yourdomain.com”.
echo "bluedroplet.yourdomain.com" > /etc/hostname hostname -F /etc/hostname
  • Update your domain’s DNS settings on DigitalOcean.
  • Go to your DigitalOcean account page → Networking → Domains → Select your domain.
  • Add a type “A” record as in the picture below.
  • Ssh to your server.
ssh root@bluedroplet.yourdomain.com
  1. Set the server timezone to your local timezone.
dpkg-reconfigure tzdata
  1. Install software updates.
  • Pull in updated package lists 
apt-get update
  • Update all of the currently installed packages
apt-get upgrade
  • Remove the outdated packages
apt-get autoremove
  1. Create a new user
It’s good practice to create a new user account in the sudo group with limited permissions for everyday use, instead of using the root user. We will disable root login later.
  • Add a new user. Let’s called her “alex”. 
adduser alex
  • Add the new user to the sudo group.
usermod -a -G sudo alex
  • Switch to the new user.
su - alex
  • Create a new directory called .ssh and restrict its permissions.
mkdir ~/.ssh chmod 700 ~/.ssh

Note: Do not “sudo mkdir” or it won’t work
  • Make sure your local machine has a pair of ssh keys that you can use. If not, use the “ssh-keygen” command to generate one on your local machine.
  • Create a file called “authorized_keys” that contains the public key of your local machine. This is so you can ssh to alex account from your local machine.
nano ~/.ssh/authorized_keys
Add the public key of local machine to the file content.
chmod 600 ~/.ssh/authorized_keys
  • Ensure your new account is working by logging out of your current SSH session and initiating a new one.
exit ssh alex@bluedroplet.yourdomain.com
  1. Configure SSH
  • Disable root login and password authentication by editing the sshd_config file.
sudo nano /etc/ssh/sshd_config
Set
PermitRootLogin no 
PasswordAuthentication no
  • Restart ssh service.
sudo service ssh restart
  1. Set up the firewall
  • Install the ufw package. Note: ufw = Uncomplicated Firewall.
sudo apt-get install ufw
  • Deny all incoming traffic and allow all outgoing traffic. Add the ports for SSH (22), HTTP (80), and HTTPS (443).
sudo ufw allow ssh 
sudo ufw allow http 
sudo ufw allow https
  • Review which rules will be added to the firewall. Ensure that the port for SSH is in the list of added rules or you won’t be able to log back in.
sudo ufw show added
  • Enable the firewall rules.
sudo ufw enable
  • Confirm that the new rules are active.
sudo ufw status verbose
Screen Shot 2017-03-19 at 6.27.32 PM.png
  • Install fail2ban.
sudo apt-get install fail2ban
  • Start the fail2ban service.
sudo service fail2ban start

Popular posts from this blog

How To Set Up Quasar v0.14 On A Laravel+Vue Framework

How To Set Up Quasar v0.13 On A Laravel(5.4)+Vue Framework

How To Fix Random Disappearing Of HTML Elements On iPhone/iPad