`n

DigitalOcean Droplet Setup Tutorial - Complete Guide

Published: September 25, 2024 | Reading time: 18 minutes

DigitalOcean Droplet Overview

DigitalOcean droplets are virtual machines that provide scalable cloud hosting:

Droplet Features 
# Key Features
- Virtual private servers (VPS)
- SSD storage
- Multiple data centers
- Flexible pricing
- Easy scaling
- API access
- Monitoring tools

Creating Your First Droplet

Account Setup

Initial Setup Steps 
# 1. Create DigitalOcean Account
# Visit: https://www.digitalocean.com/
# Sign up with email or GitHub

# 2. Add Payment Method
# Credit card or PayPal required
# $5 minimum for account verification

# 3. Verify Account
# Check email for verification link
# Complete account setup

Droplet Creation Process

Droplet Configuration 
# Step 1: Choose Image
Ubuntu 22.04 LTS (Recommended)
Ubuntu 20.04 LTS
CentOS Stream
Debian
Fedora

# Step 2: Choose Plan
Basic Droplets:
- $6/month: 1GB RAM, 1 CPU, 25GB SSD
- $12/month: 2GB RAM, 1 CPU, 50GB SSD
- $24/month: 4GB RAM, 2 CPU, 80GB SSD

# Step 3: Choose Datacenter Region
New York (NYC1, NYC2, NYC3)
San Francisco (SFO1, SFO2, SFO3)
Amsterdam (AMS2, AMS3)
Singapore (SGP1)
Frankfurt (FRA1)

Authentication Setup

SSH Key Configuration 
# Generate SSH Key (if not exists)
ssh-keygen -t ed25519 -C "your_email@example.com"

# Copy public key
cat ~/.ssh/id_ed25519.pub

# Add SSH Key to DigitalOcean
# 1. Go to Account > Security > SSH Keys
# 2. Click "Add SSH Key"
# 3. Paste public key content
# 4. Give it a name (e.g., "My Laptop")

# Alternative: Use Password Authentication
# Less secure, not recommended for production

Initial Server Configuration

First Login

Connect to Droplet 
# Connect via SSH
ssh root@YOUR_DROPLET_IP

# If using SSH key
ssh -i ~/.ssh/id_ed25519 root@YOUR_DROPLET_IP

# Update system packages
apt update && apt upgrade -y

# Install essential packages
apt install -y curl wget git vim htop unzip

# Check system information
uname -a
lsb_release -a
free -h
df -h

User Account Setup

Create Non-Root User 
# Create new user
adduser deploy

# Add user to sudo group
usermod -aG sudo deploy

# Copy SSH key to new user
mkdir -p /home/deploy/.ssh
cp ~/.ssh/authorized_keys /home/deploy/.ssh/
chown -R deploy:deploy /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
chmod 600 /home/deploy/.ssh/authorized_keys

# Test new user login
ssh deploy@YOUR_DROPLET_IP

# Disable root login (optional but recommended)
sudo nano /etc/ssh/sshd_config
# Set: PermitRootLogin no
sudo systemctl restart ssh

Security Configuration

Firewall Setup

UFW Firewall Configuration 
# Install UFW
sudo apt install ufw

# Set default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow SSH
sudo ufw allow ssh
sudo ufw allow 22

# Allow HTTP and HTTPS
sudo ufw allow 80
sudo ufw allow 443

# Allow specific ports for applications
sudo ufw allow 3000  # Node.js app
sudo ufw allow 8080  # Alternative port

# Enable firewall
sudo ufw enable

# Check status
sudo ufw status verbose

# View firewall logs
sudo ufw logging on
sudo tail -f /var/log/ufw.log

Fail2Ban Setup

Intrusion Prevention 
# Install Fail2Ban
sudo apt install fail2ban

# Create local configuration
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

# Edit configuration
sudo nano /etc/fail2ban/jail.local

# Key settings:
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3

[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log

# Start and enable Fail2Ban
sudo systemctl start fail2ban
sudo systemctl enable fail2ban

# Check status
sudo fail2ban-client status
sudo fail2ban-client status sshd

Web Server Installation

Nginx Installation

Nginx Setup 
# Install Nginx
sudo apt install nginx

# Start and enable Nginx
sudo systemctl start nginx
sudo systemctl enable nginx

# Check status
sudo systemctl status nginx

# Test configuration
sudo nginx -t

# Create website directory
sudo mkdir -p /var/www/yourdomain.com/html
sudo chown -R $USER:$USER /var/www/yourdomain.com/html
sudo chmod -R 755 /var/www/yourdomain.com

# Create basic index file
echo "Hello World" | sudo tee /var/www/yourdomain.com/html/index.html

# Configure Nginx virtual host
sudo nano /etc/nginx/sites-available/yourdomain.com

# Virtual host configuration:
server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    root /var/www/yourdomain.com/html;
    index index.html index.htm index.nginx-debian.html;
    
    location / {
        try_files $uri $uri/ =404;
    }
}

# Enable site
sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

SSL Certificate with Let's Encrypt

SSL Setup 
# Install Certbot
sudo apt install certbot python3-certbot-nginx

# Obtain SSL certificate
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

# Test certificate renewal
sudo certbot renew --dry-run

# Set up automatic renewal
sudo crontab -e
# Add: 0 12 * * * /usr/bin/certbot renew --quiet

# Verify SSL
curl -I https://yourdomain.com

# Update Nginx configuration for HTTPS redirect
sudo nano /etc/nginx/sites-available/yourdomain.com

# Add redirect:
server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name yourdomain.com www.yourdomain.com;
    # SSL configuration will be added by Certbot
    root /var/www/yourdomain.com/html;
    index index.html;
    
    location / {
        try_files $uri $uri/ =404;
    }
}

Application Deployment

Node.js Application Setup

Node.js Installation 
# Install Node.js using NodeSource repository
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs

# Verify installation
node --version
npm --version

# Install PM2 for process management
sudo npm install -g pm2

# Create application directory
mkdir -p /var/www/myapp
cd /var/www/myapp

# Clone your application
git clone https://github.com/yourusername/your-app.git .

# Install dependencies
npm install

# Create PM2 ecosystem file
nano ecosystem.config.js

# PM2 configuration:
module.exports = {
  apps: [{
    name: 'myapp',
    script: 'app.js',
    instances: 'max',
    exec_mode: 'cluster',
    env: {
      NODE_ENV: 'production',
      PORT: 3000
    }
  }]
};

# Start application with PM2
pm2 start ecosystem.config.js
pm2 save
pm2 startup

Database Setup

MySQL Installation 
# Install MySQL
sudo apt install mysql-server

# Secure MySQL installation
sudo mysql_secure_installation

# Create database and user
sudo mysql -u root -p

# MySQL commands:
CREATE DATABASE myapp;
CREATE USER 'myapp'@'localhost' IDENTIFIED BY 'secure_password';
GRANT ALL PRIVILEGES ON myapp.* TO 'myapp'@'localhost';
FLUSH PRIVILEGES;
EXIT;

# Test connection
mysql -u myapp -p myapp

# Install Redis (optional)
sudo apt install redis-server

# Configure Redis
sudo nano /etc/redis/redis.conf
# Set: requirepass your_redis_password

# Restart Redis
sudo systemctl restart redis-server
sudo systemctl enable redis-server

Monitoring and Logging

System Monitoring

Monitoring Setup 
# Install monitoring tools
sudo apt install htop iotop nethogs

# Install Netdata (real-time monitoring)
bash <(curl -Ss https://my-netdata.io/kickstart.sh)

# Access Netdata at: http://YOUR_DROPLET_IP:19999

# Set up log rotation
sudo nano /etc/logrotate.d/myapp

# Log rotation configuration:
/var/log/myapp/*.log {
    daily
    missingok
    rotate 52
    compress
    delaycompress
    notifempty
    create 644 deploy deploy
    postrotate
        pm2 reloadLogs
    endscript
}

# Monitor disk usage
df -h
du -sh /var/www/*

# Monitor memory usage
free -h
cat /proc/meminfo

# Monitor CPU usage
top
htop

Backup Strategy

Automated Backups

Backup Script 
#!/bin/bash
# backup.sh - Automated backup script

# Configuration
BACKUP_DIR="/var/backups"
APP_DIR="/var/www/myapp"
DB_NAME="myapp"
DB_USER="myapp"
DB_PASS="secure_password"
DATE=$(date +%Y%m%d_%H%M%S)

# Create backup directory
mkdir -p $BACKUP_DIR

# Database backup
mysqldump -u $DB_USER -p$DB_PASS $DB_NAME > $BACKUP_DIR/db_backup_$DATE.sql

# Application backup
tar -czf $BACKUP_DIR/app_backup_$DATE.tar.gz -C $APP_DIR .

# Upload to DigitalOcean Spaces (optional)
# Install s3cmd
pip3 install s3cmd

# Configure s3cmd
s3cmd --configure

# Upload backup
s3cmd put $BACKUP_DIR/db_backup_$DATE.sql s3://your-backup-bucket/
s3cmd put $BACKUP_DIR/app_backup_$DATE.tar.gz s3://your-backup-bucket/

# Clean old backups (keep 7 days)
find $BACKUP_DIR -name "*.sql" -mtime +7 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete

# Set up cron job
crontab -e
# Add: 0 2 * * * /path/to/backup.sh

DigitalOcean CLI

doctl Installation

CLI Setup 
# Install doctl
cd ~
wget https://github.com/digitalocean/doctl/releases/download/v1.94.0/doctl-1.94.0-linux-amd64.tar.gz
tar xf doctl-1.94.0-linux-amd64.tar.gz
sudo mv doctl /usr/local/bin

# Authenticate
doctl auth init

# Test connection
doctl account get

# List droplets
doctl compute droplet list

# Create new droplet
doctl compute droplet create web-server \
  --image ubuntu-22-04-x64 \
  --size s-1vcpu-1gb \
  --region nyc1 \
  --ssh-keys YOUR_SSH_KEY_ID

# Get droplet information
doctl compute droplet get DROPLET_ID

# Create snapshot
doctl compute droplet-action snapshot DROPLET_ID --snapshot-name backup-$(date +%Y%m%d)

Scaling and Optimization

Droplet Resizing

Scaling Operations 
# Resize droplet (requires reboot)
# Via DigitalOcean Control Panel:
# 1. Go to Droplets
# 2. Select your droplet
# 3. Click "Resize"
# 4. Choose new size
# 5. Confirm resize

# Via CLI:
doctl compute droplet-action resize DROPLET_ID --size s-2vcpu-2gb

# Add block storage
doctl compute volume create --size 100GiB --region nyc1 --name my-volume

# Attach volume to droplet
doctl compute droplet-action attach DROPLET_ID VOLUME_ID

# Mount volume
sudo mkfs.ext4 /dev/disk/by-id/scsi-0DO_Volume_my-volume
sudo mkdir -p /mnt/volume
sudo mount /dev/disk/by-id/scsi-0DO_Volume_my-volume /mnt/volume
echo '/dev/disk/by-id/scsi-0DO_Volume_my-volume /mnt/volume ext4 defaults,nofail,discard 0 2' | sudo tee -a /etc/fstab

Troubleshooting

Common Issues

Troubleshooting Commands 
# Check system status
systemctl status nginx
systemctl status mysql
systemctl status redis-server

# Check logs
journalctl -u nginx -f
journalctl -u mysql -f
tail -f /var/log/nginx/error.log

# Check disk space
df -h
du -sh /var/www/*

# Check memory usage
free -h
ps aux --sort=-%mem | head

# Check network connectivity
ping google.com
curl -I https://yourdomain.com

# Check firewall status
sudo ufw status verbose

# Check SSH access
ssh -v deploy@YOUR_DROPLET_IP

# Restart services
sudo systemctl restart nginx
sudo systemctl restart mysql
pm2 restart all

# Check PM2 status
pm2 status
pm2 logs
pm2 monit

Best Practices

Security Recommendations

Security Checklist

  • Use SSH keys instead of passwords
  • Disable root login
  • Configure firewall (UFW)
  • Install Fail2Ban
  • Keep system updated
  • Use SSL certificates
  • Regular security audits

Performance Tips

  • Use SSD storage
  • Enable HTTP/2
  • Configure caching
  • Optimize database queries
  • Use CDN for static assets
  • Monitor resource usage
  • Regular backups

Summary

DigitalOcean droplet setup involves several key steps:

  • Account Setup: Create account, add payment method, verify
  • Droplet Creation: Choose image, plan, region, and authentication
  • Server Configuration: Update system, create users, configure security
  • Web Server Setup: Install Nginx, configure virtual hosts, SSL
  • Application Deployment: Deploy Node.js apps, set up databases
  • Monitoring: Set up monitoring tools and logging
  • Backup Strategy: Implement automated backups
  • Scaling: Use CLI tools for management and scaling

Need More Help?

Struggling with DigitalOcean droplet setup or need help optimizing your cloud infrastructure? Our cloud experts can help you deploy and manage your servers effectively.

Get Cloud Help

Cloud Hosting Solutions

CLOUD DigitalOcean

Simple cloud infrastructure

💰 $25 per referral + 25% recurring

AWS Amazon Web Services

Comprehensive cloud platform

💼 Up to 10% commission

AZURE Microsoft Azure

Enterprise cloud services

🏢 Up to 7% or $10 per lead