Configure Digital Ocean for ssl (https) for free, (Bonus Meteor setup) — Video Series — Part 2
Now that we have our new user and the ssh key setup as in part 1 of this article. Let’s try and make sure that the basic firewall is in place.
Here is the video, the rest of the instructions follow.
Step 1: Firewall
Ubuntu 16.04 servers can use the UFW firewall to make sure only connections to certain services are allowed. We can set up a basic firewall very easily using this application.
Different applications can register their profiles with UFW upon installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service allowing us to connect to our server now, has a profile registered with UFW.
You can see this by typing:
sudo ufw app listOutput:
Available applications:
OpenSSHWe need to make sure that the firewall allows SSH connections so that we can log back in next time. We can allow these connections by typing:
sudo ufw allow OpenSSHAfterwards, we can enable the firewall by typing:
sudo ufw enableType “y” and press ENTER to proceed. You can see that SSH connections are still allowed by typing:
sudo ufw statusOutput:
Status: activeTo Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Here is how, everything should look.
If you install and configure additional services, you will need to adjust the firewall settings to allow acceptable traffic in. You can learn some common UFW operations in this guide.
Step 2: Domain Name
You must own or control the registered domain name that you wish to use the certificate with. If you do not already have a registered domain name, you may register one with one of the many domain name registrars out there (e.g. Namecheap, GoDaddy, etc.).
If you haven’t already, be sure to create an A Record that points your domain to the public IP address of your server. This is required because of how Let’s Encrypt validates that you own the domain it is issuing a certificate for. For example, if you want to obtain a certificate for example.com, that domain must resolve to your server for the validation process to work. Our setup will use coolmoviebites.com and www.coolmoviebites.com as the domain name.
Where to go from here?
You can move onto the Part 3 of this video series.
