Configure Digital Ocean for ssl (https) for free (Bonus Meteor setup) - Video Series - Part 1
This is a part 1 to the video series on how to setup your Digital ocean server for security and get a certificate like this. All for free!
If you like to read, read along! If you want to watch, watch Along! — Do let me know your thoughts in the comments section.
Step 1: Create a droplet
Step 2: Access the root of the newly added server. If your ip address is X.X.X.X, use below command
ssh root@X.X.X.X
you will be asked for a confirmation, type ‘yes’ and Enter
Enter your password, It should be emailed to you! Change your password. Note it.
Step 3: Create another user, in my case i will create another user called ‘abhay’
adduser abhay
Once you create the user, you will be asked for password as well as some basic information for the user. Either populate it or leave it bank!
Now, let’s make sure that our newly created user has the root access. You can grant the access by using the following command.
usermod -aG sudo abhay
Step 4: Add Public Key Authentication (Recommended)
To get this done, run the below command form your local machine terminal window.
ssh-keygen
Once, you are done with it, you will be asked to store the key in a file. You can either give a new file/path or you can go with the default. Make sure to note, it is for the user..
After the file, you will be asked for a pass-phrase. You can enter anything you wish, or you can leave it blank and hit enter. For the sake of this tutorial, i will be keeping it as blank.
Step 5: Making sure ssh-copy-id is installed on your machine.
If ssh-copy-id script is not installed, use the following command.
curl -L https://raw.githubusercontent.com/beautifulcode/ssh-copy-id-for-OSX/master/install.sh | sh
Step 6: Add your newly generated key to the remote server
To add the newly generated key to the remote server, use the below command.
ssh-copy-id abhay@X.X.X.X
Step 7: Test login
If you did everything right till this point and try to remotely connect to your new droplet. You will not be asked for a password. So, if you do.
ssh abhay@X.X.X.X
you should be directly able to login.
A detailed explanation of the creation of user and login is specified in this article.
Step 8: Edit user preferences
You also need to add NOPASSWD to your sudoers file. Open it with:
sudo visudo
Then, replace the line that says %sudo ALL=(ALL) ALL with
%sudo ALL=(ALL) NOPASSWD:ALL
To save these edits, type Ctrl + X, then confirm by typing Y and hitting enter:
Now, switch to your new user with: The dash before the username makes sure that you actually log in as the new user.
su - username
Next, restrict the .ssh and its permissions with the following commands:
chmod 700 .ssh
Now restrict the permissions of the authorized_keys file with this command:
chmod 600 .ssh/authorized_keys
Return to the root user with:
exit
Which should give you a prompt like the following to let you know that you are back on the root user:
logout
root@dropletName:~#