How to set up droplet in DigitalOcean

Server

Just recently, one of our customer asked us to help him to set up a droplet in his DigitalOcean account.

As part of our Server Support Services, we do help customers set up droplet, improve security and improve the way in which they use their server.

In this context we shall discuss how we configured droplet in DigitalOcean.

How to set up a droplet in DigitalOcean?

DigitalOcean is one of the most popular Server Providers for Web hosting organizations, corporate bodies and small businesses across the world. They have gained their reputation over the years due to their reliability and stability in their Server hosting services. In essence, a droplet is a fresh server which can be used for any project either for a small or large organization to host web services and cloud applications.

To begin, you need to have a basic knowledge about SSH tools such as putty to access the server. As soon as you connect to the new server, you can proceed with creating and setting up the SSH keys, Configuring the droplet and setting the firewall to improve security.

Creating and Setting up SSH keys

SSH keys are preferable when administrating a server via SSH due to its security potential compared to using password which is far less secure. This is why you have to set up the SSH keys for authentication to your droplets.
With puttygen, you can convert an ssh key so that it can become usable by putty. However, Most Linux users create ssh-keygens by means of the default tool for this purposes which can be found in Linux, MacOS, and Windows Operating systems.

In Linux OS, the ssh-keygen is created and saved in a known location identified by ~/.ssh/. While on Windows and MacOS, it will be saved in /Users/computer_name/.ssh location. By default, it is saved as id_rsa.pub.

To use it in Putty, you should add then add the ssh keys to the security tab section by pasting the public key into the SSH key text box and giving it a name.

The Process of Configuring the droplet

In your DigitalOcean Control panel, you will see the tab to create a droplet in the top right side of the page.

i. Then you can choose a recent version of any Linux Distribution you are comfortable with lets say Ubuntu.
ii. Next you will the the VPC Network option where you are to choose the default VPC.
iii.Now you can select IPv6 and monitoring. For additional options, you can use the cloud config script attributes given below in the text box for user data;

#!/bin/bash

set -euo pipefail


USERNAME=username # Here you can customize the sudo non-root username


# This will create the user and prompt it to change password on initial login

useradd –create-home –shell “/bin/bash” –groups sudo “${USERNAME}”

passwd –delete “${USERNAME}”

chage –lastday 0 “${USERNAME}”


# This will create SSH directory for sudo user and move keys over

home_directory=”$(eval echo ~${USERNAME})”

mkdir –parents “${home_directory}/.ssh”

cp /root/.ssh/authorized_keys “${home_directory}/.ssh”

chmod 0700 “${home_directory}/.ssh”

chmod 0600 “${home_directory}/.ssh/authorized_keys”

chown –recursive “${USERNAME}”:”${USERNAME}” “${home_directory}/.ssh”


# This will disable root SSH login with password

sed –in-place ‘s/^PermitRootLogin.*/PermitRootLogin prohibit-password/g’ /etc/ssh/sshd_config

if sshd -t -q; then systemctl restart sshd fi

~~

iv. Next settings is the Authentication area where you can select SSH keys. This keys will grant you access as the root user and with the data script specified above, access will be given to the non-user as well with sudo right.

v. You will also see options to activate backups and add tags which matches the purpose for the droplet.

After this process, the droplet will be created successfully.

Setting the firewall to protect your server.

With firewall, restrictions in certain aspects will be imposed on the server thereby serving as a protection feature to the server. This is very helpful as it protects the Server against external attacks. With DigitalOcean, there is root to set such Firewall rules.
Firewall can be set on individual droplets by name or tag as earlier specified in the droplet creation stage. As a general precaution, it is good to restrict all inbound traffic except for the SSH port 22. You can set the firewall by creating the rule located at the top of the page in your account page.