This is the short description of my setup of Debian 11 droplet on DigitalOcean. Live social media thread on my adventures with it can be found here.
My choice of Debian was dictated by this video.
The goal: working ntfy (for sending notifications to my phone when my automation scripts mess up or whatever) and FreshRSS (for creating, filtering, and merging rss feeds, with resulting custom rss feeds I can then subscribe to in Inoreader), some Python automation scripts.
Getting a domain
Just get one on Porkbun - .cyou is cheap nowadays. After creating the droplet on DigitalOcean, check its IP adress. Then go to Porkbun's DNS settings for your new domain, delete default records, and then create a bunch of new A records for the main domain and any subdomains you want. You can use a wildcard there to have all possible subdomains point to your server's IP as well. You could also set a CNAME record that points www.mydomain.com to mydomain.com to have it redirect one to the other automatically. After you are done, you might have to wait a bit for the changes to "catch on".
You want a subdomain for every service you'll be installing that requires one (that would be ntfy and FreshRSS for me).
Initial server setup
Initial Server Setup with Debian 11 - creation of admin user with sudo privileges (so you can avoid doing sutff as root since it's potentially dangerous), simple firewall setup with ufw, making sure you can ssh your way in as the admin user.
Assumes starting out as root user, hence no sudo before commands, and connection through ssh (aka, you picked ssh during droplet creation and already put in a public key you had set up on your personal computer).
apt install ufw
ufw allow OpenSSH
Remember to allow OpenSSH before activating the firewall, otherwise you'll lock yourself out. More info on the firewall is here.
➜ Creating Admin user
usermod -aG sudo admin
➜ SSH access for Admin user
cp -r ~/.ssh /home/admin
chown -R admin:admin /home/admin/.ssh
From this moment onward it's assumed you ssh your way in as the Admin user and don't do anything as root anymore.
How To Set Up vsftpd for a User’s Directory on Debian 10 - so you'll be able to use ftp and connect through FileZilla to easily move files between the server and personal computer. It's a guide for Debian 10, but worked fine for 11 as well.
sudo apt update
sudo apt install vsftpd
➜ Backup original configuration file
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
➜ Open necessary ports
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp
➜ Prepare ftp directory
sudo mkdir /home/admin/ftp
sudo chown nobody:nogroup /home/admin/ftp
sudo chmod a-w /home/admin/ftp
sudo mkdir /home/sammy/ftp/files
sudo chown admin:admin /home/admin/ftp/files
➜ Set up ssl certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
When prompted, input your server's IP as Common Name, you can put in a single dot for the rest of the fields (meaning they'll be empty). The certificate is good for a year.
➜ Edit config
Open the config file like so:
sudo nano /etc/vsftpd.conf
Make sure the file has following setting in it:
➜ Allow Admin user to use ftp
echo "admin" | sudo tee -a /etc/vsftpd.userlist
➜ Restart ftp service
sudo systemctl restart vsftpd
You should be able to connect to your ftp server through FileZilla now under following settings:
Host: domain name or IP address.
Encryption: "Require explicit FTP over TLS".
Logon Type: "Ask for password".
sudo apt install screenfetch
The command to see your system profile:
It's a web server! We'll need it for stuff later.
Ntfy with a reverse proxy
As to what the fuck even is a reverse proxy, please refer to this video.