Setting up a DigitalOcean Droplet
Each time I set up a new droplet — which is every few months or so, I come across several stumbling blocks and am recording these steps for posterity. I usually follow this guide for Ansible automation, but there are a few steps peculiar to DigitalOcean.
After creating a droplet, without creating a new or using an existing ssh key ie leaving the section shown below unticked (we will setup key later):
If you want to launch the console, you can select your new droplet, then select access, then Launch Console
In the console, use root for username and enter the password that was emailed to the address you used when setting up DigitalOcean.
You’ll need to enter a new password, with is a real pain as you cant copy and paste into the console. Make sure you use something 30+ characters long — even though we will disable login via password eventually we want to make breaking in take sufficient time to protect the server for the time being.
You can by pass the console step or do this after changing your password — from your client machine type:
where the numbers after the @ are your droplets public ip address. You will be prompted for the new password you created in the console window (or if you skipped that step, the one initially emailed to you).
After logging to the server, update and install new updates:
apt update && apt upgrade -y
Install fail2ban to slow down attacks:
apt install fail2ban
You can then proceed to setup a non root user, and ssh keys following the Full Stack Python Guide to Deployments.
The following are useful commands when logged into the server
#switch from dash to bash shellbash#activate a particular virtualenv, where user and app are replaced by your specifics
source /home/user/venvs/app/bin/activate#fix an expired key causing ansible update fail
sudo apt-key list | \
grep "expired: " | \
sed -ne 's|pub .*/\([^ ]*\) .*|\1|gp' | \
xargs -n1 sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys
Debugging Nginx issues on server
/etc/nginx/conf.d/website.conf#for debugging problems change nginx to debug level in /etc/nginx/nginx.conf (use 'notice' instead of 'debug' for less granular output)
# Logging Settings
error_log /var/log/nginx/error.log debug;#supervisor config
/etc/supervisor/conf.d/website.conf#view errors in real time
sudo tail -f /var/log/nginx/error.log#ditto for requests
sudo tail -f /var/log/nginx/access.log#debug nginx service failures
systemctl status nginx.service
sudo journalctl -xe
Debugging Gunicorn issues
From app root directory run
gunicorn — check-config app
If still having issues, more debugging info can be found here.
And the following are useful when running on local machine
#copy from server to localmachine using ssh on a specific portscp -i ../localfolder/ssh_keys/key -P portnumber user@ip:/home/user/folder/data /local_path/
Finally on a side note, I recently discovered Geany a fast and basic IDE for managing multiple text files / bash scripts / ansible playbooks.
The best thing is you can have a tab for each file you are working on which keeps things organised. I never worked out how to use Vim and find emacs not straightforward to use and VS code/Pycharm/Eclipse/Atom etc are too heavy for simple script work. Geany is great alternative.