> For the complete documentation index, see [llms.txt](https://huang-jason.gitbook.io/web-general/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://huang-jason.gitbook.io/web-general/digital-ocean.md).

# Digital Ocean - steps

## Initial Server Setup with Ubuntu 16.04

<https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04>

<https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-ubuntu-14-04-servers>

**Purpose**: To increase the **security** and **usability** of your server.

You need ip address of your server & password.

### 1. Create a New User to prevent using ROOT everyday

ROOT is too powerful to use everyday.

```
$ ssh root@your_server_ip // login as root

$ adduser UserName
$ usermod -aG sudo UserName // add user to sudo group
```

### 2. Add Public Key Authentication

set up public key authentication for your new user.

```
$ ssh-copy-id UserName@your_server_ip
```

### 3. Disable Password Authentication

New user can **only** use SSH keys to log in, **not** password.

```
sudo nano /etc/ssh/sshd_config
```

```
# in `sshd_config`
PasswordAuthentication no
# the following lines are needed, but they should already be a default.
PubkeyAuthentication yes
ChallengeResponseAuthentication no
```

### 4. Test

**Test it before you logout!!!**

Open new command line and try to login again.

```
$ ssh UserName@your_server_ip
```

### 5. Set Up a Basic Firewall

<https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server>

Ubuntu 16.04 servers can use the **UFW firewall** to make sure **only connections to certain services are allowed**.

**UFW**: Uncomplicated Firewall, is a front-end to iptables.

Ｆirewall **denies traffic to every port** except for ports/services you have approved.

```
# see a list of allowed connections.
$ sudo ufw app list

# check status
$ sudo ufw status

# add service to ufw
$ sudo ufw allow OpenSSH
$ sudo ufw enable
```

```
# SSH - port 22
$ sudo ufw allow ssh
# conventional HTTP web server - port 80
$ sudo ufw allow 80/tcp
# web server with SSL/TLS enabled - port 443
$ sudo ufw allow 443/tcp
# SMTP email enabled - port 25
$ sudo ufw allow 25/tcp

# review your selections
$ sudo ufw show added

# If everything looks good, you can enable the firewall by:
$ sudo ufw disable
$ sudo ufw enable
```

<https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands>

<https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server>

When needing IP restriction: `sudo ufw allow from 192.168.255.255`.

### 6. Configure Timezones and Network Time Protocol

<https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-12-04>

It may begin to cause issues if the virtual server has to work with external machines.

* Emails sent out from a misconfigured server may arrive 3 minutes in another.
* users granted access only at certain times of the day, may find themselves blocked because of a time mismatch.

Servers can be synced using the NTP protocol.

* ntp daemon: automatically, slowly shift the server clock to match.
* To run `ntpdate` which automatically matches the time. `ntpdate` is not an action that should be taken regularly, but one time only.

```
# Configure Timezones
$ sudo dpkg-reconfigure tzdata
```

```
# Configure NTP Synchronization
$ sudo apt-get update
$ sudo apt-get install ntp
```

### 7. create swap

see swap section.

### 8. Take a Snapshot of your Current Configuration

case by case scenario.

## SWAP

<https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04>

To increase the **responsiveness** of your server and guarding **against out of memory** errors => to add some swap space.

Swap = an area on a **HD** that can **temporarily** store data when RAM is no longer sufficient for data.

Use Swap on spinning HDs, not SSD. (SSD will be degraded by Swap.)

### Check information

```
# shows system memory usage
$ free -m

# available space
$ df -h
```

Suggested Swap sapce \~= `1 ~ 2 * RAM`

### Create a Swap File

```
# allocate 4G for SWAP
$ sudo fallocate -l 4G /swapfile

# check status
$ ls -lh /swapfile # => -rw-r--r--

# SWAP should only be used by system
$ sudo chmod 600 /swapfile
$ ls -lh /swapfile # => -rw-------

# set up the swap space
$ sudo mkswap /swapfile

# enable SWAP
$ sudo swapon /swapfile

# check
$ free -m
```

### Make the Swap File Permanent

...


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://huang-jason.gitbook.io/web-general/digital-ocean.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.