Question
What do you do to prepare an Ubuntu droplet for production use
- Posted on January 10, 2025
- Ubuntu 22.04Ubuntu
Asked by David Nusbaum
I’m coming from CentOS and I’m curious what other’s in the DO community do to prepare their Ubuntu droplets for production use. This isn’t a hardening question, as I believe I have the security aspects sorted out and this isn’t about initial setup because DO already has a nice tutorial on that.
Some initial observations:
- Ubuntu droplet come with lxd and snap preinstalled and running. If I’m running a dedicated database server I don’t need either of these services and can remove them.
- It appears that Ubuntu is set to automatically install security patches. I don’t want to automatically install anything, I want to do updates during planned maintenance and after they have been tested. I still haven’t figured out how to disable this behavior.
- There are comments about ESM and pro when I log in. If this is a quick script to run some advertising, it’s annoying but I’m not concerned. If there is anything running in the background then I probably want to get rid of it.
Is there some set of common practices that the Ubuntu experts use to remove unnecessary services and increase the stability of a droplet?
I think CentOS 7 was pretty minimal with just necessary services. The linux world has shifted since then and I’m just trying to find the most rebust starting point possible.
Thanks!!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Hey David! 👋
A good first step is to start with this tutorial here:
The tutorial covers a lot of the things that you might be after.
Coming from CentOS, I get why you’d want a clean and stable environment. Here are a few things that you could also do based on your requirements:
Since you’re not using LXD and Snap, you can safely remove them:
See what’s running and disable what you don’t need:
Follow the steps from this tutorial here on how to secure your SSH service: https://www.digitalocean.com/community/tutorials/how-to-harden-openssh-on-ubuntu-20-04
Besides that, you could also do some non-security specific things like:
Ubuntu is a bit more user-friendly but still very flexible. You can definitely trim it down to be as lean as CentOS.
Good luck with your project!
\– Bobby
Heya, @nusbaum
On top of what’s already mentioned you can also consider the following:
ufworiptablesto manage firewall rules.htoporiostatto monitor resource usage and identify unnecessary services.In general Ubuntu’s flexibility allows you to strip away unnecessary components while retaining the robustness of its ecosystem.
Hope that this helps!
Heya,
I don’t think there is a set of common practices. The best way forward would be to remove software that you don’t need like
snapd,lxd,You can also check a list of services like so
and remove any that are not being used however leaving them as is I think is fine.