I created a new Digital Ocean droplet and mostly followed the tutorials to get things up and running. A couple of things that I need to do to get the environment the way it is on other machines.<\/p>\n
I had a bit of trouble with using Public Key Authorization. I think that I was selecting the key by triple clicking until everything was highlighted and then copying. I believe that I got a line feed a the end of the key that was messing up my login attempts. Carefully highlighting just the key seems to have done the trick.<\/p>\n
I also was stymied for a while when my site didn\u2019t display. First, since I turned on the firewall I needed to add either www (sudo ufw allow www) or Apache (sudo ufw allow Apache) to the rules. And then verify with sudo ufw status.<\/p>\n
When I created the droplet, I destroyed the previous one so I needed to find the DNS records and change the IP address. Unlike other services, DO puts that in Networking. <\/p>\n
I need to copy my .bash_profile file over to my home directory and add the line Reload the profile with I also want all of the files in the www directory to be created with the admin group. That way, no matter who created them, I\u2019ll be able to edit them.<\/p>\n You can change the default group for all files created in a particular directory by setting the setgid flag on the directory (chmod g+s _dir_). New files in the directory will then be created with the group of the directory (set using chgrp <group> <dir>). This applies to any program that creates files in the directory.<\/em> mark4o<\/a><\/p>\n The default location for web files is \/var\/www, which is different than the setup on my older machines. (probably because the default location varies across distributions and over time). I put a symlink to it in the root. I don\u2019t want people to be able to view the directories, especially the images directory, so I disabled that ability by removing the word Indexes<\/em> from the option line.<\/p>\n I covered this in earlier posts, but it doesn\u2019t hurt to repeat it. I make a few modifications to the apache config file to keep people from seeing things on the server. I added these lines after the section on .htaccess.<\/p>\n On my older servers I have lots of sites and their names end in .com, .net, etc. but on this version of Apache, the I also had some trouble with the https code that was added to the site by certbot. I took them out after reviewing the output of To install the certbot certificate I went to the page for my setup<\/a> and followed the directions. I have a .com and .org version of this site and allow access using www and without so I need the certificate to work for all four of these. Rather than getting four certificates, I got one for the name I will use most, the .org, and then added the ones for www and .com.<\/p>\n Unfortunately, at the moment there is a security vulnerability so the normal method does not work.<\/p>\n Instead I had to stop Apache and run I had some problems at first because I had not set up the DNS records at Digital Ocean correctly. I typed the whole domain into the add a record field, when I should have just typed www. It added www.example.com.examp<\/em> instead of www.example.org<\/em>. After I fixed that it created the certificates and I checked them. <\/p>\n Unfortunately, something else is not right because Apache is not serving up the SSL connection. I\u2019ll update the post when I figure it out.<\/p>\n","protected":false},"excerpt":{"rendered":" I created a new Digital Ocean droplet and mostly followed the tutorials to get things up and running. A couple of things that I need to do to get the environment the way it is on other machines. I had a bit of trouble with using Public Key Authorization. I think that I was selecting … Continue reading Notes on creating a droplet<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-2668","post","type-post","status-publish","format-standard","hentry","category-computers"],"_links":{"self":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/2668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2668"}],"version-history":[{"count":0,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/2668\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n. ~\/.bash_profile<\/code> to my .profile file.<\/p>\nsource ~\/.profile<\/code><\/p>\nsudo ln -s \/var\/www\/ www<\/code><\/p>\n\n<Directory \/var\/www\/>\n Options Indexes FollowSymLinks\n AllowOverride None\n Require all granted\n<\/Directory>\n<\/code><\/pre><\/p>\n\n# We don't want people to see .inc files\n<Files ~ "\\.inc$">\n Order allow,deny\n Deny from all\n<\/Files>\n\n# Do not allow .git version control files to be viewed\n<Directorymatch "^\/.*\/\\.git+\/">\n Order deny,allow\n Deny from all\n<\/Directorymatch>\n\n# We don't want people to see .svn files, mainly in Wordpress installs\n<Directorymatch "^\/.*\/\\.svn+\/">\n Order deny,allow\n Deny from all\n<\/Directorymatch><\/code><\/pre><\/p>\na2ensite<\/code> requires files to end in .conf.<\/p>\nsudo journalctl -xe<\/code>.<\/p>\n
\n\nsudo certbot --authenticator webroot --webroot-path \/var\/www\/ACOV\/ --installer apache2 -d example.org\n\nsudo certbot certonly --cert-name example.org -d example.com,www.example.org,www.example.com\n\nservice apache2 restart\n<\/code><\/pre><\/p>\n