New droplet created specifically for API hosting.
2GB Ram 50GB storage
Supabase as DB
About CAD 16/mo
Add SSH key on creation of Droplet
1. Initial Connection to Your Droplet
- Log in to your droplet using SSH:
ssh root@your_server_ip
2. Update the System
- Update the package lists and upgrade installed packages:
apt update && apt upgrade -y
- Optionally, remove unnecessary packages:
apt autoremove -y
3. Create a New User
- Add a new user (replace
your_username
with the desired username):
adduser your_username
- Grant the new user sudo privileges:
usermod -aG sudo your_username
4. Set Up SSH for the New User
- Switch to the new user:
su - your_username
- Create the
.ssh
directory and set proper permissions:
mkdir -p ~/.ssh && chmod 700 ~/.ssh
- Copy your public SSH key to the new user’s
authorized_keys
file:
nano ~/.ssh/authorized_keys
Paste your public key and save the file.
- Set proper permissions:
chmod 600 ~/.ssh/authorized_keys
- Exit back to the root user:
exit
- Test logging in as the new user:
ssh your_username@your_server_ip
5. Disable Root Login
- Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
- Find and set the following:
PermitRootLogin no
Optionally, disable password authentication for additional security:
PasswordAuthentication no
- Restart the SSH service:
sudo systemctl restart ssh
6. Install Docker
If you use ufw or firewalld to manage firewall settings, be aware that when you expose container ports using Docker, these ports bypass your firewall rules. For more information, refer to Docker and ufw.
Docker is only compatible with iptables-nft and iptables-legacy. Firewall rules created with nft are not supported on a system with Docker installed. Make sure that any firewall rulesets you use are created with iptables or ip6tables, and that you add them to the DOCKER-USER chain, see Packet filtering and firewalls.
- Remove old stuff if needed:
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
- Install prerequisites:
sudo apt-get install ca-certificates curl
- Add Docker's official GPG key:
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
- Set up the Docker repository:
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
- Install Docker:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- Add your user to the Docker group to avoid running through sudo:
sudo usermod -aG docker your_username
newgrp docker
- Test run. This will not run due to permission issue.
docker run hello-world
- Enable and start Docker (if above didn't work):
sudo systemctl enable docker
sudo systemctl start docker
For more info, check official docks on linux post install.
7. Install Caddy
- Download the official Caddy installation script:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
- Install Caddy:
sudo apt update
sudo apt install -y caddy
- Enable and start Caddy:
sudo systemctl enable caddy
sudo systemctl start caddy
8. Secure Your Firewall
- Allow SSH, HTTP, and HTTPS through the firewall:
sudo apt install -y ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow OpenSSH
sudo ufw allow 80
sudo ufw allow 443
# Use if keeping behind a DNS (e.g., cloudflare)
udo ufw allow from 203.0.X.X
- Enable the firewall:
sudo ufw enable
9. Verify Installations
- Check Docker:
docker --version
- Check Caddy:
caddy version
10. Optional: Set Up a Basic Caddyfile
- Edit the Caddy configuration:
sudo nano /etc/caddy/Caddyfile
- Example configuration for a website:
yourdomain.com {
root * /var/www/html
file_server
}
- Test the Caddyfile:
sudo caddy validate
- Reload Caddy to apply changes:
sudo systemctl reload caddy
Top comments (0)