How to Set Up a DigitalOcean Droplet — Complete 2026 Guide

Every VPS dashboard you have ever used is a tribute to DigitalOcean. The left-side nav. The clean creation wizard. The one-click deploys. DO did not just build a cloud platform — they established the template that Vultr, Linode, and a dozen smaller providers reverse-engineered. The original is still the best version. Their documentation alone is worth the price of admission; I have solved non-DigitalOcean problems by reading DigitalOcean tutorials. This walkthrough takes you from zero to a production Droplet with SSH, firewall, Nginx, SSL, and monitoring. All commands tested on Ubuntu 24.04 LTS.

Step 1 — Create Your DigitalOcean Account ($200 Free Credit)

Sign up at cloud.digitalocean.com with email, GitHub, or Google. Through a referral link (check our deals page for the active one), you get $200 free credit for 60 days. That is enough to run a $24/mo Droplet for over 8 months of equivalent value. Credit card or PayPal required to verify, but nothing charges until the credit is gone.

The dashboard is the Cloud Control Panel, and if you have used any modern VPS provider, this will feel familiar — because they all copied it from DO. Left nav: Create, Droplets, Networking, Databases, Spaces, App Platform. Clean. Intuitive. No 47-layer menu hierarchy like AWS.

First thing after signup: Account → Security → enable 2FA. Someone spinning up a fleet of GPU Droplets on your account at $2,000/mo is a bad day. Authenticator app preferred over SMS.

Step 2 — Create Your First Droplet

Hit the green Create button, then Droplets. The creation wizard is a masterclass in UX — every option is visible, nothing is buried, and the pricing updates in real time. Here is what to pick:

• Choose Region: For US audiences, select New York 1 (NYC1), New York 3 (NYC3), or San Francisco 3 (SFO3). NYC3 is their newest New York datacenter and recommended for new projects.
• Choose an Image: Select Ubuntu 24.04 (LTS) x64. This is the most supported OS for VPS workloads and what this guide is based on.
• Choose a Plan: Start with Basic → Regular SSD. The $6/mo plan (1 vCPU, 1GB RAM, 25GB SSD) is sufficient to follow this guide. For production PHP/WordPress sites, the $12/mo (1 vCPU, 2GB RAM) is more comfortable.
• Add Block Storage: Skip for now. You can add expandable block storage volumes later if you need more disk space.
• Choose a Datacenter Region: Pick the same region as above.
• Authentication: Select SSH Keys (we'll set this up in the next step). Do not use password authentication.
• Hostname: Give your Droplet a meaningful name like web01-nyc3. This is only visible in your dashboard, not publicly.

Click Create Droplet. Thirty seconds. Sometimes less. The speed here is not Vultr-level instant, but it is close enough that you will not have time to check your phone.

Step 3 — Add SSH Keys via the Dashboard

While the Droplet spins up (or better yet, before you create it), generate an SSH key pair on your local machine. You only do this once. Every future Droplet will inherit the key automatically.

Generate SSH Keys (macOS / Linux)

# Generate an Ed25519 key pair (modern and secure)
ssh-keygen -t ed25519 -C "your-email@example.com"

# Accept the default file location (~/.ssh/id_ed25519)
# Set a passphrase for extra security (recommended)

# Display the public key — copy all of this output
cat ~/.ssh/id_ed25519.pub

Generate SSH Keys (Windows)

# Open PowerShell (Windows 10/11 has built-in OpenSSH)
ssh-keygen -t ed25519 -C "your-email@example.com"

# Key saved to: C:\Users\YourName\.ssh\id_ed25519
# View your public key:
Get-Content $env:USERPROFILE\.ssh\id_ed25519.pub

In DigitalOcean: Settings → Security → SSH Keys → Add SSH Key. Paste, name it, done. The next Droplet you create offers this key as a checkbox. This is the kind of small UX detail that made DigitalOcean the standard everyone else chases.

Optional: Use doctl CLI

# Install doctl (DigitalOcean CLI) on macOS with Homebrew
brew install doctl

# Or download on Linux:
curl -sL https://github.com/digitalocean/doctl/releases/latest/download/doctl-*-linux-amd64.tar.gz | tar -xzv
sudo mv doctl /usr/local/bin

# Authenticate with your API token (from Account -> API -> Generate Token)
doctl auth init

# Add your SSH key via CLI
doctl compute ssh-key import "My Key" --public-key-file ~/.ssh/id_ed25519.pub

Step 4 — Connect to Your Droplet

Once the dashboard shows Active, grab the IP from the Droplets page and SSH in:

# Connect as root (replace with your Droplet's IP)
ssh root@203.0.113.20

# Accept the host fingerprint on first connection (type 'yes')

# If you didn't add an SSH key during creation, copy it now:
ssh-copy-id -i ~/.ssh/id_ed25519.pub root@203.0.113.20

You should see root@droplet-name:~#. You are in. DigitalOcean also provides a web-based console under Access → Launch Droplet Console — this works even if you completely break your SSH config, which makes it the best panic button in the industry.

Step 5 — System Update & Timezone

Patch first. Always. DigitalOcean's images are refreshed regularly, but there are always a few pending security updates:

# Update package index and upgrade all packages
apt update && apt upgrade -y

# Install useful tools
apt install -y curl wget git unzip htop ufw nano software-properties-common

# Set the correct timezone (replace with your timezone)
timedatectl set-timezone America/New_York

# Verify the timezone
timedatectl status

# Set the hostname
hostnamectl set-hostname web01.yourdomain.com

Step 6 — Create a Non-Root User with Sudo

Root is a loaded gun with no safety. Create a regular user with sudo and use that instead. If you fat-finger a destructive command, at least you have to type "sudo" first, which gives your brain an extra second to catch the mistake.

# Create a new user
adduser deploy

# Add to the sudo group
usermod -aG sudo deploy

# Transfer SSH keys from root to the new user
mkdir -p /home/deploy/.ssh
cp /root/.ssh/authorized_keys /home/deploy/.ssh/
chown -R deploy:deploy /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
chmod 600 /home/deploy/.ssh/authorized_keys

Open a second terminal. This is important — keep the root session alive as a safety net while you verify:

# In a NEW terminal — keep your existing root session open
ssh deploy@203.0.113.20

# Test sudo access
sudo whoami
# Expected output: root

Confirmed? Lock root out:

# Edit SSH configuration
sudo nano /etc/ssh/sshd_config

# Set these values:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

# Restart SSH to apply changes
sudo systemctl restart sshd

Step 7 — Configure UFW Firewall

DigitalOcean's cloud firewall (Networking → Firewalls) filters traffic before it touches your Droplet — network-level, not software-level. I run both. The cloud firewall catches the obvious stuff, UFW is the backup. Two layers, zero extra cost.

# Set default policies — deny all incoming, allow all outgoing
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow SSH — MUST do this before enabling the firewall
sudo ufw allow 22/tcp

# Allow web traffic
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Enable the firewall
sudo ufw enable

# Verify rules
sudo ufw status verbose

If you prefer the CLI (and you should — doctl is excellent):

# Create a firewall rule group via doctl
doctl compute firewall create \
  --name "web-firewall" \
  --inbound-rules "protocol:tcp,ports:22,address:0.0.0.0/0 protocol:tcp,ports:80,address:0.0.0.0/0 protocol:tcp,ports:443,address:0.0.0.0/0" \
  --outbound-rules "protocol:tcp,ports:all,address:0.0.0.0/0 protocol:udp,ports:all,address:0.0.0.0/0"

# Apply the firewall to your Droplet
doctl compute firewall add-droplets FIREWALL_ID --droplet-ids DROPLET_ID

Step 8 — Install & Configure Nginx

Nginx on a 1GB Droplet runs circles around Apache on a 2GB box. Lower memory footprint, better concurrency handling, and it is what DigitalOcean themselves recommend in roughly half their tutorials. There is a reason for that.

# Install Nginx
sudo apt install nginx -y

# Enable it to start on boot and start now
sudo systemctl enable nginx
sudo systemctl start nginx

# Verify it's running
sudo systemctl status nginx

# Test in your browser: http://YOUR_DROPLET_IP
# You should see the Nginx welcome page

Now give it a real site to serve:

# Create the web root
sudo mkdir -p /var/www/yourdomain.com/html
sudo chown -R deploy:www-data /var/www/yourdomain.com
sudo chmod -R 755 /var/www/yourdomain.com

# Create a test page
echo '<h1>DigitalOcean Droplet is working!</h1>' | sudo tee /var/www/yourdomain.com/html/index.html

# Create the Nginx server block
sudo nano /etc/nginx/sites-available/yourdomain.com

Paste this config — it handles HTML, PHP, gzip, and basic security in one block:

server {
    listen 80;
    listen [::]:80;

    server_name yourdomain.com www.yourdomain.com;
    root /var/www/yourdomain.com/html;
    index index.html index.php;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

# Enable the site
sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/

# Remove the default site
sudo rm /etc/nginx/sites-enabled/default

# Test configuration syntax
sudo nginx -t

# Reload Nginx
sudo systemctl reload nginx

Step 9 — Point Your Domain (DNS A Record via DO or External Registrar)

Two paths here. DigitalOcean has its own DNS management (free, integrated, solid). Or keep using your existing registrar's DNS. Both work fine — I prefer Cloudflare for DNS speed, but DO's DNS is perfectly competent.

Option A: Use DigitalOcean DNS

In the dashboard: Networking → Domains, add your domain. DO gives you three nameservers (ns1.digitalocean.com, ns2.digitalocean.com, ns3.digitalocean.com). Point your registrar's NS records at them, then manage everything from DO.

Option B: Use Your Registrar's DNS

Just add two A records at your registrar:

# Check DNS propagation from your terminal
dig yourdomain.com +short

# Should return your Droplet's IP once propagation completes (5-30 minutes)
# Check global propagation at https://dnschecker.org

Step 10 — Install SSL with Certbot

Free SSL in 2026 is table stakes. Certbot handles it all: issues the cert, configures Nginx, schedules renewal. One command.

# Install Certbot and the Nginx plugin
sudo apt install certbot python3-certbot-nginx -y

# Request and install the SSL certificate
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

# Certbot will prompt you to:
# 1. Enter your email (for renewal notices)
# 2. Agree to Terms of Service
# 3. Choose HTTP redirect option (choose '2' — redirect all HTTP to HTTPS)

# Test automatic renewal
sudo certbot renew --dry-run

# View certificate details
sudo certbot certificates

# Check the systemd timer that handles auto-renewal
sudo systemctl status certbot.timer

Your site is live at https://yourdomain.com. Valid certificate. Auto-renewing. Moving on.

Step 11 — DigitalOcean-Specific Features (Monitoring, Snapshots, Floating IPs)

This is where DigitalOcean earns its reputation. The platform features are thoughtfully designed, well-integrated, and mostly free. Enable these on every production Droplet.

Enable Droplet Monitoring

Free. One-minute granularity. Thirty days of history. DigitalOcean's monitoring is better than what some providers charge $10/mo for. Install the agent and set up alerts — you will thank yourself later:

# Install the DigitalOcean monitoring agent
curl -sSL https://repos.insights.digitalocean.com/install.sh | sudo bash

# Verify the agent is running
sudo systemctl status do-agent

After the agent is running, create alerts: Monitoring → Create Alert Policy. I use CPU > 80%, memory > 90%, disk > 85%. DigitalOcean sends alerts via email or Slack — the Slack integration is genuinely useful if your team lives there.

Take a Snapshot

# Take a snapshot via doctl (requires the Droplet to be powered off first)
doctl compute droplet-action shutdown DROPLET_ID

# Wait for shutdown, then take snapshot
doctl compute droplet-action snapshot DROPLET_ID --snapshot-name "pre-upgrade-$(date +%Y%m%d)"

# List your snapshots
doctl compute snapshot list

Assign a Floating IP

# Create a Floating IP in a specific region
doctl compute floating-ip create --region nyc3

# Assign it to your Droplet
doctl compute floating-ip-action assign FLOATING_IP DROPLET_ID

# List Floating IPs
doctl compute floating-ip list

DigitalOcean Spaces (Object Storage)

Spaces is DigitalOcean's S3-compatible object storage. At $25/mo for 250GB + 1TB transfer, it is not cheap for light use, but the S3 API compatibility means every tool in the ecosystem works out of the box. No AWS account needed.

# Configure s3cmd for Spaces (after installing: sudo apt install s3cmd)
s3cmd --configure
# Use your Spaces access key and secret key
# Set endpoint to: nyc3.digitaloceanspaces.com

# Upload a file to your Space
s3cmd put /path/to/file.tar.gz s3://your-space-name/backups/

Step 12 — One-Click Apps (Marketplace Droplets)

The Marketplace is DigitalOcean's version of app templates. Pre-configured Droplets with everything installed. Honestly, for quick prototyping, they are fantastic. For production, I prefer the manual approach above so I know exactly what is on my server.

• WordPress — Nginx + PHP + MariaDB + WordPress pre-installed and configured.
• LAMP Stack — Apache, MySQL, PHP fully configured.
• Docker — Docker Engine and Docker Compose pre-installed.
• Kubernetes (DOKS) — DigitalOcean Kubernetes cluster with one click.
• Ghost — Ghost publishing platform ready to use.

# Browse and deploy Marketplace apps via doctl
doctl compute droplet create \
  --image wordpress-20-04 \
  --size s-1vcpu-1gb \
  --region nyc3 \
  --ssh-keys YOUR_SSH_KEY_FINGERPRINT \
  --name wordpress-droplet

If you do use a Marketplace Droplet, SSH in and actually read what it installed. The WordPress blueprint, for example, ships with Apache and MySQL instead of Nginx and MariaDB — not my preference, but it works. See our VPS control panels guide for GUI management options like Plesk and ServerPilot.

Step 13 — Common Droplet Issues

Issue: Droplet won't boot — stuck at "Creating"

# Wait 3 minutes. If still stuck, use the dashboard to:
# 1. Open the Droplet Console (Access tab)
# 2. Check boot status in the Recovery Console
# 3. Destroy and recreate if the issue persists (you won't be charged for stuck instances)

# Check Droplet events via doctl
doctl compute droplet-action list DROPLET_ID

Issue: Out of memory, Droplet unresponsive

# Access via the web console (even if SSH is down)
# Then add swap space:
sudo fallocate -l 1G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

# Check memory usage
free -m
htop

Issue: SSL certificate not renewing

# Test renewal manually
sudo certbot renew --dry-run

# If it fails, check the error message. Common fixes:
# 1. Ensure port 80 is open (Let's Encrypt uses HTTP for domain validation)
sudo ufw allow 80/tcp

# 2. Ensure the domain still resolves to your Droplet IP
dig yourdomain.com +short

# 3. Check Certbot logs
sudo journalctl -u certbot.service

Frequently Asked Questions

What is the difference between a Droplet and App Platform?

A Droplet is a full VPS — you control the OS, software, and configuration. App Platform is PaaS that auto-deploys from GitHub, handles scaling, and requires no server management. Use Droplets for full-stack control; App Platform for simpler deployments where you don't want to manage infrastructure. App Platform starts at $5/mo for static sites and $12/mo for basic apps.

How do I take a Droplet snapshot?

In the Droplet dashboard, go to Snapshots tab and click Take Snapshot. This shuts the Droplet down momentarily (30–60 seconds), captures the disk image, and restarts. Live snapshots are not available for basic Droplets. Cost: $0.06/GB per month. Use snapshots before risky upgrades or migrations.

What is a Floating IP?

A Floating IP is a static IP address that you can reassign between Droplets instantly. Useful for: zero-downtime provider migrations (point Floating IP to new Droplet), HA setups (failover routing), and avoiding IP changes when you rebuild a Droplet. Cost: $4/mo if unattached. Free while attached to a running Droplet.

Can I resize a Droplet up and down?

You can resize CPU and RAM up freely. Disk resizes are permanent — you cannot shrink disk. To downsize storage, create a new Droplet and migrate data. Billing adjusts immediately when you resize. For temporary scaling (e.g., Black Friday traffic), resize up and back down as needed, paying only for the hours at each size.

Does DigitalOcean have phone support?

No. DigitalOcean offers ticket-based support only (email), with response times varying by plan. Basic accounts get best-effort support. Business and Premium plans (add-ons) get faster response SLAs. This is DigitalOcean's main weakness compared to providers like Vultr and Kamatera that offer live chat. However, DigitalOcean's documentation is so full that most issues can be resolved without contacting support.

How much does DigitalOcean bandwidth cost?

Each Droplet includes transfer (1TB on the $6/mo plan, scaling up with plan size). Pooled bandwidth means unused transfer from one Droplet offsets overages on another within the same account. Overage is $0.01/GB — among the cheapest in the industry. Inbound traffic is free. For most websites, the included transfer is more than enough.

Can I use DigitalOcean for production e-commerce?

Yes. DigitalOcean Droplets are used in production by thousands of e-commerce sites. For best results: use at least a 2GB RAM Droplet ($18/mo), enable automated backups ($4/mo), set up a managed database ($15/mo) instead of running MySQL on the same Droplet, and put Cloudflare in front for CDN and DDoS protection. The total cost ($37/mo) is still far less than managed hosting like Shopify Plus.