Tag Archives: server

Setting up a Digital Ocean remotely hosted WordPress blog

Mike Haubrich and I are developing a science oriented podcasting effort. It will be called “Ikonokast” (all the good names, like “The New York Times” and “Apple” were taken). We decided to enhance the podcast with a WordPress based blog site, perhaps with each page representing one podcast, and containing backup and supplementary information.

Here is the site, set up and running.

After considering our options, we decided to try using a Digital Ocean “Droplet” to host a WordPress blog. Here, I want to tell you how that went, and give a few pointers. This might be a good idea for some of you. And, I’ll explain what the heck Digital Ocean is in case you don’t know.

What is Digital Ocean?

Digital Ocean is one of the many available hosting sites, but different. You’ve heard of hosting sites such as the infamous [name of comosmy deleted because having the name od that company in a blog post draws spam to the blog ](the “Hooters” of hosting sites), where you pay them to provide a server you access remotely, then using tools like cPanel (cringe) you install WordPress blogs or other stuff. Digital Ocean is different because, among other things, it does not set you up with cPanel (though you can install it). Also, Digital Ocean is not really designed to use as a full on hosting application for ALL of your needs, but rather, to set up a smaller but highly capable host for a specific need. This is great for developers who are always working on entirely separate projects. So, for example, a developer might create a “droplet” (a Digital Ocean server) and install stuff, setting up a specific application like a web site or content management system or whatever, and then hand that entire project over to the client who thereafter owns it. There are numerous other differences, including pricing, that I’ll cover below. Some of these differences made us chose Digital Ocean, others are not important to us (and still others are beyond our understanding because we are not hackers or professional IT experts).

The developer oriented philosophy is not of much relevance to the average non-developer, but it is likely very compatible with the user who wants to set up a web site or similar application for their own use. For us, setting up a simple WordPress blog, it seemed to be a good option. We could have gone the free route by getting a WordPress.com or similar free site, but by having our own fully functional Linux server, we could would not be limited by any of the technology that those sites use, allowing us to use the server for other purposes should such a need arise, and allowing us to configure the installation any way we want. For example, if you set up a typical host with a WordPress install, or use a general free blogging platform of some kind, there may be a limitation on the size of the file you can upload. You can probably get your host to change that for you (it is a PHP value, a single line of code in the PHP configuration file, usually). But that involves interacting with the host’s help people. Also, there may be configuration changes you want but that they won’t do. A Digital Ocean droplet can be regarded as a computer you own (but is not in your house) and that you can do whatever you want with, as long as it can be done with any Linux computer with those specifications. So, for this case, you would just log on and change the maximum file upload setting in the PHP configuration file.

Another use of something like Digital Ocean (again, this can be done with any host, but it may be easier with Digital Ocean) is to set up your own cloud server, using something like Own Cloud. (See below for more uses.)

Another feature of Digital Ocean is that the servers appear to be fast and efficient. As a user, you have a server with an SSD drive, for example.

Even though you can access your Digital Ocean droplet (your server) via the command line using SSH, Digital Ocean also provides an interface that helps automate or make simpler many of the tasks you would normally do. In addition to this, for the more tech savvy, Digital Ocean has an API that allows you to set up a way to interface with and control the server that matches your own needs. This feature is way above my pay grade, so I can’t really comment on it, but it is there.

Why we decided to try Digital Ocean

Now, here is the part of Digital Ocean that makes it most interesting and potentially useful for the average user who wants to play around with serious technology but is not a hacker. Like Mike and me. This is the set of different distributions and applications that can be “automatically” installed and set up with a “one click” system. I want to say right away that there is nothing “one click” about this, as far as I can tell. Nothing takes one click. I have no idea why Digital Ocean uses that term. To me, “one click” means you click once, then you are done. Having said that, the various options are highly simplified approaches to doing some stuff that is fairly complicated if done from scratch.

Apparently unique to Digital Ocean is that you can choose among a range of Linux distributions. This means you are likely to find a distribution you are comfortable with. Other hosts have a distribution they use, and that is the one you get. Digital Ocean has Ubuntu, CentOS, Debian, Fedora, CoreOS, and FreeBSD. When you set up a simple droplet, you pick one of these distros, and that’s it. (I’ve not done that, so I don’t know if that is truly one click. Could be.) What you get, of course, is a server version of that distro. If you want a graphical user interface, that is a different thing (see below).

In addition to being able to chose among these distros, you can “one click install” a number of major applications. Most of those listed on the Digital Ocean site are Things Unknown To Me, but I do recognize some of them. Joomla, MediaWiki, Docker, Drupal, LAMP, ownCloud, etc. are available.

And, of course, WordPress.

When setting up one of these applications, you start (I think in all cases, but I’m not sure) with no droplet. The droplet and the underlying distribution are created at the same time the application is installed. Also, the “one click” installs of these applications seem to be associated with a specific underlying distro. To mix and match distros and apps, you would install the distro, then manually install the app. The One Click WordPress install is on Ubuntu.

How much does Digital Ocean cost and how big and fast is it?

Pricing is, as far as I can tell, one of the major differences between Digital Ocean and other servers.

When you choose a distribution or an application, you then choose a droplet it will go on. This is where pricing and power come in. The smallest droplet costs $5 a month or $0.007 and hour. If you calculate that out, the per hour cost is just over the monthly cost during 31 day months, but the cost is capped at that monthly cost. More importantly, it is pro-rated at that hourly rate. So, as long as the droplet exists, you are being billed for it, but not when it does not exist.

As far as I can tell, and they are pretty straightforward in their description of pricing, so I think I have this right, if you create a droplet, run it for several hours, and then destroy it, you are charged only for those hours. By the way, you are charged while your droplet exists but is powered off, because the resources are sitting there reserved for you. But if you create a droplet to try something out, then destroy it, that limits the charge. So creating a droplet, installing stuff, trying it out, yada yada, if that is all done over a couple of hours, you might be billed something like 20 cents. If you have no droplets but have an account, nothing is being charged to that account.

Having said that, the five dollar a month droplet is usually not going to do what you need (though I have thought of a few uses for such a thing). The minimum droplet for a WordPress install using their “One Click” method is the $10 droplet. Technically, you can install a WordPress setup on a $5 droplet, but the “One Click” method takes up more resources than the $5 droplet has, so you would need to install it manually.

The $10 droplet has 1 GB of RAM and 30GB on the SSD disk. The transfer rate is 2TB, and you get one core of processor power. There are $5, $10, $20, $40, and $80 options that range up to 8GB of memory with 80GB SSD space, 5TB of transfer rate and 4 Cores at the $80 per month rate. There are also massive higher volume plans running up to the unspeakable sum of $640 a month, but we need not discuss this here because it is scary.

Another difference between Digital Ocean and most other hosts is that you can easily change the specs, or at least some of them. You can increase the RAM by simply changing the specs and rebooting. Changing the SSD size takes longer but it can be done on the fly.

About that One Click thing, and installing WordPress

The WordPress install has nothing to do with one click. There are many clicks.

We managed the WordPress install with no problem at all with respect to the server, except one bit of confusion on my part. Maybe two bits.

I just clicked on the one click button. Then I did a whole bunch of other stuff, as specified in the Digital Ocean instructions. It is worth noting that Digital Ocean has many tutorials, and I think they have some sort of incentive system to get tutorials written and updated by users.

I ran into three problems that an expert would not likely have had, and I’ll tell you about them so you’ll know.

First, early on in the process, you need to get a secure connection to the server. You can do this by setting up a key on your computer and syncing that with the key on the Digital Ocean droplet. Do you know what I’m talking about? If yes, never mind. If no, good luck with that, it is a bit esoteric. There seems to be another way, which involves Digital Ocean resetting your root password and mailing it to you. Now, the NSA has your password, so you may want to change that. In any event, the whole secure connection thing is one of those areas that hackers already know all about but someone like me doesn’t, so I was confused and that took a bit of work. The tutorial is written with the assumption you are jot an idiot, but you may be an idiot, like me. Just carefully follow the instructions. You’ll be fine.

Second, and this is totally stupid (of me). (Digital Ocean really needs to re-write a version of their tutorial just for idiots.) When I finally tried to log on to the server, having made a secure connection, I was utterly confounded. I knew what my password was, but I did not know what my user name was. I couldn’t remember specifying or being given a user name. I just didn’t have a user name. Digital Ocean help files were no help. I had no idea what to do. Then, I randomly ran into something that reminded me that I am an idiot.

When you set up a basic Linux server, your username is root. That is obvious, everybody knows that, right? I had forgotten that because most of the Linux setups I’ve installed (and there have been many) were using a hand holding install script on Debian, Fedora, or Ubuntu or something, which set you up as a special user who is not root, but whose password can be used to su or sudo.

So just remember that, your name is root.

The third problem has nothing to do with Digital Ocean, but somehow I seem to have missed these instructions in the guidelines. This had to do with getting the DNS thing set up so the domain (yadayada.com or whatever), which Mike had already bought, would point to the server. There are three things you need to know. First, the domain service has to be told what servers to point to (Digital Ocean provides this info on their web page). Second, you need to do an esoteric thing on the Digital Ocean interface under the “networks” section to enter your domain name. Third, you need to get into the WordPress installation and enter the domain name in the settings on wp-admin (in two locations). Oh, and fourth, you have to wait a while for this to propagate, which for us was a very short period of time.

Digital Ocean and Security

Recently, a few colleagues/friends have had their WordPress sites hacked by their own back end. The hosting service got hacked, and then the clients of that hosting service got hacked.

This can’t happen on Digital Ocean for various technical reasons. Unlike a typical server, in which you only THINK you “own” a computer where you are root, but really, there is a sort of Over Root that can root around in your root, Digital Ocean Droplets are more like a separate server, given the way they are set up. So, for example, Digital Ocean can’t go into your server to fix something for you. But this also means that malicious code (or whatever) at DO (or elsewhere) cant go into your server and break something for you. There is a way to recover a totally crashed droplet that involved DO involvement, but it is you, the droplet owner, that does the fix, while someone at Digital Ocean kicks the side of the server or something.

According to Ryan Quinn at Digital Ocean (I asked him to clarify this aspect of security):

In DO there is no such thing as a “super-root” user on a DigitalOcean droplet. When you create your droplet a couple things happen.

1.) If you do not use an ssh key the create process generates a temporary password and emails it to you. This password is not stored anywhere else in DO’s systems and you are prompted on the first login to immediately change the temporary password.

2.) If you do use an ssh key stored on DigitalOcean, DO admins and support personnel do not have access to these keys through their admin interface.

So while DO has access to the hypervisor (physical machine) that your droplet is running on we have no access to the operating system within your droplet so this would not be a viable attack vector.

So for example, if you were to find yourself locked out of your droplet, our support team could recommend a password reset from the control panel but the only way they could directly assist you in accessing the contents of your droplet would be to power it off, mount a recovery ISO that includes it’s own operating system, and boot your droplet with that image. From that image (which has networking disabled by default) it is possible for you to mount your disk image and access your files.

Overall, a user would have more ready access to your droplet if they were to gain access to your ssh key, root password, or an API key you generated form the control panel than they would if they gained admin access in our backend systems (which are well protected behind firewalls and two-factor authentication, and not accessible from the public Internet).

Deciding if you should use Digital Ocean

Digital Ocean is not for everybody. You need to be at least a little savvy with Linux, probably the command line, etc, and you need to be willing to mess around a little. But it is probably the best solution for getting a fully functional server that you have full control over. Best in terms of pricing, flexibility, and power. As far as the cost goes, that is pretty easy to justify. Adding a monthly bill to your mix of expenses is something you should be careful about doing, but if you set up a $10 a month server with Digital Ocean, and decide you don’t want to do it, just go to your account and destroy the server and you’ve probably spent less than $10. Also, if you click any of the links to Digital Ocean on this page (such as THIS ONE) you will get a $10 credit, so you won’t have to spend a dime. (I set up our server with such a referral, so we are so far cost free!). After that, $10 a month for another month or two is not a big deal, and by then, you should know if the server and all that is working for you and worth the expense.

What about a graphical user interface desktop thingie on Digital Ocean?

You can do that. Digital Ocean used to have “one click” installs for various distros with desktops, but does not seem to do this any more. What you can do is get a droplet with enough power (probably the $20 version with 2 GB memory), create a non-root user with sudo privileges, install a desktop and use VNC to access it. I’ve not tried this or looked into beyond a bit of poking around.

Ubuntu Server: Why you want one and how to do it.

Why would you want to install Ubuntu as a “server” rather than as a desktop? The simple answer is: If you need to ask, you don’t want to do it. But, there is a more nuanced answer as well: By installing a server, you get to a) have loads of fun installing a server; b) learn things about the system you never thought were even there to learn; c) have your own server, so serve stuff in your very own home, so when The Internet goes down you can continue to pretend like there’s an internet. Just a much, much smaller and less interesting one.

And, if you happen to have anything to serve up in your own home, or if you want to serve a web site of your own, the server setup will make more sense than the desktop setup.

In truth, you can take a desktop installation and convert it over to a server by just installing and setting up some stuff. I myself am not convinced that this option is not even easier than the server-from scratch option. However, server from scratch (as opposed to tweaking a desktop install) will probably be cleaner and meaner, but most importantly, you will understand what you have in front of you better if you do it from scratch.

There are several resources you can use to help make this work. I recently read and very much enjoyed the book Beginning Ubuntu LTS Server Administration: From Novice to Professional (Expert’s Voice in Linux). (That’s a link to Amazon. If you go there and click around you’ll see a number of similar titles. None of the gay or lesbian server editions will be visible to you, of course.)

Here is a web site
that goes through the process on line. Which of these methods of learning (book vs. on line vs. trial and error) is of course a matter of personal preference.

Let’s go back for a moment as to why you might want a server. Your server may be a low-power draw machine with lower-end graphics that you use to access data (multi-media, files, etc.) and/or devices (printers, scanner, etc.) and in turn access via a wireless network elsewhere in your home.

So, physically, a server is different from another computer because it is not a laptop, it stays on, it is el-cheapo in the graphics department, and it has storage for stuff to serve up (all of these are breakable rules, of course).

In terms of software, there are big differences between a desktop and a server. The server has … servers. Like a web server (apache, for instance) and FTP server, and so on. That software can certainly run on your desktop, but the process of setting up a Linux server, such as the typical configuration known as a LAMP server (Linux, Apachae, MySQL databse, PHP), involves instaling, configuring, and turning on all these bits.

Another thing about a server, typically, is that it sits there without you interacting directly with it most of the time. Typically, you are not using your server for other things like day to day text processing, emailing, web surfing, etc. Again, these are all breakable rules. But a server normally is not your main interactive computer. One thing this means is that you can approach your server with a different personal affect than your regular computer. Your server can be a dangerous place, but because it is your server and not your day to day use computer, you can manage this.

Ubuntu by default does not allow a “super user” mode. A server usually does. So, you can sit down at your sever and check your email and stuff, but you can also sit down at your server and make modifications that only a super user should be allowed to do. Using the Ubuntu solution of “sudo this” and “sudo that” is not convenient, and can actually make some things hard to do, and some scripts that are designed to be run by super user will not operate with the sudo-only environment.

So, you want your server to have super user capacities that you can access, and when you sit down at your server you want to act in a responsible manner worthy of any super user. The book I refer to above does give instructions for changing Ubuntu so that there is a super user mode (you use sudo to do that, naturally).

Here is a web site that gives some suggestions for how to set up the hardware for a server, and also, info on installing Suse Linux.

I’d like to suggest two or three other resources that might make your bedtime reading for the next few weeks if you plan on playing server administrator. First you need Linux All-in-One For Dummies.

Then you need eitherThe UNIX Philosophy, in order to get your philosophical approach in line.

Between the above five mentioned texts, pick one from the first paragraph and zero or one from the second paragrqaph. Go to the used bookstore in your neighborhood that sells computer books (here where I am that would be Second Hand Books) and get whatever they have along these lines that is used. You don’t need current references, as these books are talking about *nix at a level where details are not important. The idea is to get down some basics, get some philosophy, and learn what sorts of things are possible by viewing these possibilities form a variety of different angles.

Then, go out and get a fairly current all in one bible type book that gives you the reference source you will need, such asA Practical Guide to Linux Commands, Editors, and Shell Programming (3rd Edition).

Some people don’t like books, and prefer on line resources. You can find all of the above on line in some form or another, and at another time I’ll make some suggestions along those lines . Some people like the book for various reasons. I like having these books as my bedtime reading. No computer, just the book. I know, that’s strange, but it’s how I roll.

An expression, by the way, that I really don’t like that much (“how I roll” … that expression).