DEV Community

Varun D
Varun D

Posted on

New DigitalOcean Droplet Setup

New droplet created specifically for API hosting.
2GB Ram 50GB storage
Supabase as DB

About CAD 16/mo

Add SSH key on creation of Droplet


1. Initial Connection to Your Droplet

  1. Log in to your droplet using SSH:
   ssh root@your_server_ip
Enter fullscreen mode Exit fullscreen mode

2. Update the System

  1. Update the package lists and upgrade installed packages:
   apt update && apt upgrade -y
Enter fullscreen mode Exit fullscreen mode
  1. Optionally, remove unnecessary packages:
   apt autoremove -y
Enter fullscreen mode Exit fullscreen mode

3. Create a New User

  1. Add a new user (replace your_username with the desired username):
   adduser your_username
Enter fullscreen mode Exit fullscreen mode
  1. Grant the new user sudo privileges:
   usermod -aG sudo your_username
Enter fullscreen mode Exit fullscreen mode

4. Set Up SSH for the New User

  1. Switch to the new user:
   su - your_username
Enter fullscreen mode Exit fullscreen mode
  1. Create the .ssh directory and set proper permissions:
   mkdir -p ~/.ssh && chmod 700 ~/.ssh
Enter fullscreen mode Exit fullscreen mode
  1. Copy your public SSH key to the new user’s authorized_keys file:
   nano ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Paste your public key and save the file.

  1. Set proper permissions:
   chmod 600 ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode
  1. Exit back to the root user:
   exit
Enter fullscreen mode Exit fullscreen mode
  1. Test logging in as the new user:
   ssh your_username@your_server_ip
Enter fullscreen mode Exit fullscreen mode

5. Disable Root Login

  1. Edit the SSH configuration file:
   sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode
  1. Find and set the following:
   PermitRootLogin no
Enter fullscreen mode Exit fullscreen mode

Optionally, disable password authentication for additional security:

   PasswordAuthentication no
Enter fullscreen mode Exit fullscreen mode
  1. Restart the SSH service:
   sudo systemctl restart ssh
Enter fullscreen mode Exit fullscreen mode

6. Install Docker

If you use ufw or firewalld to manage firewall settings, be aware that when you expose container ports using Docker, these ports bypass your firewall rules. For more information, refer to Docker and ufw.

Docker is only compatible with iptables-nft and iptables-legacy. Firewall rules created with nft are not supported on a system with Docker installed. Make sure that any firewall rulesets you use are created with iptables or ip6tables, and that you add them to the DOCKER-USER chain, see Packet filtering and firewalls.

  1. Remove old stuff if needed:
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
Enter fullscreen mode Exit fullscreen mode
  1. Install prerequisites:
   sudo apt-get install ca-certificates curl
Enter fullscreen mode Exit fullscreen mode
  1. Add Docker's official GPG key:

sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
Enter fullscreen mode Exit fullscreen mode
  1. Set up the Docker repository:
# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Enter fullscreen mode Exit fullscreen mode
  1. Install Docker:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Enter fullscreen mode Exit fullscreen mode
  1. Add your user to the Docker group to avoid running through sudo:
   sudo usermod -aG docker your_username
newgrp docker
Enter fullscreen mode Exit fullscreen mode
  1. Test run. This will not run due to permission issue.
docker run hello-world
Enter fullscreen mode Exit fullscreen mode
  1. Enable and start Docker (if above didn't work):
   sudo systemctl enable docker
   sudo systemctl start docker
Enter fullscreen mode Exit fullscreen mode

For more info, check official docks on linux post install.

7. Install Caddy

  1. Download the official Caddy installation script:


sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list

Enter fullscreen mode Exit fullscreen mode
  1. Install Caddy:
   sudo apt update
   sudo apt install -y caddy
Enter fullscreen mode Exit fullscreen mode
  1. Enable and start Caddy:
   sudo systemctl enable caddy
   sudo systemctl start caddy
Enter fullscreen mode Exit fullscreen mode

8. Secure Your Firewall

  1. Allow SSH, HTTP, and HTTPS through the firewall:
   sudo apt install -y ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing

   sudo ufw allow OpenSSH
   sudo ufw allow 80
   sudo ufw allow 443

# Use if keeping behind a DNS (e.g., cloudflare)
udo ufw allow from 203.0.X.X
Enter fullscreen mode Exit fullscreen mode
  1. Enable the firewall:
   sudo ufw enable
Enter fullscreen mode Exit fullscreen mode

9. Verify Installations

  • Check Docker:
  docker --version
Enter fullscreen mode Exit fullscreen mode
  • Check Caddy:
  caddy version
Enter fullscreen mode Exit fullscreen mode

10. Optional: Set Up a Basic Caddyfile

  1. Edit the Caddy configuration:
   sudo nano /etc/caddy/Caddyfile
Enter fullscreen mode Exit fullscreen mode
  1. Example configuration for a website:
   yourdomain.com {
       root * /var/www/html
       file_server
   }
Enter fullscreen mode Exit fullscreen mode
  1. Test the Caddyfile:
   sudo caddy validate
Enter fullscreen mode Exit fullscreen mode
  1. Reload Caddy to apply changes:
   sudo systemctl reload caddy
Enter fullscreen mode Exit fullscreen mode

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay