Creating a DigitalOcean droplet
The first thing that we need to do is commission a server on DigitalOcean to host our application.
Strictly speaking, what we’re going to commission is actually a virtual machine known in DigitalOcean terminology as a droplet.
If you’d like to follow along with this stage of the book, you’ll need to register for a DigitalOcean account if you don’t already have one. As part of the registration process, you’ll be prompted to confirm your email address and then add a minimum of $5 USD pre-paid credit to your account using either a credit/debit card or PayPal.
Once you’ve completed the registration and added the credit, you should find yourself presented with your account control panel, which should look similar to this:
Creating an SSH key
In order to log in to droplets in your DigitalOcean account you’ll need an SSH keypair.
If you already have an SSH keypair that you’re happy to use for this purpose, then that’s great, and you can skip ahead to the next section.
But if you don’t, you’ll need to create a keypair using the ssh-keygen command on your local machine. Similar to this:
$ ssh-keygen -t rsa -b 4096 -C "greenlight@greenlight.alexedwards.net" -f $HOME/.ssh/id_rsa_greenlight Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/alex/.ssh/id_rsa_greenlight Your public key has been saved in /home/alex/.ssh/id_rsa_greenlight.pub The key fingerprint is: SHA256:MXASjIyE1p2BAGZ70zkUV058rA65hm3sxdIcnWLGkwg greenlight@greenlight.alexedwards.net The key's randomart image is: +---[RSA 4096]----+ |o*+oo*Bo+o. | |+.oo=E++o. o | |.. o +. *.= . | | . . .+ % o | | + S + | | . B * | | + o | | . | | | +----[SHA256]-----+
This will generate two new files in your $HOME/.ssh folder:
- The
$HOME/.ssh/id_rsa_greenlightfile contains your private key. Make sure to keep this secure, because anyone who has access to it will be able to impersonate you. - The
$HOME/.ssh/id_rsa_greenlight.pubfile contains your public key. We’ll upload a copy of this public key to DigitalOcean.
If you open your public key file in a text editor you should see that the content looks similar to this (line breaks added for readability):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBheUdwyzUt056EsvUidpaGqL3zodDAffHbVVPPN7AJal5/oL6 hzmpPoCGIZueU3Fra2BPzrVtBTsNLOm0UwyQ3G8D474ETsWqlgtU3M3DBvdeI0sAaQdGxH8SkgUGswRUPNNzVG3V xvu5aOludfZ0J1kKEkS1PzWXRll2YoKlzSO42Ne0Gzo++ZdbQWl0Y/C0sLb2sBBviIxXHU8dXmp3823yUErqkWrF ZGGBhAco9t18gUe6MLei1+AyK+VHnRbCYvStrId7qExEs2dPzCmaEec01wCnLJ6LaRYZQnFpBRuzIZ9dTwwsJH+T cXGo87x8MRnGY6nKNVoz8lupbSyjxkHw3PBTfkelJh+tNKiFzxs8J8WiHDfJKzrKDDQVUGbE3TYZXddGSxvi+rv0 Sfrf85zgvPjRVa2E6tjTl6nD8CnC+3wlU/01gRjVxVtPx7B9n51f+k8n2vMm8UozAv6+YruE1zZoHRHw9IvPCEy3 5B4l6GJxWzAqzjTns7kJR3Qk+xzcu2jOAehc+Do8MMx+xegzOzlgRY3mbPx8jbB3L1WmjNF6vV2BrJR/NxKoRgTf nAQA44JaevaG4+KpbVZvkvSNoaI8uP6z8b5AptUHz/QO9Gc5M+n2EAPFjv/lNMN+0g5ZmMH8n6NpBXzP9Qmgujgn hsGP+GmI4ZgvuUgjTQ== greenlight@greenlight.alexedwards.net
And if you run the ssh-add -l command, you should see your new SSH key listed in the output, similar to this:
$ ssh-add -l 4096 SHA256:MXASjIyE1p2BAGZ70zkUV058rA65hm3sxdIcnWLGkwg greenlight@greenlight.alexedwards.net (RSA)
If you don’t see your key listed, then please add it to your SSH agent like so:
$ ssh-add $HOME/.ssh/id_rsa_greenlight Enter passphrase for /home/alex/.ssh/id_rsa_greenlight: Identity added: /home/alex/.ssh/id_rsa_greenlight (greenlight@greenlight.alexedwards.net)
Adding the SSH key to DigitalOcean
Now you’ve got an SSH keypair you can use, head back to your DigitalOcean control panel and navigate to the Settings › Security tab.
Click the Add SSH Key button, then in the popup window that appears paste in the text contents from your $HOME/.ssh/id_rsa_greenlight.pub public key file, give it a memorable name, and submit the form, similar to the screenshot below.
The screen should then update to confirm that your SSH key has been successfully added, like so:
Creating a droplet
Now that you have a valid SSH key added to your account, it’s time to actually create a droplet.
There are a couple of ways that you can do this. It’s possible to do so programmatically via the DigitalOcean API or using the official command-line tool, and if you need to create or manage a lot of servers then I recommend using these.
Or alternatively, it’s possible to create a droplet manually via your control panel on the DigitalOcean website. This is the approach we’ll take in this book, partly because it’s simple enough to do as a one-off, and partly because it helps give an overview of the available droplet settings if you haven’t used DigitalOcean before.
Go ahead and click the green Create button in the top right corner and select Droplets from the dropdown menu:
This will then take you to the options page for creating a new droplet. The first thing to choose is the data center where your droplet will be physically hosted. I’m going to choose Frankfurt but feel free to pick an alternative location if you like.
The next thing to choose is the operating system for your droplet. If you’re following along, please select Ubuntu 22.04 (LTS) x64.
Then you need to pick a plan that matches the technical specifications you need for the droplet. In this case we’ll select the Basic Regular plan at $4/month, which will give us a virtual machine with 512MB RAM, 10GB of disk space, and 500GB of outbound data transfer each month (inbound data transfer is unrestricted).
The next option allows us to add block storage to the droplet. This is essentially a droplet-independent storage volume which acts like a local hard disk and can be moved between different droplets. It’s not something we need right now, so you can skip this section.
Under the Authentication Method section, make sure that SSH keys is selected as the authentication method and that the SSH key that you just uploaded is checked.
After that we can select some “add-on” features for our droplet. In our case we’ll select Monitoring, which will allow you to later see graphs of various droplet statistics (like CPU, memory and disk use) in your DigitalOcean control panel — and you can also set up alerts if resource usage exceeds a certain threshold.
You can also choose to pay an additional 20% charge to enable automated droplet backups. If you select this option, then DigitalOcean will take a ‘snapshot’ of your droplet once a week and store it for a period of 4 weeks. You can then restore a droplet to its snapshotted state via the control panel if you ever need to. It’s entirely up to you whether to enable backups or not — but it’s a simple and hassle-free safety net.
Then we get to the final configuration options.
We only need one droplet right now, so you can leave that as the default.
You should also add a hostname for the droplet. Amongst other things, the hostname is used as the main identifier for the droplet in the DigitalOcean control panel, and it’s also what you’ll see when you SSH into the droplet later to administer it. So you should pick a name that is sensible and easy-to-recognize. I’m going to use the hostname greenlight-production, but feel free to use something different if you like.
Adding tags to your droplet is completely optional, but if you do a lot of work with DigitalOcean they can be a useful way to help filter and manage droplets. I’ll use the tags greenlight and production here.
Once that’s all set, go ahead and click the Create Droplet button at the foot of the screen. You should see a progress bar while the droplet is being set up for you, and after a minute or two the droplet should be live and ready to use.
The most important thing at this point is noting the IP address for the droplet, which in my case is 161.35.71.158.
If you like, you can also click the droplet hostname to see more detailed information about the droplet (including the monitoring statistics) and make any further configuration and management changes if you need to.
OK, now that the droplet is set up, it’s time for the moment of truth!
Open a new terminal window and try connecting to the droplet via SSH as the root user, using the droplet IP address. Like so…
$ ssh root@161.35.71.158 The authenticity of host '161.35.71.158 (161.35.71.158)' can't be established. ED25519 key fingerprint is SHA256:pBVp+W/Sb/BZkQy5JnsGQ0+QOr6clTtB3CFoEOFPKTk. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '161.35.71.158' (ED25519) to the list of known hosts. Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-50-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Thu Feb 23 15:17:11 UTC 2023 System load: 0.05615234375 Users logged in: 0 Usage of /: 16.8% of 9.51GB IPv4 address for eth0: 161.35.71.158 Memory usage: 43% IPv4 address for eth0: 10.19.0.5 Swap usage: 0% IPv4 address for eth1: 10.114.0.2 Processes: 105 112 updates can be applied immediately. 66 of these updates are standard security updates. To see these additional updates run: apt list --upgradable The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law root@greenlight-production:~#
Great, that looks like it’s working well. Our Ubuntu Linux droplet is up and running, and we’ve been able to successfully connect to it as the root user over SSH.
You can go ahead and type exit to terminate the SSH connection and return to the terminal on your local machine, like so:
root@greenlight-production:~# exit logout Connection to 161.35.71.158 closed.