DigitalOcean

Report this

What is the reason for this report?
Question

What do you do to prepare an Ubuntu droplet for production use

Posted on January 10, 2025
Ubuntu 22.04
Ubuntu
David Nusbaum

By David Nusbaum

I’m coming from CentOS and I’m curious what other’s in the DO community do to prepare their Ubuntu droplets for production use. This isn’t a hardening question, as I believe I have the security aspects sorted out and this isn’t about initial setup because DO already has a nice tutorial on that.

Some initial observations:

  • Ubuntu droplet come with lxd and snap preinstalled and running. If I’m running a dedicated database server I don’t need either of these services and can remove them.
  • It appears that Ubuntu is set to automatically install security patches. I don’t want to automatically install anything, I want to do updates during planned maintenance and after they have been tested. I still haven’t figured out how to disable this behavior.
  • There are comments about ESM and pro when I log in. If this is a quick script to run some advertising, it’s annoying but I’m not concerned. If there is anything running in the background then I probably want to get rid of it.

Is there some set of common practices that the Ubuntu experts use to remove unnecessary services and increase the stability of a droplet?

I think CentOS 7 was pretty minimal with just necessary services. The linux world has shifted since then and I’m just trying to find the most rebust starting point possible.

Thanks!!



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby Iliev
Bobby Iliev
January 11, 2025

Hey David! 👋

A good first step is to start with this tutorial here:

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu

The tutorial covers a lot of the things that you might be after.

Coming from CentOS, I get why you’d want a clean and stable environment. Here are a few things that you could also do based on your requirements:

  1. Since you’re not using LXD and Snap, you can safely remove them:

    sudo apt purge lxd lxd-client snapd
sudo apt autoremove --purge

  2. See what’s running and disable what you don’t need:

    sudo systemctl list-unit-files --state=enabled
sudo systemctl disable <service-name>

  3. Follow the steps from this tutorial here on how to secure your SSH service: https://www.digitalocean.com/community/tutorials/how-to-harden-openssh-on-ubuntu-20-04

Besides that, you could also do some non-security specific things like:

Ubuntu is a bit more user-friendly but still very flexible. You can definitely trim it down to be as lean as CentOS.

Good luck with your project!

\– Bobby

0
alexdo
alexdo
January 11, 2025

Heya, @nusbaum

On top of what’s already mentioned you can also consider the following:

  • Use ufw or iptables to manage firewall rules.
  • Test new updates in a staging environment before applying them to production.
  • Use LTS (Long-Term Support) versions of Ubuntu for better stability.
  • Use tools like htop or iostat to monitor resource usage and identify unnecessary services.
  • Consider setting up lightweight monitoring (e.g., Netdata or Prometheus).

In general Ubuntu’s flexibility allows you to strip away unnecessary components while retaining the robustness of its ecosystem.

Hope that this helps!

0
KFSys
KFSys
January 12, 2025

Heya,

I don’t think there is a set of common practices. The best way forward would be to remove software that you don’t need like snapd, lxd,

sudo apt purge lxd lxd-client snapd

You can also check a list of services like so

systemctl list-unit-files --state=enabled

and remove any that are not being used however leaving them as is I think is fine.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.