A command-line script for building a basic secure server on Digital Ocean
The script configures / installs the following on the remote server:
- sets the timezone to Vancouver, Canada
- creates a new user using the currently logged in user
- sets a password for the new user with a password provided
- gives new newly created user sudo privilages
- updates and upgrades all packages
- installs: ufw, docker, docker-compose, git, curl, zsh, wget, nodejs, npm
- if zsh is selected as the shell, installs oh-my-zsh and the bullet-train-theme
- replaces sshd_config with a version that:
- prohibits root logins,
- allows public key authentication; and,
- other ssh server hardening
- configures ufw (uncomplicated firewall) to expose only the following ports:
- 80, 443, 123
- Clone this repository:
git clone https://github.com/jonathan-longe/basic-server.git-
Login to your Digital Ocean account and create a new virtual server ("droplet"). The remote server must have your public ssh key installed -- for example `~/.ssh/id_rsa.pub
-
Then on a local machine:
./configure_droplet.sh <IP_ADDRESS_OF_REMOTE_SERVER>- After the script has finished, ssh from your local machine:
ssh <IP_ADDRESS_OF_REMOTE_SERVER>This script borrows heavily from Bryan Gilbert's excellent instructions