Category Archives: DigitalOcean

DigitalOcean New Pricing: July 2022

digital ocean

Prices effective starting July 1, 2022

Users using DigitalOcean Droplets, Snapshots, Load Balancers, Floating IPs, and Custom Images will experience a change in prices starting from July 1, 2022. Details are below.

DO droplet

Introducing a new $4 Droplet 

Droplet priced at $4/month with 1 vCPU, 512MB memory, 500GB bandwidth, and a 10GB SSD. The new Droplet is ideally suited for developers and teams learning new skills and creating proofs of concept and serves as a low-cost, effective graduation path from application development to production deployment.


Load Balancers

New monthly price for load balancers will be $12 per month per node.

 

DO loadbalancer

DigitalOcean Kubernetes

Managed Kubernetes

Billed for the underlying resources used by their Kubernetes worker nodes, which could include Droplets, Block Storage, and Load Balancers. A Kubernetes cluster can be deployed for as little as $12 per month.

Only public outgoing transfers are considered for bandwidth billing. Transfer limits are calculated by pooling the transfer from all droplets on the account. Overages above pooled transfer will be charged at a rate of $0.01/GB.


Snapshots

New monthly price for Volume Snapshots is $0.06 per GiB per month and Droplet Snapshots is $0.06 per GB per month.


DO Spaces

floating ips

Floating IPs

Floating IPs will be free when assigned to a Droplet and will cost $5.00 per month when reserved but not assigned to a Droplet


Custom Images

Custom images are free to upload and charged at $0.06 GB per month to store.


DO custom image

DO bandwidth

Bandwidth Overages

No changes to bandwidth overage pricing. Each Droplet includes free outbound data transfer, starting at 500 GiB/month and scaling up. Outbound data transfer is shared between all Droplets each billing cycle. Additional transfer is billed at $0.01 per GiB.


Spaces

No change to Spaces pricing. The base rate of a Spaces subscription is $5.00 per month and gives you the ability to create multiple Spaces.

The subscription includes 250 GiB of data storage (cumulative across all of your Spaces). Additional storage beyond this allotment is $0.02 per GiB.

Spaces subscriptions include 1,024 GiB of outbound data transfer (from Spaces to the internet), which is shared between all Spaces. Additional outbound transfer is $0.01 per GiB.


DO blSpaces

DO backups

Backups

No change to backups pricing. Enabling backups for a Droplet adds 20% to the cost of the Droplet.


Volumes

No change to Volumes pricing. Volumes cost $0.10 GiB per month and range from 1 GiB to 16 TiB (16,384 GiB). Charges accrue hourly for as long as the volume exists.


digitalocean volume

app platform

App Platform

No changes to App Platform pricing. Starts at $5.00 per month (for one container).

Why You Should Use DigitalOcean for Your Next Project

why you should use do for your next project

DigitalOcean offers easy-to-use managed cloud hosting service with simple user interface and powerful command line tools, which make it easy to deploy your code quickly and manage your server from anywhere on the globe.

DigitalOcean has invested significant of money to its infrastructure to make it truly a complete cloud engine. They have expanded geographic footprint, and introduced new products such as DigitalOcean Kubernetes, App Platform, and Managed Databases to its infrastructure. Companies such as Gitlab, Slack, Ghost, Cloudways and Whatfix are using DigitalOcean for years now.

App Platform

DigitalOcean App Platform is very easy to use and you can get started with it right away. It also have a lot of great features so you can build, deploy, and scale apps quickly as possible. DigitalOcean will handle the infrastructure, app runtimes and its dependencies, that means you can focus more on your code and its business logic.

With DigitalOcean, you can scale your apps to handle traffic as it grows. It is very cost effective and effectively optimize resources as you scale your apps.

Kubernetes & Load Balancers

With Kubernetes, you can easily scale up and deploy containerized apps in clusters. If you’re ready to start using containers but don’t want to worry about managing them, DigitalOcean is a great choice. Load balancers on DigitalOcean are simple to set up. It helps to manage distribute incoming traffic across a group of Droplets and increase your application’s availability with Load Balancers.

Introducing a new $4 Droplet

If you have an existing business or other online presence, then you’re likely familiar with the cost of hosting and managing multiple server instances. DigitalOcean is introducing a new Droplet priced at $4/month encouraging more developers across the globe to try its Droplets. This Droplet comes with 1 vCPU, 512MB memory, 500GB bandwidth, and a 10GB SSD, perfect for developers want to learn new skills and proof of concept for the next big app ideas. The price changes will be available starting July 1, 2022.

Backup

Backups are an important part of any hosting environment, but they’re often overlooked or not easy to implement. Droplet backups have always affordable and simple to enable. Backup Droplets disk images once per week, priced at 20% of the cost of the Droplet. If you destroy the Droplet, backups will also be removed and purged. However snapshots, on-demand full disk image of a Droplet work opposite. They will still be on your account until you delete it even after the Droplet is removed. Snapshots can be used to restore an existing Droplet or create a new Droplet from that point in time.

Developer Support

DigitalOcean offers free 24/7 technical support. There are three levels of support provided by the support team to meet your needs. You can send inquiries and contact the support team agent at any time and get help. They also have an active forum, a community where users can post questions and get answers from other developers. In addition, you can find number of comprehensive articles, tutorials and official docs related to any products and services they provide to the customers.

Read 8 Important Ways to secure DigitalOcean Droplets

In summary here are the few reasons I use DigitalOcean:

  • They provide virtual machine, Kubernetes, App platform, storage, database, and many more.
  • Easy to use, economical, scalable, and adaptable for web.
  • Affordable, reliable and quick deployment.
  • Server quality is great and server spec is perfect for various business.
  • Droplet backups are easy to enable and affordable.
  • Excellent tutorials and articles provided by the community and expert.

DigitalOcean grow with a global community. Whether you’re a developer looking to deploy your next project or an enterprise business company looking to build out a new product, DigitalOcean has a solution for you. So what are you waiting for? Try DigitalOcean today with a $100, 60-day credit to get started. That’s enough resources to run a website or app that you can build and start growing a successful business.

8 Important Ways to secure DigitalOcean Droplets


What is DigitalOcean Droplets?

DigitalOcean Droplets are Linux-based virtual machines (VMs) that run on top of virtualized hardware. These droplets are new virtual servers. These virtual servers must be configured such that it provides security and usability for the application.

Basic security measures are always important as a startup of any project, and over time it is beneficial to develop a more tailored security approach which suits the specific needs of your environments and applications. Here are basic security measure you can take care of when you do initial setup and deployment process for DigitalOcean droplet.

These concepts are complex and advance topics, hence this tutorial will not cover everything regarding DigitalOcean Droplets configuration for each methods.

Let’s find more…

Step1: Use SSH KEYS

Secure Shell (SSH) is popular encrypted protocol used to communicate with servers. As a server side admin, you’ll likely SSH into your servers because it is more secure way to configure servers and databases.

With SSH keys, a private and public key pairs are created for the purpose of authentication. The private key is kept secret and secure by the user, while the public key can be shared.

When interacting with Digital Ocean plate form, You have two options either SSH keys or password

SSH key is More Secure Way

Reasons: SSH Keys are larger bit length.

Passwords are typically 8-16 characters which is easy to break.

SSH keys are 4096 bit characters long which is difficult to crack.

SSH keys are completely randomized.

SSH keys are large number of prime numbers thus it cannot be easily social engineered.

To get SSH key of someone, literally you need to access his physical computer.

Connecting to Server Using SSH Keys

To configure SSH key authentication, you must place your public SSH key on the server in its proper directory. When your client first connects to the server, the server will ask for proof that you have the associated private key. It generates a random value and send it to your SSH client. Your SSH client will then use your private key to encrypt the response and then send the encrypted reply to the server. The server then decrypts your client’s reply using your public key. If the server can decrypt the random value, then it means that your client possesses the private key and the server will let you connect without a password.

ssh-keygen

By default your key pair is saved is in ~/.ssh/ on Linux and /Users/your_username/.ssh on Windows and macOS. Simply copy your public key, which is named id_rsa.pub by default.

From the Account section, in the Security tab, find the SSH keys section. Click Add SSH Key to open the New SSH key window. Paste your public key into the SSH key content field, give it a name, then click Add SSH Key.


Step 2: Firewalls

Firewalls have basic level protection however it is essential for securing your DigitalOcean Droplet by restricting port access.

Firewalls restrict access to selected IP addresses. This is really helpful in granting ssh and MySQL access. In addition, it also helps to prevent certain users from certain countries to get access to the droplet or website.

You can configure firewall rules such that it helps to open and close ports for outside world.

eg: HTTP request (port 80)

MySQL request(port 3306)

DigitalOcean provides you two different types of firewalls

  • Operating system specific firewall and
  • DigitalOcean firewall

Operating System Level Firewall Code

sudo ufw app list
sudo ufw allow "Nginx Full"

Firewall at the Droplet Level Setup

To do Droplet level firewall simply follow these steps.

From DigitalOcean control panel, click Create in the top right to open the create menu, then click Cloud Firewalls to open the firewall create page. Configure the cloud firewall with the following options:

  1. In Name, enter inbound-ssh-only.
  2. In Inbound Rules, leave the single default rule for SSH.

Remember security is all about securing layers. So enable both options rather than one.


Step 3: Virtual Private Clouds

Virtual private clouds has features which allow large outer casing for all droplets. It is technically not a firewall but an extra layer which help to protect servers. Rules are applied to the group at once rather than applying firewall rules to each individual droplets.

Service Auditing
sudo ss-plunt

In Outbound Rules, keep the default rules, which permit all traffic to any destination on any port.

Click Apply to Droplets, add the tag you created with the new Droplet. These tags can be useful when you create additional Droplets in future, adding the same tag to them will automatically add them to this cloud firewall as well, simplifying scaling in the future.


Step 4: Unattended Updates

This method has downside. If we let auto update on then it updates number of packages which may leads to break any library. In this case it will be nearly impossible to find which caused the issue. Therefore before doing update process, remember to know all the libraries and packages will get updated.


Step 5: Backup

It is common scenario, we always take backup regularly but forget to test it. A backup that has been never tested is a theory. Taking backup is not a disaster recovery plan. A backup you think is going to work but not when the time comes then you have two problems. Don’t trust on one entity. So take backup offsite.Doing external backup is necessity

DigitalOcean has backup and Snapshot option.

  • Backup is weekly which is large in size
  • Snapshot is kind of diff

Step 6: SSL/TLS Encryption

Data is harvested by apps, companies and platforms. These data are sold to different companies. To minimize such illegal activities we have to use some type of secure way to communicate over the internet.

SSL/TLS protocol encrypts internet traffic, making secure internet communication between the users. These encryption protocols hide raw data from any third parties.


Step 7: Isolated Execution Environment

Isolated Execution is a software reference implementation of the security through isolation concept. It is not targeted at stopping malware from running or avoiding its insertion in the user’s machine; it rather provides a contained environment where malware can run without affecting the whole system.

  • Historically this is a good execution approach
  • In reality it is better to separate each component
  • Application server should be kept separately from database server
  • For example, If something happens to application server, we still able to keep database server safe without touching it
  • Application Server: Public network
  • Database Server: Private network
  • Do not put your database publicly facing to the internet

Step 8: Service Auditing

Even with all the security best practices, a new vulnerability can cause harm to your server. That’s where regular monitoring helps.

Service auditing or security auditing is a process of tracking and reviewing activities on your server. It is important to have audit policies where it states events you want to monitor, system log, history and how frequency you want to conduct the audit.


Conclusion

Security is an important key factor. It is important to have your Droplets safe and secure from harmful hackers to avoid security breaches. So, there you go. These are 8 ways you can make your Droplet secure.