Relying solely on the ‘root’ user for remote access is similar to leaving your front door wide open for anyone with malicious intent. That’s why creating a separate user account, armed with administrative privileges, is not just recommended — it’s a crucial step toward fortifying your server’s defenses.”

Now that we’ve established the significance of creating a new user for your Digital Ocean droplet, let’s walk through the process of creating a new user with administrative rights on your Ubuntu-based Digital Ocean droplet.

Step One: Accessing Your Digital Ocean Droplet

To begin, log in to your Digital Ocean account and navigate to the Droplets section. Locate the specific droplet to which you want to add a new user. Once you’ve selected the droplet, click on the ‘Access’ option on the left-hand side of the page. Then, proceed by clicking the ‘Launch Droplet Console’ button.”

After clicking the ‘Launch Droplet Console’ button, a terminal will open up in another tab in your browser window, successfully logging you into your terminal as a root user. From here, you’ll proceed with the necessary commands to create a new user with administrative privileges.

Step Two: Running Terminal Commands

Next, execute the following command in the terminal:

sudo adduser username

Replace “username” with the desired name for the new user. This command will prompt you to set a password for the new user and enter additional information if needed.

Step Three: Verifying the Successful Creation of the User

To verify the successful creation of this new user, run the command

cat /etc/passwd

This command will output the contents of the /etc/passwd file, which includes a list of users along with their basic information. Scan the output for the user you just created. Look for an entry containing the username you specified during the user creation process.

Understanding the adduser Command

Now that you've executed the sudo adduser username command to create a new user, let's take a moment to delve into what exactly happens behind the scenes when the adduser command is run. Here's a breakdown of what it does:

1. Creation Of Home Directory + .ssh Directory:

   The home directory is established in /home/username, while the .ssh directory resides within /home/username/.ssh.

2. Creation Of An Authorised Keys File:

   An important component for SSH authentication, the authorized keys file is located at /home/username/.ssh/authorized_keys.

3. User Creation + Setting Of Home Directory For User:

   The user is created, and their home directory is set to /home/username. This means that upon logging in, the user is directed to the /home/username directory.

4. Password For User:

   The command also facilitates the setting of a password for the user. While SSH key authentication is preferred, setting a password provides an alternative method. Please note that enabling PasswordAuthentication in /etc/ssh/sshd_config is required for this to function, although it's not the recommended practice for security reasons.

5. Readable and Executable Permissions:

   Ownership of the home directory is assigned to the new user. Additionally, permissions for the .ssh directory and .ssh/authorized_keys file are updated to ensure readability and executability.

Now, let's return to the practical steps to verify the successful creation of your new user.

Step Four: Accessing the New User Terminal Via Digital Ocean's Droplet UI

To access the new user, navigate to the access panel on the droplet, and input the username of the newly created user in place of "root". Then, clicking on the 'Launch Droplet' button as before. This time, you'll access the console not as the root user but as the newly created user. Once again, to verify the successful creation of the home directory + .ssh directory for new user, run the following commands in the console:

echo $HOME

This above command checks the user's home directory and outputs it as a text in the format /home/username.

echo $PWD

This command outputs the current path to the directory you’re currently in, which should be /home.

Step Five: Generating SSH keys For New User's Remote Access Of Droplet

Open a terminal on your local machine and run:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Replace "your_email@example.com" with your email address. This command will create an RSA key pair by default (id_rsa for the private key and id_rsa.pub for the public key) in the ~/.ssh/ directory. So make sure to use an appropriate name if you do not want it to default to id_rsa as the key names.

Step Six: Manually Copy Public Key

On your local machine:

cat ssh-key-name.pub

Replace ssh-key-name with the actual name of the SSH you created for the new user. This command will display the content of ssh-key-name.pub in your terminal. Next, copy the contents using Ctrl + C.

Step Seven: Edit The New User's authorized_keys File Using Vim

Return to the droplet's console, ensure you're logged in as the new user. Then use the Vim editor to open the authorized_keys file:

vim ~/.ssh/authorized_keys

After the authorized_keys file is opened, press i to enter insert mode in vim. Next, press Ctrl + V in the terminal to paste the contents you copied from the cat ssh-key-name.pub command on your local machine. This will insert the public key into the file.

Step Eight: Save And Exit Vim For New User

Finally, after pasting the content, press Esc to exit insert mode in vim. Then type :wq and press Enter to save the changes and exit vim.

Step Nine: Check New User's SSH Directory And File Permissions

The .ssh directory should have permissions set to 700 (drwx------) and the authorized_keys file should have permissions set to 600 (-rw-------). Incorrect permissions might prevent SSH from using the keys.

To set appropriate permissions, run the following command:

chmod 700 ~/.ssh 
chmod 600 ~/.ssh/authorized_keys

Step Ten: Logging In Via SSH As New User

Up to this point, we have been remotely accessing the droplet using Digital Ocean's UI, now let's switch to using SSH to access the droplet remotely as the new user.

To log in using SSH with the new user's credentials, execute the following command in your terminal:

ssh username@server_ip

Replace username with the actual username you want to log in with and server_ip with the IP address or domain name of the server you are trying to access. This command assumes that you are using the default id_rsa key and will look for this key on your local machine.

If you're using a specific private key for authentication (not the default id_rsa), you can specify the key explicitly in your SSH command:

ssh -i /path/to/private_key username@server_ip

Replace /path/to/private_key with the actual path to your private key file. After running this command, you'll be prompted to enter the passphrase associated with the SSH key created for the user. Simply paste the passphrase into the terminal when prompted, and upon successful authentication, you should be logged in.

In wrapping up, creating a new user on your Digital Ocean droplet is a fundamental step in fortifying security and managing remote access effectively. By following these steps I've outlined, you will be securing your droplet's defences for remote access while prioritising security.

If you found this article insightful or helpful, please do not forget to show your support! Please like, share, and comment on this article to spread it further. 💜

Recently, I had to host a react application created by my team on CPanel and eventually after scouring the net for hours plus various trials and errors, I finally came upon a solution. This solution is one I'm sure will be very helpful to you if you face this same issue. Without further ado, let us dive in!

Steps

1. Get a flexible CPanel hosting plan.

2. Install nodejs and npm.

3. Create a subdomain to host your react application.

4. Serve the react application via your CPanel's terminal.

5. Create or update the Nginx server block for the subdomain you created so it targets the URL generated on serving the react application.

Get a flexible CPanel hosting plan

As an example, I will make use of Namecheap's hosting service. Of course, you can make use of any hosting service provider that enables you to have a flexible CPanel hosting plan.

1. Get A Virtual Private Server

Honestly, if you are using CPanel, the best hosting you can get that gives you enough flexibility to tweak and change things on your server is the VPS option. The shared hosting option is limiting in so many ways and I won't recommend that. A few dollars extra and you can have a VPS that enables you to work as you want.

Please note that to run this application, YOU MUST get a VPS or a similar CPanel hosting service that gives you root server and terminal access.

Install Nodejs and Npm

To install Node.js and npm using NVM on your CentOS system, follow these steps:

1. Install NVM (Node Version Manager)

To download the nvm install script run the following command:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash

The script will clone the nvm repository from Github to ~/.nvm and add the script Path to your Bash or ZSH profile. The output of the curl command is referenced below:

=> Close and reopen your terminal to start using nvm or run the following to use it now:

export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion

Close and reopen your terminal and verify that nvm was properly installed by running the command:

nvm --version

2. Install Node.js using NVM

Now that the nvm tool is installed we can install the latest available version of Node.js, by typing:

nvm install 16

Verify the Node.js and npm version, by typing:

node -v
npm -v

Serve the react application via your CPanel's terminal

To do this, perform the following steps:

1. Serve the application

Using the terminal application on your server, navigate to the folder(subdomain) containing your react app and run the command:

npm run start

2. Verify that the application is running

Next, you need to verify that the application is running in the desired port, by default react apps are served on port 3000.

netstat -tulpn | grep LISTEN

The output should look this way

To keep the application running, install pm2 for keeping an application alive.

npm i -g pm2

Next, serve the application so it keeps running even after closing the terminal:

pm2 start node_modules/react-scripts/scripts/start.js --name "your-project-name"

Update Nginx

server {
    index index.html index.htm index.nginx-debian.html;

    #set $CPANEL_APACHE_PROXY_PASS $scheme://apache_backend_${scheme}_18x_19x_2i_14b;

    set $CPANEL_APACHE_PROXY_PASS http://0.0.0.0:3000;

    location / {
        proxy_pass $CPANEL_APACHE_PROXY_PASS;
        proxy_buffering off;
        proxy_buffer_size 16k;
        proxy_busy_buffers_size 24k;
        proxy_buffers 64 4k;
     }
 }

Reload Nginx after making the update

Possible Errors You Might Face

1. /usr/bin/env node permission denied
   This error comes up on starting the react application npm run start . To fix it, do the following:

   1. Run the command: npm install -g npm@9.2.0

   2. Run the command to start the application. (The error should be gone)

2. Nginx reverse proxy gives "502 Bad Gateway"
   On my end, I had this error and the solution was to tune proxy_buffer_size this way:

    proxy_buffering off;
    proxy_buffer_size 16k;
    proxy_busy_buffers_size 24k;
    proxy_buffers 64 4k;
   

    sudo tail -n 100 /var/log/nginx/error.log
   

To fix this error, run the following:

export DOCKER_BUILDKIT=0
export COMPOSE_DOCKER_CLI_BUILD=0

docker pull --platform linux/x86_64 mysql

After which you run your previous command that threw the above error in the first place.😃