New DigitalOcean Droplet Setup

New droplet created specifically for API hosting.
2GB Ram 50GB storage
Supabase as DB

About CAD 16/mo

Add SSH key on creation of Droplet

1. Initial Connection to Your Droplet

1. Log in to your droplet using SSH:

 ssh root@your_server_ip 

2. Update the System

1. Update the package lists and upgrade installed packages:

 apt update && apt upgrade -y 

1. Optionally, remove unnecessary packages:

 apt autoremove -y 

3. Create a New User

1. Add a new user (replace your_username with the desired username):

 adduser your_username 

1. Grant the new user sudo privileges:

 usermod -aG sudo your_username 

4. Set Up SSH for the New User

1. Switch to the new user:

 su - your_username 

1. Create the .ssh directory and set proper permissions:

 mkdir -p ~/.ssh && chmod 700 ~/.ssh 

1. Copy your public SSH key to the new user’s authorized_keys file:

 nano ~/.ssh/authorized_keys 

Paste your public key and save the file.

1. Set proper permissions:

 chmod 600 ~/.ssh/authorized_keys 

1. Exit back to the root user:

 exit 

1. Test logging in as the new user:

 ssh your_username@your_server_ip 

5. Disable Root Login

1. Edit the SSH configuration file:

 sudo nano /etc/ssh/sshd_config 

1. Find and set the following:

 PermitRootLogin no 

Optionally, disable password authentication for additional security:

 PasswordAuthentication no 

1. Restart the SSH service:

 sudo systemctl restart ssh 

6. Install Docker

If you use ufw or firewalld to manage firewall settings, be aware that when you expose container ports using Docker, these ports bypass your firewall rules. For more information, refer to Docker and ufw.

Docker is only compatible with iptables-nft and iptables-legacy. Firewall rules created with nft are not supported on a system with Docker installed. Make sure that any firewall rulesets you use are created with iptables or ip6tables, and that you add them to the DOCKER-USER chain, see Packet filtering and firewalls.

1. Remove old stuff if needed:

for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done 

1. Install prerequisites:

 sudo apt-get install ca-certificates curl 

1. Add Docker's official GPG key:

 sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc 

1. Set up the Docker repository:

# Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update 

1. Install Docker:

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin 

1. Add your user to the Docker group to avoid running through sudo:

 sudo usermod -aG docker your_username newgrp docker 

1. Test run. This will not run due to permission issue.

docker run hello-world 

1. Enable and start Docker (if above didn't work):

 sudo systemctl enable docker sudo systemctl start docker 

For more info, check official docks on linux post install.

7. Install Caddy

1. Download the official Caddy installation script:

 sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list 

1. Install Caddy:

 sudo apt update sudo apt install -y caddy 

1. Enable and start Caddy:

 sudo systemctl enable caddy sudo systemctl start caddy 

8. Secure Your Firewall

1. Allow SSH, HTTP, and HTTPS through the firewall:

 sudo apt install -y ufw sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow OpenSSH sudo ufw allow 80 sudo ufw allow 443 # Use if keeping behind a DNS (e.g., cloudflare) udo ufw allow from 203.0.X.X 

1. Enable the firewall:

 sudo ufw enable 

9. Verify Installations

• Check Docker:

 docker --version 

• Check Caddy:

 caddy version 

10. Optional: Set Up a Basic Caddyfile

1. Edit the Caddy configuration:

 sudo nano /etc/caddy/Caddyfile 

1. Example configuration for a website:

 yourdomain.com { root * /var/www/html file_server } 

1. Test the Caddyfile:

 sudo caddy validate 

1. Reload Caddy to apply changes:

 sudo systemctl reload caddy