Configure Digital Ocean for ssl (https) for free (Bonus Meteor setup) - Video Series - Part 1

This is a part 1 to the video series on how to setup your Digital ocean server for security and get a certificate like this. All for free!

A+ Security Rating

If you like to read, read along! If you want to watch, watch Along! — Do let me know your thoughts in the comments section.

Step 1: Create a droplet

create droplet (moviebite-prod)

Step 2: Access the root of the newly added server. If your ip address is X.X.X.X, use below command

ssh root@X.X.X.X

you will be asked for a confirmation, type ‘yes’ and Enter

Enter your password, It should be emailed to you! Change your password. Note it.

Step 3: Create another user, in my case i will create another user called ‘abhay’

adduser abhay

New user creation

Once you create the user, you will be asked for password as well as some basic information for the user. Either populate it or leave it bank!

Now, let’s make sure that our newly created user has the root access. You can grant the access by using the following command.

usermod -aG sudo abhay

Step 4: Add Public Key Authentication (Recommended)

To get this done, run the below command form your local machine terminal window.

ssh-keygen

Once, you are done with it, you will be asked to store the key in a file. You can either give a new file/path or you can go with the default. Make sure to note, it is for the user..

After the file, you will be asked for a pass-phrase. You can enter anything you wish, or you can leave it blank and hit enter. For the sake of this tutorial, i will be keeping it as blank.

SSH Key gen

Step 5: Making sure ssh-copy-id is installed on your machine.

If ssh-copy-id script is not installed, use the following command.

curl -L https://raw.githubusercontent.com/beautifulcode/ssh-copy-id-for-OSX/master/install.sh | sh

Step 6: Add your newly generated key to the remote server

To add the newly generated key to the remote server, use the below command.

ssh-copy-id abhay@X.X.X.X

Step 7: Test login

If you did everything right till this point and try to remotely connect to your new droplet. You will not be asked for a password. So, if you do.

ssh abhay@X.X.X.X

you should be directly able to login.

A detailed explanation of the creation of user and login is specified in this article.

Step 8: Edit user preferences

You also need to add NOPASSWD to your sudoers file. Open it with:

sudo visudo

Then, replace the line that says %sudo ALL=(ALL) ALL with

%sudo ALL=(ALL) NOPASSWD:ALL

To save these edits, type Ctrl + X, then confirm by typing Y and hitting enter:

Now, switch to your new user with: The dash before the username makes sure that you actually log in as the new user.

su - username

Next, restrict the .ssh and its permissions with the following commands:

chmod 700 .ssh

Now restrict the permissions of the authorized_keys file with this command:

chmod 600 .ssh/authorized_keys

Return to the root user with:

exit

Which should give you a prompt like the following to let you know that you are back on the root user:

logout
root@dropletName:~#