Skip to content

Instantly share code, notes, and snippets.

@jamestomasino

jamestomasino/digitalocean-config.md

Last active September 22, 2020 16:14
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jamestomasino/e84c7597eb6454efdfc622357ada7896 to your computer and use it in GitHub Desktop.
Save jamestomasino/e84c7597eb6454efdfc622357ada7896 to your computer and use it in GitHub Desktop.
Download ZIP
Digital Ocean Droplet setup for Nuxt Blue/Green deploys
Raw
digitalocean-config.md

Setting up a new digital ocean droplet

  • Create droplet with Ubuntu using special digitalocean key for root access.
  • SSH as root with digitalocean key
  • update and upgrade everything in apt

Setting up user and permissions

  • create 'web' user

    • use strong password
    • add to www_data & sudo groups

  • generate secure key for web user

    • create a new domain folder in keys directory and move there
    • ssh-keygen -a 100 -t ed25519 -f ./id_ed25519 -C ''
    • generate a 99 character password of letters & numbers (no symbols)
    • copy pubkey and add public key to authorized_keys
    • add an entry for site in local ~/.ssh/config

  • edit /etc/ssh/sshd_config

    • PermitRootLogin no
    • PubkeyAuthentication yes
    • restart ssh service
    • test ssh login with web user. don't move forward until this works

  • apt install make

  • reboot server

  • install dotfiles for web user

  • reconnect ssh with prooper login

Set up web environment

  • apt install the following packages:
build-essential nginx
  • Remove any certbot things that might be installed:
sudo apt-get remove certbot
  • Install certbot via snap
sudo snap install --classic certbot

  • Install Node from NodeSource

  • Configure "global" install of npm without sudo

mkdir "${HOME}/.npm-packages"
npm config set prefix "${HOME}/.npm-packages"
  • Ensure the bash startup scripts have the following
NPM_PACKAGES="${HOME}/.npm-packages"
export PATH="$PATH:$NPM_PACKAGES/bin"
# Preserve MANPATH if you already defined it somewhere in your config.
# Otherwise, fall back to `manpath` so we can inherit from `/etc/manpath`.
export MANPATH="${MANPATH-$(manpath)}:$NPM_PACKAGES/share/man"

  • Create /etc/nginx/sites-available/production and stage configs

    • dupe files from another server
    • comment out references to pem files for lets encrypt
    • update domains in config
    • update domain in pem file paths
    • ensure DNS is set up for domain & staging

  • Run sudo certbot --nginx and follow prompts

  • Uncomment paths to cert files if needed in server config and reload nginx

Set up repository and deployment mechanics

  • install git-lfs dependencies
curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | sudo bash
  • apt install the following packages:
git-lfs
  • Install pm2: npm install pm2@latest -g
  • generate ssh key for system to be used as deploy key (no passphrase)
  • clone repository into each directory (serva & servb)
  • symlink makefile and pm2 configuration to home folder of web user
  • run make stage (and maybe make production) to get the basics up
  • set up pm2 to restart on reboot: pm2 startup and then run the command it outputs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment