This guide hopes to tell you how to setup a Digital Ocean Droplet/Domain as a Sub Domain on an AWS domain.
This guide hopes to show you how to setup a Digital Ocean Droplet (server) as a Sub Domain on an existing AWS domain. I am setting up a Digital Ocean Domain as a sub domain (both existing) and using the sub domain (Digital Ocean server) as a self-service status page. I have setup both domains with SSL certificates and strong Content Security Policies and Public Key Pinning.
DO: Obtain the IP addresses for your Digital Ocean Droplet (that will be the sub domain). If you don’t already have a Digital Ocean Droplet click here (and get 2 months free).
This AWS guide was a handy start Creating a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the Parent Domain.
From the AWS Route 53 screen, I clicked Get started now.
From here you can Create a Hosted Zone.
Create a Hosted Zone.
A sub domain can be created on AWS Route 53.
I created a route 53 A Name record and pointed it to a known Digital Ocean droplet IP address.
I created an A Name record on Digital Ocean for the droplet (e.g status.______.com).
I created an IPV6 (AAAA) record on Digital Ocean for the droplet?
I could not ping the server so I added the digital ocean name servers to the route 53 record set out of desperation.
Final Route information on AWS.
Hmm, nothing works as of yet.
https://www.whatsmydns.net is not showing movement yet.
Time to contact AWS for advice.
I tried to post an help post on the AWS forums but apparently, a user who has been paying AWS for 6 months does not have the right to post a new forum thread.
I posted a few help questions on twitter and I’ll try these out tonight.
I created a record set for the parent domain on AWS and A record for the Digital Ocean subdomain with no luck.
This post will be updated soon.
v1.9 added info on let’s encrypt (10:38pm 29th July 2017 AEST)
Donate and make this blog better
Ask a question or recommend an article
This guide will help you buy a new domain and SSL certificate from NameCheap, a self-managed Ubuntu 16.04 Server from Digital Ocean and configuring it with NGINX Web server, SSL etc.
If you have read my other guides on http://www.fearby.com you may tell I like the self-managed Ubuntu servers you can buy from Digital Ocean for as low as $5 a month (click here to get $10 in free credit and start your server in 5 minutes ). Vultr has servers as low as $2.5 a month. Digital Ocean is a great place to start up your own server in the cloud, install some software and deploy some web apps or backend (API/databases/content) for mobile apps or services. If you need more memory, processor cores or hard drive storage simple shutdown your Digital Ocean server, click a few options to increase your server resources and you are good to go (this is called “scaling up“). Don’t forget to cache content to limit usage.
This scalability guide is a work in progress (watch this space). My aim is to get 2000 concurrent users a second serving geo queries (like PokeMon Go) for under $80 a month (1x server and 1x mongoDB cluster). Currently serving 600~1200/sec.
Planning for success
Anyone who has researched application scalability has come across articles on apps that have launched and crashed under load at launch. Even governments can spend tens of millions on developing a scalable solution, plan for years and fail dismally on launch (check out the Australian Census disaster). The Australian government contracted IBM to develop a solution to receive up to 15 million census submissions between the 28th of July to the 5th of September. IBM designed a system and a third party performance test planned up to 400 submissions a second but the maximum submissions received on census night before the system crashed was only o154 submissions a second. Predicting application usage can be hard, in the case of the Australian census the bulk of people logged on to submit census data on the recommended night of the 9th of August 2016.
Sticking to a budget
This guide is not for people with deep pockets wanting to deploy a service to 15 million people but for solo app developers or small non-funded startups on a serious budget. If you want a very reliable scalable solution or service provider you may want to skip this article and check out services by the following vendors.
- Azure (good guides by Troy Hunt: here, here and here).
- Amazon Web Services
- Google Cloud
- NGINX Plus
The above vendors have what seems like an infinite array of products and services that can form part of your solution but beware, the more products you use the more complex it will be and the higher the costs. A popular app can be an expensive app. That’s why I like Digital Ocean as you don’t need a degree to predict and plan you servers average usage and buy extra resource credits if you go over predicted limits. With Digital Ocean you buy a virtual server and you get known Memory, Storage and Data transfer limits.
Let’s go over topics that you will need to consider when designing or building a scalable app on a budget.
Your application needs will ultimately decide the technology and servers you require.
- A simple business app that shares events, products and contacts would require a basic server and MySQL database.
- A turn-based multiplayer app for a few hundred people would require more server resources and endpoints (a NGINX, NODEJS and an optimized MySQL database would be ok).
- A larger augmented reality app for thousands of people would require a mix of databases and servers to separate the workload (a NGINX webserver and NodeJS powered API talking to a MySQL database to handle logins and a single server NoSQL database for the bulk of the shared data).
- An augmented reality app with tens of thousands of users (a NGINX web server, NodeJS powered API talking to a MySQL database to handle logins and NoSQL cluster for the bulk of the shared data).
- A business critical multi-user application with real-time chat – are you sure you are on a budget as this will require a full solution from Azure Firebase or Amazon Web Serers.
A native app, hybrid app or full web app can drastically change how your application works ( learn the difference here ).
Location, location, location.
You want your server and resources to be as close to your customers as possible, this is one rule that cannot be broken. If you need to spend more money to buy a server in a location closer to your customers do it.
I have a Digital Ocean server with 2 cores and 2GB of ram in Singapore that I use to test and develop apps. That one server has MySQL, NGINX, NodeJS , PHP and many scripts running on it in the background. I also have a MongoDB cluster (3 servers) running on AWS in Sydney via MongoDB.com. I looked into CouchDB via Cloudant but needed the Geo JSON features with fair dedicated pricing. I am considering moving a Ubuntu server off Digital Ocean (in Singapore) and onto AWS server (in Sydney). I am using promise based NodeJS calls where possible to prevent non blocking calls to the operating system, database or web.
Here is a benchmark for HTTP and HTTPS request from Rural NSW to Sydney Australia, then Melbourne, then Adelaide the Perth then Singapore to a Node Server on a NGINX Server that does a call back to Sydney Australia to get a GeoQuery from a large database and return to back to the customer via Singapore.
Here is a breakdown of the hops from my desktop in Regional NSW making a network call to my Digital Ocean Server in Singapore (with private parts redacted or masked).
<span class="kd">traceroute to destination-server-redacted.com (###.###.###.##), 64 hops max, 52 byte packets
1 192-168-1-1 (192.168.1.1) 11.034 ms 6.180 ms 2.169 ms
2 xx.xx.xx.xxx.isp.com.au (xx.xx.xx.xxx) 32.396 ms 37.118 ms 33.749 ms
3 xxx-xxx-xxx-xxx (xxx.xxx.xxx.xxx) 40.676 ms 63.648 ms 28.446 ms
4 syd-gls-har-wgw1-be-100 (184.108.40.206) 38.736 ms 38.549 ms 29.584 ms
5 203-219-107-198.static.tpgi.com.au (220.127.116.11) 27.980 ms 38.568 ms 43.879 ms
6 tengige0-3-0-19.chw-edge901.<strong>sydney</strong>.telstra.net (18.104.22.168) 30.304 ms 35.090 ms 43.836 ms
7 bundle-ether13.chw-core10.sydney.telstra.net (22.214.171.124) 29.477 ms 28.705 ms 40.764 ms
8 bundle-ether8.exi-core10.<strong>melbourne</strong>.telstra.net (126.96.36.199) 41.885 ms 50.211 ms 45.917 ms
9 bundle-ether5.way-core4.<strong>adelaide</strong>.telstra.net (188.8.131.52) 66.795 ms 59.570 ms 59.084 ms
10 bundle-ether5.pie-core1.<strong>perth</strong>.telstra.net (184.108.40.206) 90.671 ms 91.315 ms 89.123 ms
11 220.127.116.11 (18.104.22.168) 80.295 ms 82.578 ms 85.224 ms
12 i-0-0-1-0.skdi-core01.bx.telstraglobal.net (<strong>Singapore) </strong>(22.214.171.124) 132.445 ms 129.205 ms 147.320 ms
13 i-0-1-0-0.istt04.bi.telstraglobal.net (126.96.36.199) 156.488 ms
188.8.131.52 (184.108.40.206) 161.982 ms
i-0-0-0-4.istt04.bi.telstraglobal.net (220.127.116.11) 160.952 ms
14 unknown.telstraglobal.net (18.104.22.168) 155.392 ms 152.938 ms 197.915 ms
15 * * *
16 destination-server-redacted.com (xx.xx.xx.xxx) <strong>177.883 ms 158.938 ms 153.433 ms</strong></span>
160ms to send a request to the server. This is on a good day when the Netflix Effect is not killing links across Australia.
Here is the route for a call from the server above to the MongoDB Cluster on an Amazon Web Services in Sydney from the Digital Ocean Server in Singapore.
<span class="kd">traceroute to redactedname-shard-00-00-nvjmn.mongodb.net (##.##.##.##), 30 hops max, 60 byte packets
1 ###.###.###.### (###.###.###.###) 0.475 ms ###.###.###.### (###.###.###.###) 0.494 ms ###.###.###.### (###.###.###.###) 0.405 ms
2 22.214.171.124 (126.96.36.199) 0.367 ms 188.8.131.52 (184.108.40.206) 0.392 ms 0.377 ms
3 unknown.telstraglobal.net (220.127.116.11) 1.460 ms 18.104.22.168 (22.214.171.124) 0.283 ms unknown.telstraglobal.net (126.96.36.199) 1.456 ms
4 i-0-2-0-10.istt-core02.bi.telstraglobal.net (188.8.131.52) 1.338 ms i-0-4-0-0.istt-core02.bi.telstraglobal.net (184.108.40.206) 3.817 ms unknown.telstraglobal.net (220.127.116.11) 1.443 ms
5 i-0-2-0-9.istt-core02.bi.telstraglobal.net (18.104.22.168) 1.270 ms i-0-1-0-0.pthw-core01.bx.telstraglobal.net (22.214.171.124) 50.869 ms i-0-0-0-0.pthw-core01.bx.telstraglobal.net (126.96.36.199) 49.789 ms
6 i-0-1-0-5.sydp-core03.bi.telstraglobal.net (188.8.131.52) 107.395 ms 108.350 ms 105.924 ms
7 i-0-1-0-5.sydp-core03.bi.telstraglobal.net (184.108.40.206) 105.911 ms 21459.tauc01.cu.telstraglobal.net (220.127.116.11) 108.258 ms 107.337 ms
8 21459.tauc01.cu.telstraglobal.net (18.104.22.168) 107.330 ms unknown.telstraglobal.net (22.214.171.124) 101.459 ms 102.337 ms
9 * unknown.telstraglobal.net (126.96.36.199) 102.324 ms 102.314 ms
10 * * *
11 188.8.131.52 (184.108.40.206) 103.016 ms 103.892 ms 105.157 ms
12 * * 220.127.116.11 (18.104.22.168) 103.843 ms
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *</span>
It appears Telstra Global or AWS block the tracking of network path closer to the destination so I will ping to see how long the trip takes
<span class="kd">bytes from ec2-##-##-##-##.ap-southeast-2.compute.amazonaws.com (##.##.##.##): icmp_seq=1 ttl=50 <strong>time=103 ms</strong></span>
It is obvious the longest part of the response to the client is not the GeoQuery on the MongoDB cluster or processing in NodeJS but the travel time for the packet and securing the packet.
My server locations are not optimal, I cannot move the AWS MongoDB to Singapore because MongoDB doesn’t have servers in Singapore and Digital Ocean don’t have servers in Sydney. I should move my services on Digital Ocean to Sydney but for now, let’s see how far this Digital Ocean Server in Singapore and MongoDB cluster in Sydney can go. I wish I knew about Vultr as they are like Digital Ocean but have a location in Sydney.
Secure (SSL) communication is now mandatory for Apple and Android apps talking over the internet so we can’t eliminate that to speed up the connection but we can move the server. I am using more modern SSL ciphers in my SSL certificate so they may slow down the process also. Here is a speed test of my servers ciphers. If you use stronger security so I expect a small CPU hit.
fyi: I have a few guides on adding a commercial SSL certificate to a Digital Ocean VM and Updating OpenSSL on a Digital Ocean VM. Guide on configuring NGINX SSL and SSL. Limiting ssh connection rates to prevent brute force attacks.
Server Limitations and Benchmarking
If you are running your website on a shared server (e.g CPanel domain) you may encounter resource limit warnings as web hosts and some providers want to charge you more for moderate to heavy use.
<span class="kd">Resource Limit Is Reached 508
The website is temporarily unable to service your request as it exceeded resource limit. Please try again later.
I have never received a resource limit reached warning with Digital Ocean.
Most hosts (AWS/Digital Ocean/Azure etc) all have limitations on your server and when you exceed a magical limit they restrict your server or start charging excess fees (they are not running a charity). AWS and Azure have different terminology for CPU credits and you really need to predict your applications CPU usage to factor in the scalability and monthly costs. Servers and databases generally have a limited IOPS (Input/Output operations a second) and lower tier plans offer lower IOPS. MongoDB Atlas lower tiers have < 120 IOPS a second, middle tiers have 240~2400 IOPS and higher tiers have 3,000,20,000 IOPS
Know your bottlenecks
The siege HTTP stress testing tool is good, the below command will throw 400 local HTTP connections to your website.
siege -t1m -c400 'http://your.server.com/page'
The results seem a bit low: 47.3 trans/sec. No failed transactions though
** SIEGE 3.0.5
** Preparing 400 concurrent users for battle.
The server is now under siege...
Lifting the server siege.. done.
Transactions: 2803 hits
Availability: 100.00 %
Elapsed time: 59.26 secs
Data transferred: 79.71 MB
Response time: 7.87 secs
Transaction rate: 47.30 trans/sec
Throughput: 1.35 MB/sec
Successful transactions: 2803
Failed transactions: 0
Longest transaction: 8.56
Shortest transaction: 2.37
Sites like http://loader.io/ allow you to hit your web server or web page with many hits a second from outside of your server. Below I threw 50 concurrent users at a node API endpoint that was hitting a geo query on my MongoDB cluster.
The server can easily handle 50 concurrent users a second. Latency is an issue though.
I can see the two secondary MongoDB servers being queried 🙂
Node has decided to only use one CPU under this light load.
I tried 100 concurrent users over 30 seconds. CPU activity was about 40% of one core.
I tried again with a 100-200 concurrent user limit (passed). CPU activity was about 50% using two cores.
I tried again with a 200-400 concurrent user limit over 1 minute (passed). CPU activity was about 80% using two cores.
It is nice to know my promised based NodeJS code can handle 400 concurrent users requesting a large dataset from GeoJSON without timeouts. The result is about the same as siege (47.6 trans/sec) The issue now is the delay in the data getting back to the user.
I checked the MongoDB cluster and I was only reaching 0.17 IOPS (maximum 100) and 16% CPU usage so the database cluster is not the bottleneck here.
Out of curiosity, I ran a 400 connection benchmark to the node server over HTTP instead of HTTPS and the results were near identical (400 concurrent connections with 8000ms delay).
I really need to move my servers closer together to avoid the delays in responding. 47.6 served geo queries (4,112,640 a day) a second with a large payload is ok but it it not good enough for my application yet.
I may limit access to my API based on geo lookups ( http://ipinfo.io is a good site that allows you to programmatically limit access to your app services) and auth tokens but this will slow down uncached requests.
I can always add more cores or memory to my server in minutes but that requires a shutdown. 400 concurrent users does max my CPU and raise the memory to above 80% so adding more cores and memory would be beneficial.
Digital Ocean does allow me to permanently or temporarily raise the resources of the virtual machine. To obtain 2 more cores (4) and 4x the memory (8GB) I would need to jump to the $80/month plan and adjust the NGINX and Node configuration to use the more cores/ram.
If my app is profitable I can certainly reinvest.
With MongoDB clusters I can easily clone ( shard ) a cluster and gain extra throughput if I need it, but with 0.17% of my existing cluster being utilised I should focus on moving servers closer together.
NGINX do have commercial level products that handle scalability but this costs thousands. I could scale out manually by setting up a Node Proxies to point to multiple servers that receive parent calls. This may be more beneficial as Digital Ocean servers start at $5 a month but this would add a whole lot of complexity.
- Nginx Caching
- OpCache if you are using PHP.
- Node-cache – In memory caching.
- Redis – In memory caching.
Monitoring your server and resources is essential in detecting memory leaks and spikes in activity. HTOP is a great monitoring tool from the command line in Linux.
http://pm2.keymetrics.io/ is a good node package monitoring app but it does go a bit crazy with processes on your box.
It is a good idea to inform users of server status and issues with delayed queries and when things go down inform people early.
UPDATE: 17th August 2016
I set up an Amazon Web Services ECS server ( read AWS setup guide here ) with only 1 CPU and 1GB ram and have easily achieved 700 concurrent connections. That’s 41,869 geo queries served a minute.
The MongoDB Cluster CPU was 25% usage with 200 query opcounters on each secondary server.
I think I will optimize the AWS OS ‘swappiness’ and performance stats and aim for 2000 queries.
This is how many hits I can get with the CPU remaining under 95% (794 geo serves a second). AMAZING.
Another recent benchmark:
UPDATE: 3rd Jan 2017
I decided to ditch the cluster of three AWS servers running MongoDB and instead setup a single MongoDB instance on an Amazon t2.medium server (2 CPU/4GB ram) server for about $50 a month. I can always upgrade to the AWS MongoDB cluster later if I need it.
Ok, I just threw 2000 concurrent users at the new AWS single server MongoDB server and the server was able to handle the delivery (no dropped connections but the average response time was 4,027 ms, this is not ideal but this is 2000 users a second (and that is after API handles the ip (banned list), user account validity, last 5 min query limit check (from MySQL), payload validation on every field and then MongoDB geo query).
The two cores on the server were hitting about 95% usage. The benchmark here is the same dataset as above but the API has a whole series of payload, user limiting, and logging
Benchmarking with 1000 maintained users a second the average response time is a much lower 1,022 ms. Honestly, if I have 1000-2000 users queries a second I would upgrade the server or add in a series of lower spec AWS t2.miro servers and create my own cluster.
Cheap may not be good (hosting or DIY), do check your website often in https://www.shodan.io and see if it has open software or is known to hackers.
If this guide has helped please consider donating a few dollars.
Donate and make this blog better
Ask a question or recommend an article
These pages are under construction (80% complete, issues combining the certificates near the end).
Ok, lets get into it.
1. How to buy a new website domain from namecheap.com
1.2 Search for your domain (don’t forget to click show more to see other domain extension types).
1.3 Select the domain you want.
1.4 I am going to opt into a free year of Free WhoisGuard – (WhoisGuard is a service that allows customers to keep their domain contact details hidden from spammers, marketing firms and online fraudsters. When purchased, the WhoisGuard subscription is permanently assigned to a domain and stays attached to it as long as the fee is paid).
1.5 I will also opt-in into the discounted PositiveSSL for $2.74 (bargain) (fyi: name cheap ssl types).
1.6 Check the name cheap coupons page and apply this months coupon for 10% off.
1.7 Confirmed the order for $11.05 USD.
1.8 Congratulations you have just ordered a domain and SSL certificate.
2. Create a http://www.c9.io account
This will give you a nice UI to manager your unmanaged server.
2.1 Upgrade from the free account to the “Micro $9.00 / monthly” at https://c9.io/account/billing (this will allow you to use the c9.io IDE to connect to as many ubuntu VM’s as you wish).
3. Buy the hosting (droplet) from digital ocean
3.1 Goto https://wwww.digitalocean.com and create and account and login.
Note: If you are adding an additional server (droplet) to an digital ocean account and you want the droplets to talk to each other make sure your existing servers have a private network setup.
3.2 Click Create Droplet
3.3 Enter a server name: e.g “yourdomainserver”
3.4 Select a Server Size (this can be upgraded later), Digital Ocean recommend a server with at least 30GB for a WordPress install (but you can upgrade later).
3.5 Select an Image (you can stick with a plain ubuntu image) but it may save you time to install an image with the LAMP stack already on it.
LAMP stack is a popular open source web platform commonly used to run dynamic web sites and servers. It includes Linux, Apache, MySQL, and PHP/Python/Perl and is considered by many the platform of choice for development of high performance web applications which require a solid and reliable foundation. I will select LAMP.
3.6 Tick “private networking” if you think you may add more servers later (growing business)?
3.7 Paste in your SSH key from your c9.io account at https://c9.io/account/ssh (this is important, don’t skip this).
3.8 Click Create Droplet
3.9 Congratulations you have just created an Ubuntu VM in the cloud.
3.10 If you type your droplets IP into a web browser it should load your pages from your web server.
3.11 You can view your ubuntu droplet details in the digital ocean portal. You may need to reboot the server, make snapshots (backups) of reset passwords here.
3.12 You will need to change your droplets root password that was emailed to you from digital ocean. You can change your password by using the VNC window in the digital ocean portal https://cloud.digitalocean.com/droplets/ -> Access -> Console Access). If you had no luck changing you password with the VNC method you may use your Mac terminal and type: ssh email@example.com (where xx is your droplets IP) – then type yes, enter your password from the digital ocean email and change the password to a new/strong password (and write it down).
3.13 Now we will need to install the distro stable nodejs (for c9.io IDE) into the droplet by typing “sudo apt-get update” then “sudo apt-get install nodejs“.
4. Now we can link the digital ocean ubuntu server to the http://www.c9.io IDE.
4.1 Login to your c9.io account.
4.2 Click Create a new wordspace.
4.3 Enter a Workspace name and description.
4.4 Click Remote SSH Workspace
4.5 Enter “root” as the username
4.6 Type in your new servers IP (obtained from viewing your droplet at digital ocean https://cloud.digitalocean.com/droplets ).
4.6 Set the initial path as: ./
4.7 Set the NodeJS path as: /user/bin/nodejs
4.7 Ensure your SSH key is the same one you entered ito the droplet.
4.8 Click Create Workspace.
Troubleshooting: If you workspace cannot login you may need to SSH back into your droplet (via Digital ocean VNC or telnet SSH and paste your c9.io SSH key into the ~/authorized_keys file and save it). I used the command “sudo nano ~/.ssh/authorized_keys”, pasted in my c9.io SSH key then pressed CTRL+0 then ENTER then CRRL+X
4.9 If all goes well you will see c9.io now has a workspace shortcut for you to launch your website.
4.10 You will be able to connect to your droplet from c9.io and edit files or upload files (without the hassle of using SFTP and CPanel).
5. No we will link the domain name to the IP based droplet.
5.1 Login to your name cheap account.
5.2 Click “Account” then “Domain List” then “Manage” (next to the new domain) then click “Advanced DNS”
5.3 Click “Edit” next to “Domain Nameserver Type” then choose “Custom“.
5.4 Add the following three name servers “http://ns1.digitalocean.com“, “http://ns2.digitalocean.com” and “http://ns3.digitalocean.com” and click “Save Changes“.
5.5 Login to https://cloud.digitalocean.com/domains and select your droplet and type your domain name (e.g “yourdomain.com”) into the domain box and select your droplet
5.6 Configure the following DNS A Name records “@”-“XXX.XXX.XXX.XXX” where XXX is our server name and CName Records “www”-“www.yourdomain.com.” and “*”-“www.yourdomain.com.”
It can take from 24-48 hours for DNS to replicate around the world so I would suggest you goto bed at this stage: You can use https://www.whatsmydns.net/#A/yourdomain.com
5.7 But if you are impatient check out the DNS replication around the world using this link: https://www.whatsmydns.net
fyi: The full name cheap DNS guide is here.
fyi: The Digital Ocean DNS guide is located here
6. Login to the Namecheap server
6.1 Open your c9.io workspace to your domain
6.2 Click the Windows then New Terminal menu
6.3 Type: cd ~/.ssh/
6.4 openssl req -newkey rsa:2048 -nodes -keyout weatherpanorama_link.key -out weather_panorama_link.csr
6.2 Type the following to generate CSR files (my server is “weatherpanorama.link”, replace this with your server name ).
root@weatherpanoramalink:~# cd ~/.ssh
root@weatherpanoramalink:~/.ssh# <strong>openssl req -newkey rsa:2048 -nodes -keyout weatherpanorama_link.key -out weather_panorama_link.csr</strong>
Generating a 2048 bit RSA private key
writing new private key to 'weatherpanorama_link.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Some-State]:New South Wales
Locality Name (eg, city) :Tamworth
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Fearby.com
Organizational Unit Name (eg, section) :Developer
Common Name (e.g. server FQDN or YOUR name) :weatherpanorama.link
Email Address :firstname.lastname@example.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :****************
string is too long, it needs to be less than 20 bytes long
A challenge password :***************
An optional company name :Simon Fearby
root@weatherpanoramalink:~/.ssh# ls -al
drwx------ 2 root root 4096 Oct 17 10:20 .
drwx------ 7 root root 4096 Oct 17 10:17 ..
-rw------- 1 root root 399 Oct 17 08:06 authorized_keys
-rw-r--r-- 1 root root 1175 Oct 17 10:20 weather_panorama_link.csr
-rw-r--r-- 1 root root 1704 Oct 17 10:20 weatherpanorama_link.key
6.3 Using the folder structure in c9.io browser to /root/.ssh/ and open the text file “weather_panorama_link.csr” and copy the file contents.
6.4 In a seperate windows goto https://ap.www.namecheap.com/ProductList/SslCertificates paste in the “” file contents and click Submit
6.5 Verify your details and click next
6.6 Next you will need to verify your domain by downloading and uploading a file to your server. Under “DCV Method” select “HTTP” and follow the prompts at name cheap to download the file.
6.7 Complete the Form (company contacts and click next).
6.8 Go to Certificate Details page to download the validation file. Or you can wait for the email with zip file attached.
fyi: the support forums for this certificate are https://support.comodo.com (but the site is rubbish, most pages load empty (e.g this one)).
6.9 Under “DCV Methods in Use” click ‘Edit Methods” then “Download File”
6.10 Using the c9.io interface upload the file to the /var/www/html folder (drag and drop)
6.11 Wait 1/2 hour and then go back to your name cheap dashboard and see if the certificate has been verified (it may take longer than that).
6.12 After a while a certificate will be issued, Unser See Details click Download Certificate.
6.13 Upload the certificate files (“weatherpanorama_link.ca-bundle”,”weatherpanorama_link.crt” and “weatherpanorama_link.p7b” ) files using the c9.io IDE to /root/.ssh/
6.14 Add this “ServerName localhost” to “/etcapache2/apache2.conf”.
6.16 In a c9.io terminal run this command “sudo nano /etc/hosts” and add this line “127.0.0.1 weatherpanorama.link”
16.17 Run this command in a c9.io terminal ‘sudo a2enmod ssl”
THIS PART NEEDS FINISHING SOON.
fyi: Comodo support forums: https://support.comodo.com/index.php?/Default/Knowledgebase/List/Index/1
fyi: Comodo apache certificate installation instructions: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/637/37/certificate-installation-apache–mod_ssl
Don’t forget to cache content to optimise your Web server
Having a server introduces risks, do check your website often in https://www.shodan.io and see if it has open software or is known to hackers.
todo: SSL https://www.namecheap.com/support/knowledgebase/article.aspx/794/67/how-to-activate-ssl-certificate
Easily deploy an SSD cloud server on @DigitalOcean in 55 seconds. Sign up using my link and receive $10 in credit: https://wwww.digitalocean.com
Donate and make this blog better
Ask a question or recommend an article
The quickest way to setup a scalable development ide and web server
fyi: Consider reading this first (newer blog post): How to buy a new domain and SSL cert from NameCheap, a Server from Digital Ocean and configure it.
Why do I need a free Development IDE/VM
- You already have heaps of sub domains/sites/blogs on one CPanel domain and you don’t want to slow down your server anymore.
- You need a new collaboration web server setup in minutes.
- You want a server where you have full control to install the latest widgets (NGNIX, NodeJS etc).
- You want a single interface where you can deploy, develop and test online.
- You want to save money
- You want to access and edit your sites from anywhere.
Now there is no need to spend valuable development time on setting up hardware/software platform. You can create, build and run almost any development stack in minutes. Cloud9 maintain the server and you have full control it.
Signing up for a C9 account.
Cloud 9 offer a number of hosting plans (one free) with a range of hardware resources for when you want to scale up. The free tier is great if you want to keep your development environment closed. Use this link and get $19 free credit https://c9.io/c/DLtakOtNcba
Before you connect to your digital ocean VM connect to the server via the console in the digital ocdan admin pane (you may need to reset your root password) and then install NodeJS (Required by c9.io IDE).
- curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash –
- sudo apt-get install -y nodejs
- node -v
Now you will have node v6.3.0
Create a development Workspace.
Once you create a Cloud 9 account you can create a VM workspace. You can choose some common software packages to installed by default. Don’t worry you can install anything you want later from the command line in the VM.
How simple is that, a new development environment in minutes.
You can edit new code, play with WordPress or NodeJS all from the one Cloud9 IDE. The Cloud 9 IDE allows you to open a “bash terminal” tab, folder list, web browser, code window and debug tools (all from the web).
Code on the left, WordPress on the right, terminal on the bottom 🙂
You can Install what you want
Because you have access to the Linux bash terminal you can for example type the following to install an NGNIX web server.
- sudo apt-get update
- sudo apt-get install nginx
- sudo service nginx start
Full Bash Terminal
As usual installing stuff in Linux requires loads of googling and editing config files so beware.
What are the downsides of a c9.io Ubuntu server?
Your development environment (public of private) is mostly off limits to the outside world unless you invite people in who have a Cloud 9 account. This is great if you want to develop a customers website off the grid and keep is secure or share the development with other developers. Cloud 9 don’t really have a “goto production plan” so you will need to find a host to deploy to when you are ready.
Luckily this is where http://www.digitalocean.com comes in, Digital Ocean allow you to create a real/public VM (just like Cloud 9) and best of all you can connect it to the Cloud 9 IDE..
The only downside is you will need to move on from the free Cloud 9 account and pay $9 a month to allow you to connect securely (via SSH) to your new (Real) Digital Ocean VM. On the up side the $19 month plan gives you twice the ram (1GB) and 10x the storage (10GB) and you can have 2 premium (private accounts).
Signing up for a Digital OceanAccount
The cheapest Digital Ocean Hosting plan is $5 a month. If you want $10 free credit at Digital Ocean (two months free) please use this link: https://www.digitalocean.com/?refcode=99a5082b6de5
Granting SSH Access (before you create a server (droplet))
Tip: Add your Cloud 9 SSH key to your account before creating a droplet (VM). I added my SSH key when the VM/Droplet was create and I could not connect to it from Cloud 9. I then deleted the droplet, added the SSH key to my Digital Ocean account here then created the Droplet (VM) and all was ok. You can find your SSH key on the front page of your cloud 9 desktop.
This is the magic option, if you skip this you will be emailed a password to your VM and you will be on your own connecting to it with a secure terminal window. If you add your Cloud 9 SSH key ( found in your Cloud 9 IDE https://cloud.digitalocean.com/settings/security ) you can connect to and control your new Digital Ocean VM from the Cloud 9 UI.
Now you can create a server (droplet)
A digital ocean server can be setup in minutes. If you only use it for 2 weeks you will only be charged for 2 weeks. If you use my link your first 2 months are free (if you select a $5 server).
Your server should be created in well under 5 minutes. Write down your VM’s IP.
Connecting your C9 account to Digital Ocean Droplet
Now go back to Cloud 9 and login. Go here ( https://c9.io/account/ssh ) and add your SSH key from Digital Ocean.
Cloud 9 guide on setting up SSH on your server: https://docs.c9.io/docs/running-your-own-ssh-workspace
fyi: Here is a more recent post of how to connect Cloud 9 with AWS.
Create a new workspace with these settings (but use your IP from digital ocean) to connect to your new Digital Ocean VM.
Now you can develop like a pro. Cloud 9 will allow you to login to your development environment from anywhere and resume where you left off.
Traps and Tips
- Consider buying this course: https://www.udemy.com/all-about-nodejs/?dtcode=9TQkocT33Eck
- Get your VM/Droplets right (if they don’t work as expected delete them and start again).
- Know how to safely shutdown a Linux VM.
- If you receive the error “Could not execute node.js on email@example.com bash: /usr/bin/nodejs:” in C9 when connecting to the server try installing node via the digital oceans manual console window.
Connecting your new Cloud IP to a CPanel sub domain
If you have CPanel domain elsewhere you can link your new Digital Ocean Cloud VM IP to a new sub domain.
- Login to your CPanel domain UI.
- Click Simple DNS Zone Editor
- Type the sub domain name (swap my domain.com to your domain).
- Enter the IP for your Digital Ocean domain (you get this from the Digital Ocean account page).
- Click Add a record.
- Now when someone types http://newcloud.mydomain.com they get redirected to your new cloud domain but the URL stays the same (how professional is that).
- You can add multiple A name records pointing to the same IP.
$19 a month gives me a kick arse www.c9.io development environment and a few VMs.
$5 a month gives me my own real VM that I can scale up.
You can easily deploy an SSD cloud server in 55 seconds for $5 a month. Sign up using my link and receive $10 in credit: https://www.digitalocean.com/?refcode=99a5082b6de5
After a few weeks, do check your website with https://www.shodan.io and see if it has open software or is known to hackers.
Donate and make this blog better
Ask a question or recommend an article