Introduction

Quick-reference setup guide for myself for configuring a secure new DigitalOcean droplet for web server and general usage with emphasis on Docker

Steps

1. Setup SSH login
   1.1 SSH aliases using ssh config file
   1.2 (Optional) Update hostname: hostnamectl set-hostname use_your_new_hostname
2. Create Non-root sudo capable user(s)
3. Create firewall rules
4. Setup VPN using OpenVPN

1. Setup SSH login

Disable password login for root

Disable all pasword login

2. Create Non-root sudo capable user(s)

Links:

• https://www.digitalocean.com/community/tutorials/how-to-create-a-new-sudo-enabled-user-on-ubuntu-18-04-quickstart
• https://docs.digitalocean.com/tutorials/recommended-droplet-setup/

useradd --create-home --shell "/bin/bash" --groups sudo "yourusername"
passwd "yourusername"

2.1 Setup SSH access for your new user

https://docs.digitalocean.com/tutorials/recommended-droplet-setup/

1. Login to root using key

home_directory="$(eval echo ~yourusername)"
mkdir --parents "${home_directory}/.ssh"
cp /root/.ssh/authorized_keys "${home_directory}/.ssh"
chmod 0700 "${home_directory}/.ssh"
chmod 0600 "${home_directory}/.ssh/authorized_keys"
chown --recursive "${USERNAME}":"${USERNAME}" "${home_directory}/.ssh"

3. Create firewall rules

4. Setup VPN using OpenVPN

5. Docker Setup

Install docker and docker-compose:

1. sudo apt install docker-compose
2. Post-install setup:

sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker
docker run hello-world

https://docs.docker.com/engine/install/linux-postinstall/

6. Setup Containers

docker-compose up
^C
docker-compose start

7. Set up NGINX Reverse Proxy