How to Setup a Digital Ocean droplet

version 3 (12-29-2019)
version 4 (06-16-2021)
      
The whole process is based up the Digital Ocean instructions:
https://cloud.digitalocean.com/droplets/74396269/graphs?i=919397

Note, in the following example "rbo" is the tli for the droplet being built.


#1. Go to digitalocean.com website and login. You may need your phone for authentication.


#2. Click on "Create" button and (from the dropdown menu) select "Droplets".

Th en on the webpage select the details of the droplet, using the following to guide your choices. YMMV. In general, select:
      * select Ubuntu 20.04 (LTS) x64
      * select plan: Standard
      * select 1 GB size / 1 cpu
      * select datacenter nyc
      * select "SSH Keys" and "Select all" checkboxs (or upload a new SSH key)
      * choose a hostname: example: "bcodrop"
      * add a tag: example: "drop"
      

VPC Network default-nyc3 DEFAULT All resources created in this datacenter will be members of the same VPC network. They can communicate securely over their Private IP addresses. What does this mean?

Then when the selections are done, click "Create droplet" button. ******* Note: if this is your first droplet, you probably will have to create an SSH Key and give the public key to Digital Ocean. Here are my notes from that process: (a) Add SSH Keys Using PuttyGen (b) --> click on "new ssh key" ****** #3. After the droplet is created, navigate on the Digital Ocean site to your list of droplets and copy the [ip-address] of the droplet you just created. #4. Set up new username on the new droplet. Open a Terminal and ssh to root@[ip-address] using command below: $ssh root@[ip-address] At this point you should be connected to your new droplet via a ssh shell. Next, you will use the root user to create a new user that will be the user account used for the droplet. (And the root user will be disabled.) Create the user with the following set of commands: #adduser [username] Next, check to see if the new user account is exists: $id [username] Next, add to sudo group (so the new user has access to sudo command): #usermod -aG sudo [username] Next, check that the user is a member of the sudo group: #id [username] Next, login to the user account to test it: #sudo su - [username] Next, confirm that you are logged in a user: $whoami Next, set up ssh (secure shell) so that you can login into the droplet without a password. First, create a directory with correct permissions: $mkdir .ssh $chmod 700 .ssh Next, use sudo command to cp (copy) root's .ssh/authorized_keys to the new user's .ssh/authoried_keys. Afterward, you may have to change the owner and group of the file with chown command. Finally, fix the permissions. Do the command: $sudo cp /root/.ssh/authorized_keys /home/[username]/.ssh/ $sudo chown [username].[username] .ssh/authorized_keys $chmod 600 .ssh/authorized_keys Next, restart the ssh service to enable changes: $sudo service ssh restart Next, everything should be set up for how, so exit the username and then exit the root account (effectively logging out of the droplet system). $exit #exit #5. On your local machine, configure bash to enable an alias command: $emacs ~/.bash_aliases In this file, edit the file so that there is shortcut command name: alias srbo='ssh [username]@<[ip-address]' Save the file and exit the file. #6. Test that you can login to the newly created droplet: $srbo Note: if you successfully are shelled into the droplet. All is well. #7. Take a short break, before continue-ing. #8. Update the system software using apt-get Add software updates that are needed: $srbo $sudo apt-get update $sudo apt-get upgrade $sudo apt-get install emacs #9. Install Node.js. Note: use a browser and surf to nodejs.org. At this site, find the downloads. Then find the link to a webpage about installing from a "package manager". On the package manager page, scroll until you find the Ubuntu / Debian section listing some command-line commands. Here is an example of the url where the I found this info: https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions Note: it appears that you also get to decide on which version of node to use. n this example, I am using version "Ubuntu 18.04 LTS (Bionic Beaver)". Also, select the version of node.js (v13.0). So, from the nodejs.org webpage copy the following lines and paste then in a terminal and execute them. They download the node code so that it can be added to the system as a apt-get package. Note: the first found line of code (1 of 2 $curl -sL https://deb.nodesource.com/setup_13.x | sudo -E bash - Note: the second found line of code (2 of 2) $sudo apt-get install -y nodejs Next: check that you have node.js on your droplet. Test this by using the following command: $node -v ******* Note: one one machine, I had debian and I needed to run the following to get the above to work. $sudo apt-get install nodejs-legacy ********** #10. Install the node.js webserver known as freeradiantbunny.node. This code is on the bitbucket site. Note: the SSH key needs to be on the droplet so that the bitbucket code can be accessed. ****** Here are some rough instructions on how to get the SSH key for bitbucket: Go to the local system that has the bitbucket SSH key and scp it to the droplet .ssh folder. $scp .ssh/id_rsa_bitbucket rinchen@67.205.138.63:.ssh/id_rsa ****** Next, install freeradiantbunny.node, using the git command: $git clone git@bitbucket.org:lars_paul_linden/freeradiantbunny.node.git Next, the npm so that all of the node_modules are loaded: $cd freeradiantbunny.node $sudo npm update #11. Install pm2 to run the server as a process. The pm2 app is process manager for node.js apps. $sudo npm install -g pm2 #13 Set up the reverse proxy (using nginx). $sudo apt-get install nginx Not sure about these (but I do them anyway.) $sudo apt-get install nginx-full $sudo apt-get install nginx-extras Some helpful nginx commands, if needed: ?? $sudo emacs /etc/nginx/sites-enabled/default ?? $sudo nginx -t ?? $sudo systemctl start nginx #14. Set up the firewall, sing the ufw app. $sudo ufw allow OpenSSH $sudo ufw allow http $sudo ufw allow https $sudo ufw enable $sudo ufw status Note: here is another way to test: $sudo netstat -ntlp Next, set up the digitalocean firewall. On the digitalocean website, select the droplet ("rbdropo" in this example), then select Networking, then scroll down and select "Manage Firewalls". This goes to the firewall rules, where you have access to a "Droplets" tab, where you can click on the "Add Droplets" button. Then you select the droplet that is being attached (to the firewall rules). Note, if you do not have any Firewall Rules you will have to add them. #15. Connect a domain_name to our droplet. Next, open the browser and go to digitalocean.com. Navigate to the "Networking" webpage. Click on the given droplet and then under DNS records find the "A" record and use the "More" dropdown menu to select "Edit record". Then, on the DNS records page, change "A" records value to the the droplet. [If there are no DNS records, the records will have to be creatd. See page that shows the working DNS stuff for digital ocean.] Next, make sure the digitalocean DNS records for this domain have an A record that points to the correct IP Address. #16. Deal with registrar and making sure the domain's nameservers point to the nameservers at digitalocean. Note: There may be situations where you need to go to the registrar of the domain_name and change where the nameservers point and make sure that the nameservers point to digital ocean nameservers. #17. install npm freeradiantbunny $cd freeradiantbunny.node $npm freeradiantbunny Note: may need to open freeradiantbunny.node package.json and update the freeradiantbunny version number. And then update the code with the following command: $npm update Next, fix an annoying wierd thing. $sudo chown -R [username].[username] ~/.config Next: add frb usr/config.js file on droplet: $mkdir .freeradiantbunny on local machine $scp config.js [username]@[ip-address]:.freeradiantbunny on droplet: $chmod 440 .freeradiantbunny/config.js Note, you might have to take a file from another site, copy it over, and modify it. Next, add public_tli files. These are the files that are the static webpages of the site. Note, hopefully there is a backup of the file. In this example the directory was named "public_rbo". If this is a new website, a public_tli site will have to be created with html, css, and images. Next, change the ownerships so that the nginx has permission to access the directory. Use the following command: $sudo chown -R [username].www-data public_rbo #18. Install database and attach it to the application. Note: see the other sheet of instructions "how_to_digital_ocean_database.txt". #19. Enable server start on system reboot. The way this works, is that you run a command that will generate a shell script line of code that can then be run to install the startup command into the system. $pm2 startup Note: follow the instructions, you will have to copy the output and paste it on the command line and then run it. Here is what the generated line of shell code looked like: sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u rinchen --hp /home/rinchen #20. Install the SSL Certification so that the website has https: This is a new easy way to create and install SSL Certificate: Go to letsencrypt and find the certbot. See: https://certbot.eff.org/ Select server and system in dropdowns and use instructions: sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-nginx sudo certbot --nginx Use the following website to confirm that the above worked: https://www.ssllabs.com/ssltest/ #21. Configure nginx so that it knows the port of freeradiantbunny.org: $emacs /etc/nginx/sites-enabled/default Here is what the code looks like: # LPL new proxy proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. # LPL old #try_files $uri $uri/ =404; # LPL new proxy proxy_pass http://localhost:5001; } Here is how to restart the nginx server: $sudo systemctl restart nginx #22. File structure set-up. $mkdir db_rbo #mkdir backup_rbo Next, get perl script that creates database backups. backup_db.pl #23. Test the node.js webserver (based upon freeradiantbunny.node). Next, start the webserver using the following commands: $cd freeradiantbunny.node $sudo pm2 start server.js $sudo pm2 list $sudo pm2 log --lines=1000 $sudo pm2 stop server.js #24. Set up a cron job so that the database is dumped once a day. $sudo crontab -e Note: see below for the text to add to the crontab: 0 2 * * * /home/[username]/db_tli/backup_db.pl >> /home/[username]/db_tli/backup_db.log Next: Find the file ~/db_tli/backup_db.pl and upload it. Next: Create this file with command: touch db_tli/backup_db.log. Next: so that the system when using cron is allowed to use a psql command add the following file. On local system, update the names contained within: $emacs ~/.pgpass On local system, upload the file: $scp .pgpass [username]@[ip-address]: #25. On the local machine, set up a rsync backup script on local machine. See rsync_2backup_droplets.pl and system_backup_droplets dir. Next, on local machine update the hosts files with the ip-address. $sudo emacs /etc/hosts #26. Upload .bash_aliases file. Find the bash_aliases on local machine (or backup) and upload. ------------------------------------- last edited 2019-12-29