DropletDrift
How to Deploy a Website in Minutes using DigitalOcean Droplets

How to Deploy a Website in Minutes using DigitalOcean Droplets

September 24, 2025 · Alex Ivanovs · 6 min read
We may earn an affiliate commission through purchases made from our guides and tutorials.
Contents show

Here’s a practical, step-by-step guide to launching a working website on a DigitalOcean Droplet in minutes. I’ll walk through provisioning, securing, deploying content, configuring DNS and TLS. I assume you already have (or will create) a DigitalOcean account up front.

Running your own Droplet gives you full control over the stack, unlike managed “platform as a service” offerings. You can choose OS, web server (Nginx, Apache, Caddy, etc.), SSL setup, auto-deploy workflows, and custom tuning. Many guides cover this, but I aim here for a minimal but production-capable baseline: a non-root user, firewall, Nginx server block, Let’s Encrypt TLS, and a workflow for updates.

This tutorial is general, but I’ll illustrate using Ubuntu + Nginx + Certbot as a canonical stack.

Prerequisites & preparations

  • You must have a DigitalOcean account (with billing set up) so you can spin up Droplets.
  • Locally, you’ll need an SSH client (macOS, Linux, Windows via WSL or PuTTY)
  • Access to a domain registrar / DNS provider so you can point your domain (or subdomain) to your server.
  • (Optional but strongly recommended) a local SSH key pair. We’ll use SSH-key authentication to access the Droplet.

If you don’t already have an SSH key pair:

ssh-keygen -t ed25519 -C "your_email@example.com"
# Accept default file location (~/.ssh/id_ed25519)
# Optionally protect with passphrase

Copy the public key:

cat ~/.ssh/id_ed25519.pub

You’ll paste that into DigitalOcean’s control panel when creating or configuring Droplets (under “Security → SSH Keys”) so you can log in securely without passwords. (This is DigitalOcean’s recommended best practice.)

Create and configure a Droplet

  1. Log into DigitalOcean’s control panel, click Create → Droplet.
  2. Choose Ubuntu (latest LTS) as the image.
  3. Select a size (for basic sites, even the lowest tier is okay)
  4. Choose a region close to your users.
  5. Under Authentication, select SSH keys and choose the public key you uploaded.
  6. Enable optional features: IPv6, monitoring, backups (if desired).
  7. (Optional) In “Advanced options → user data”, you can supply a startup script (cloud-init) to automatically disable root password login, create a non-root sudo user, etc.
  8. Tag the Droplet (for firewall or grouping) and finalize the creation.

Once the Droplet is ready, you’ll see its public IPv4 address (and IPv6 if enabled).

Optionally, assign a Reserved IP so you can replace or rebuild Droplets without changing your DNS.

SSH in, harden, and prepare your server

SSH in (as root initially or via the cloud-init script’s non-root user):

ssh root@your_droplet_ip

If you used cloud-init to create a sudo user and disable root-password, then:

ssh your_user@your_droplet_ip

Then:

Update the system

sudo apt update
sudo apt upgrade -y

Add a firewall (UFW)

Allow SSH first (so you don’t lock yourself out):

sudo ufw allow OpenSSH

Then allow HTTP and HTTPS (after you install Nginx later, but you can open now):

sudo ufw allow 'Nginx Full'

Enable the firewall:

sudo ufw enable

Check status:

sudo ufw status

(Optional) Disable root SSH login, ensure use of sudo

If not already handled by cloud-init, edit /etc/ssh/sshd_config:

PermitRootLogin no
PasswordAuthentication no

Then reload:

sudo systemctl reload sshd

This ensures only key-based login is allowed and root via password is prohibited.

Install and configure Nginx

Install Nginx:

sudo apt install nginx -y

Once installed, Nginx registers application profiles with UFW, so your earlier ufw allow 'Nginx Full' ensures both HTTP and HTTPS are allowed.

You can test that Nginx is working by browsing to your server’s IP. You should see the default “Welcome to Nginx” page.

Create a directory for your site

We’ll host under /var/www/your-domain/html (this is conventional):

sudo mkdir -p /var/www/your-domain/html

Set ownership so your regular user can manage files:

sudo chown -R your_user:your_user /var/www/your-domain/html

Place your website content (HTML, CSS, JS, images) in that folder. You can upload via scp, rsync, or Git deploy.

Configure an Nginx server block (virtual host)

Create a file /etc/nginx/sites-available/your-domain:

server {
    listen 80;
    listen [::]:80;

    root /var/www/your-domain/html;
    index index.html index.htm;

    server_name your-domain.com www.your-domain.com;

    location / {
        try_files $uri $uri/ =404;
    }
}

Enable it:

sudo ln -s /etc/nginx/sites-available/your-domain /etc/nginx/sites-enabled/

Test Nginx configuration syntax:

sudo nginx -t

If OK, reload:

sudo systemctl reload nginx

At this point, navigating to http://your-domain.com (after DNS) should serve your site.

Point DNS to your Droplet

In your domain registrar or DNS provider’s panel, set the following records:

  • A record for @ (root) → your Droplet’s IPv4 address
  • A record for www → same IPv4 address
  • If you enabled IPv6, set AAAA records similarly.

DNS propagation may take a few minutes to hours. Meanwhile, you can still test with the IP or override your hosts file locally.

Enable HTTPS with Let’s Encrypt / Certbot

Install Certbot and its Nginx plugin:

sudo apt install certbot python3-certbot-nginx -y

Run:

sudo certbot --nginx

Certbot will prompt you to select the domain(s) you configured and ask whether to redirect HTTP to HTTPS (I recommend yes). It automatically modifies your Nginx config and reloads.

Test renewal:

sudo certbot renew --dry-run

You now have a full HTTPS-enabled site.

Set up a deployment workflow

You’ll want to be able to update site files without manually SSHing each time. Some options:

  • Use rsync or scp from local to /var/www/…
  • Use Git on the server: push code, then run a hook or pull
  • Automate via CI/CD (GitHub Actions, GitLab CI) to SSH or SCP deploy
  • Use git-hook or webhook to trigger a pull on update

For a simple rsync push, from your local machine:

rsync -avz --delete path/to/site/ your_user@your-domain.com:/var/www/your-domain/html/

Then optionally reload Nginx (if you change config):

ssh your_user@your-domain.com "sudo systemctl reload nginx"

More advanced setups can integrate SSH key for CI, automated SSL renewals, rollback, logging, etc.

Optional enhancements & tips

  • Use Reserved IP so that if you destroy and rebuild the Droplet, your DNS doesn’t need to change.
  • Use a cloud firewall (DigitalOcean’s firewall) in addition to UFW for extra layering.
  • Use monitoring / alerting (CPU, memory) via DigitalOcean’s built-in metrics.
  • Automate snapshot backups regularly.
  • Use gzip compression, caching headers, and other Nginx tweaks to improve performance.
  • Use CI/CD rollback or staging environments if your site grows.
  • Monitor certificate expiration and ensure renewals happen (Cron + certbot renew --quiet).

Summary & next steps

In this guide, you’ve:

  1. Created a DigitalOcean Droplet with SSH key authentication
  2. Hardened server with firewall and SSH configuration
  3. Installed and configured Nginx to serve your site
  4. Pointed DNS and enabled HTTPS using Certbot
  5. Outlined ways to automate deployment

You now have a functional, secure, and self-managed web server in just a few minutes. From here, you can expand: add PHP, Node.js, a database, reverse proxy, auto-scaling, containerization, etc.

Was this helpful?

Thanks for your feedback!

Share this:

Share on LinkedIn Share on Reddit Share on Bluesky
#digitalocean#droplet
Alex is the resident editor and oversees all of the guides published. His past work and experience include Colorlib, Stack Diary, Hostvix, and working with a number of editorial publications. He has been wrangling code and publishing his findings about it since the early 2000s.

Leave a comment

Your email address will not be published. Required fields are marked *