DigitalOcean setup

Create one Ubuntu Droplet, point a wildcard DNS record at it, then run the setup command.

1. Create the Droplet

2. Add your SSH key

If you do not have an SSH key yet, create one locally:

ssh-keygen -t ed25519 -C "you@example.com"

Copy your public key:

cat ~/.ssh/id_ed25519.pub

In DigitalOcean, go to Settings, then Security, then SSH Keys. Add the public key and select it under Authentication when creating the Droplet.

3. Configure DigitalOcean DNS

In the DigitalOcean control panel, click Create, then Domain. Click Add a domain, enter your apex domain, then click Add Domain.

At your domain registrar, change the domain to use DigitalOcean's nameservers:

ns1.digitalocean.com
ns2.digitalocean.com
ns3.digitalocean.com

On the domain records page, click Create a record and create these A records:

A     @      YOUR_DROPLET_IPV4
A     *      YOUR_DROPLET_IPV4

Use @ in the hostname field for the apex domain and * for the wildcard record.

After the nameserver change has propagated, this should return DigitalOcean nameservers:

dig NS example.com +short

4. Create a DigitalOcean API token

The server uses Caddy with DigitalOcean DNS for wildcard TLS certificates.

In DigitalOcean, go to API, then Tokens, and create a personal access token. Use Full Access, or use custom scopes with domain:read, domain:create, domain:update, and domain:delete so Caddy can create and remove ACME DNS challenge records.

The server installer asks for this token as the DNS API key.

5. Run server install

SSH into the Droplet as root, then run:

curl -fsSL https://pack.sh/server.sh | sudo env PACK_DNS_PROVIDER=digitalocean sh

When the installer asks for the app domain, enter your apex domain, like example.com. When it asks for the DNS API key, paste the DigitalOcean token.

After the installer finishes, check that the deploy user works:

ssh pack@example.com

Use example.com as the deploy host during local install. The installer will save it as pack@example.com. Use example.com as the release domain.