Setting up a FreeBSD Digital Ocean instance

March 2016 update: after reading FreeBSD - A Lesson in Poor Defaults, I don't think I'll be using FreeBSD again. Next time my server at home goes out, and I'm on vacation, I'll use whatever "cloud" provider lets me run OpenBSD, even if it costs a little more and requires setting up a new account.

Since I use at least three machines regularly throughout the course of the day, I find it useful to have a remote server where I can centralize a lot of my work. Much of my computing, then, is done on an Intel Atom machine running OpenBSD. It serves my website, stores my backups, holds the innumerable text lists I use to obsessively manage my life, and runs the IRC, RSS, todo, and calendaring programs I check overly often. But twice during my current vacation I lost my connection to this machine. The first time was due to a connection problem back home, but this second time was because I accidentally rebooted the machine (a big no-no when your disk is encrypted and you need to enter a password before the machine can even boot).

During both outages, I've created FreeBSD virtual machines over at Digital Ocean (Digital Ocean calls these "droplets"). The total cost for running a droplet with 512 MB of RAM and 20 GB of SSD storage for 15 days should be something like $2.50. Not bad. I'm also pleased with the relative ease of set-up, both in terms of the Digital Ocean web interface and FreeBSD itself.

I'm going to include my set-up notes from my second time around just for future reference. Because chances are my home server will go down again someday.

Getting started:

  1. You'll need to provide an SSH key during the creation of your droplet; this will be used to login with the default freebsd user. So ssh-keygen -t rsa and cat ~/.ssh/id_rsa.pub. (We're going to make a new RSA key here instead of using my existing id25519 key because I don't think DigitalOcean's web interface supports the latter; but we can use the id25519 key later, once the machine is set up.) Paste the output of that second command into the "Add SSH Key" box when creating the Droplet.

  2. Get the IP address from Digital Ocean's web interface and connect to your new instance via SSH: ssh freebsd@xx.xx.xx.xx. It also may be necessary to do something like ssh -i ~/.ssh/id_rsa freebsd@xx.xx.xx.xx. I don't know how ssh picks between multiple keys.

  3. From here on all commands apply to the remote machine. Run sudo passwd to set up a root user password. You can now use su - to switch to root if you prefer not using sudo.

  4. Run sudo freebsd-update fetch && sudo freebsd-update install and then sudo reboot. But apparently there's a bug with FreeBSD that prevents an upgraded machine from successfully rebooting (wtf?), so you'll have to power off/power on again using the Digital Ocean web interface.

Adding a user and setting up SSH

  1. Run sudo adduser to set up a new user. When prompted for the login group, choose wheel.

  2. If you have an ssh keypair that you normally use, rather than the one we created at the beginning of these steps, add the public key portion to your new user's ~/.ssh/authorized_keys file. Then make sure the permissions for that file are set right: chmod go-rw ~/.ssh/authorized_keys. (If you don't have the pubkey for a private key, you can recreate it using ssh-keygen, e.g., ssh-keygen -f id_ed25519 -y).

  3. In /etc/ssh/sshd_config change from yes to no the line about permitting password authentication. Then run sudo service sshd reload. From here on, you should be able to connect to your droplet with something as simple as ssh xx.xx.xx.xx.

  4. Delete the freebsd user: sudo rmuser freebsd.

Third party software and other nice things:

  1. Run sudo pkg update.

  2. Run sudo pkg install mksh tmux irssi hiawatha newsbeuter or whatever, depending on what software you need.

  3. To use mksh instead of the default shell, run chsh -s /usr/local/bin/mksh. And while we're setting up our shell: to stop the tips that appear every time you start a new shell, delete from ~/.profile the line that reads if [ -x /usr/games/fortune ] ; then /usr/games/fortune freebsd-tips ; fi. It's also worth trimming the overly long /etc/motd file that is displayed on every login.

  4. To use the hiawatha webserver, place your website files in /usr/local/www/hiawatha and then add hiawatha_enable="YES" to rc.conf and run sudo service hiawatha start.