Hosting a FullStack Javascript Web App on Digital Ocean Part 1
This is the first of a three part series showing how to host a fullstack MERN app, both the Node JS back-end and React front-end on one Digital Ocean droplet. Please find the introduction here
Creating A Digital Ocean Droplet
First things first, we have to create a Digital Ocean account. I suggest creating one using your existing github account. After that login to your Digital Ocean dashboard, click on the Create drop down and select Droplets.
In the first section, select Ubuntu OS for the server.
Then select the $5/month plan for the lowest prices.
Choose the closest location to you for the physical data center region. Also note that you need to choose the same location for all your droplets if you will ever need them to connect to each other using a LAN.
Under authentication, select SSH keys and click on New SSH Key to add a new key. Enter the following command on the terminal on your local machine to generate a new SSH key pair.
$ ssh-keygenClick enter to accept the empty passphrase and other default settings. The above command generates two files: id_rsa & id_rsa.pub. Enter the following command to stream the contents of the id_rsa.pub file.
$ cat ~/.ssh/id_rsa.pubCopy the contents of the file from the terminal into the SSH key content field in Digital Ocean and click on Add SSH Key. Then select the newly added SSH key as shown below.
Choose a memorable host-name for the droplet and then click on Create Droplet to finalize the process.
Connecting to the Droplet Using SSH
You should now have access to your newly created droplet. If not, click on the Droplets link on the side bar to the left. This should take you to your droplets where you can access your droplet’s IP address. Use this IP address to access your droplet using ssh by typing the following command on your local machine’s terminal.
$ ssh root@your_server_ipAccept the warning about host authenticity if it appears.The root user is the administrative user in a Linux environment that has very broad privileges. So the next step is setting up a new user account with reduced privileges for day-to-day use. Once you are logged in as root, you’ll be able to add the new user account. In the future, we’ll log in with this new account instead of root. To add the new user enter the following command.
# adduser usernameYou’ll be asked to enter the user’s password. Make sure to enter a strong password since this will be used for commands prefixed with sudo later on.
Output
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfullyNext, you’ll be asked to fill in some information about the new user. It is fine to accept the defaults by hitting ENTER and leave this information blank:
Changing the user information for sammy
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]Use the usermod command to add the user to the sudo group:
# usermod -aG sudo usernameTo test that the new sudo permissions are working, first use the su command to switch to the new user account:
# su - usernameAs the new user, verify that you can use sudo by prepending sudo to the command that you want to run with superuser privileges. For example, you can list the contents of the /root directory, which is normally only accessible to the root user using:
$ sudo ls -la /rootThe first time you use sudo in a session, you will be prompted for the password of that user’s account. Enter the password you set above. To go back to the root user account type in:
$ exitWhile in the root user account, we need to setup the UFW firewall to make sure only connections to certain services are allowed. Applications can register their profiles with UFW upon installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service allowing us to connect to our server now, has a profile registered with UFW. You can see this by typing:
# ufw app listOutput
Available applications:
OpenSSH
We need to make sure that the firewall allows SSH connections so that we can log back in next time. We can allow these connections by typing:
# ufw allow OpenSSHAfterwards, we can enable the firewall by typing:
# ufw enableType y and press ENTER to proceed. You can see that SSH connections are still allowed by typing:
# ufw statusOutput
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
The next step now is to make sure we can SSH into the regular user account for daily use directly. We will need to add a copy of our local public key to the new user’s ~/.ssh/authorized_keys file to log in successfully.
Since our public key is already in the root account’s ~/.ssh/authorized_keys file on the server, we can copy that file and directory structure to our new user account in our existing session.
The simplest way to copy the files with the correct ownership and permissions is with the rsync command. This will copy the root user’s .ssh directory, preserve the permissions, and modify the file owners, all in a single command. Make sure to change the appropriate portions of the command below to match your regular user’s name:
Now, open up a new terminal session on your local machine, and use SSH with your new username:
$ ssh username@your_server_ipYou should be logged in to the new user account without using a password. Remember, if you need to run a command with administrative privileges, type sudo before it like this:
$ sudo command_to_runYou will be prompted for your regular user password when using sudo for the first time each session (and periodically afterwards).
This ends part 1 of the series. Check out part 2 here.