CF Swarm: End-to-End Coldfusion Pipeline with Cont
  • Preface: Who Is This Guide For?
  • About the Author & License
  • Part 1: What Containers Mean To Web Applications (and You)
  • Part 2: Before You Begin
  • Part 3: Docker in Development
    • Installing Docker: Initial Setup
    • Running Docker: Clone a Working Development Stack
    • docker-compose.yml: A Closer Look
    • nginx.conf: Reverse Proxy to a CF Engine
  • Part 4: Building Images and Container Registries
    • Our First Image: A Sample Build Environment
  • Part 5: Choosing a Cloud Infrastructure Provider
  • Part 6: The Production Network Layout (How Many Instances and What Kind)
    • Your First Instance: Provisioning
    • Your First Instance: Basic Configuration & Security
    • Your First Instance: (Optional) Provider-Level Firewall
    • Your First Instance: Taking A Snapshot
  • Part 7: Production Setup (Outside the Swarm)
    • Pipeline Setup: Instance Prep
    • Pipeline Setup: VPN Server
    • Pipeline Setup: Source Control & Container Registry
    • Pipeline Setup: Database Prep
      • Pipeline Setup: MySQL
    • Pipeline Setup: Microsoft SQL Server
    • Pipeline Setup: Provider Firewall
  • Part 8: Production Setup (The Swarm)
    • Container Strategy
  • Credits & Acknowledgments
Powered by GitBook
On this page
  • Initial Setup Tasks
  • Next Steps: Provider Firewall & Snapshot
  1. Part 6: The Production Network Layout (How Many Instances and What Kind)

Your First Instance: Basic Configuration & Security

PreviousYour First Instance: ProvisioningNextYour First Instance: (Optional) Provider-Level Firewall

Last updated 7 years ago

Time Required: 5-15 Minutes, depending on familiarity with Linux server setup

Whether you're setting up your database server, a Docker server, or most anything else, the initial setup is the same -- enough so that we'll create a snapshot once we're done and use that as our starting point for future droplets.

  • Login as Root; add a new user for yourself and configure Root privileges

  • Update your Ubuntu Installation

  • Add Public Key authentication

  • (Optional) Disable password logins

  • Basic Firewall Configuration

Aside: Provider-Specific Setup Guides

When you first provision an instance, DigitalOcean will email you a link to one or more basic setup guides for the OS you selected. Many providers have similar guides, but even if yours doesn't, the only tasks specific to your provider will be the interaction between the provider-level services (such as firewalls, DNS control, and load balancers) and your instance; and these are specific only inasmuch as every provider's control panels interfaces and APIs for these services differ from one another.

There aren't any short-cuts here; you don't need to be a Linux guru, but you need to be comfortable with basic administration tasks like mounting and unmounting, package management, and networking. If you aren't there yet, spend time with these guides until you are.

Initial Setup Tasks

Follow the link in your welcome email to the initial setup guide, but as of October 2018 it is here:

It's a short guide; don't skip any steps.

Aside: SSH Key Authentication

Make sure to add user accounts and their respective SSH keys for anyone who needs to access all of your instances. Users that only need to access some of your instances can be added explicitly to those instances later.

For more information or assistance with configuring SSH key-based authentication, see the

(Optional) Update Your OS / Ubuntu Packages

Since we're building a template that we're going to re-use, it's a good idea to keep your OS packages current:

sudo apt-get update        # Fetches the list of available updates
sudo apt-get upgrade       # Strictly upgrades the current packages

Next Steps: Provider Firewall & Snapshot

After completing the Initial Setup Guide, you'll have a cloud instance on the public Internet that is accessible only via SSH -- but it is accessible to everyone via SSH, so let's take the opportunity to deploy DigitalOcean's provider-level firewall and limit SSH connections -- either just to our current computer or perhaps to our work subnet. You can remove or alter these rules later; a VPN is safest, but we haven't installed a VPN client on our instance so we'll use our current public IP address for our test run.

Aside: UFW -- Your Instance-Level Software Firewall vs. Provider-level rules

If you followed the initial setup guide, then the Uncomplicated Firewall (UFW) is enabled on your template instance. We recommend doing so, but most of our Firewall rules in this guide will be configured on the provider-level rather than the instance-level for ease of replication and application management. Once we've done so, UFW is redundant, but that's the point; even though it's not our primary mechanism of refereeing who can access which services on our instances, we'll keep it as a backup.

If you'd like to make better use of UFW (either in addition to or instead of provider-level rules), DigitalOcean has a good, basic tutorial for

DigitalOcean Ubuntu 18.04 Initial Server Setup
DigitalOcean tutorial on Linux SSH Configuration.
UFW Essentials: Common Firewall Rules and Commands.