DigitalOcean
This guide focuses on configuring DigitalOcean Cloud Firewalls for Actvt remote monitoring on DigitalOcean Droplets.
Prerequisites
- DigitalOcean account
- Droplet running Ubuntu 20.04+ or similar Linux distribution
- Basic familiarity with DigitalOcean Control Panel or doctl CLI
For required ports, see Prerequisites.
DigitalOcean Cloud Firewall Configuration
Method 1: Using DigitalOcean Control Panel
-
Navigate to Firewalls
- Go to DigitalOcean Control Panel
- Click "Networking" in the left sidebar
- Click "Firewalls"
- Click "Create Firewall"
-
Create Firewall Rules
Name your firewall:
actvt-monitoringInbound Rules:
SSH Rule:
Type: SSH
Protocol: TCP
Port: 22
Sources: Your IP address (recommended) or All IPv4 & IPv6HTTP Rule:
Type: HTTP
Protocol: TCP
Port: 80
Sources: All IPv4 & IPv6Custom WebSocket Rule:
Type: Custom
Protocol: TCP
Port: 4096
Sources: All IPv4 & IPv6 (or restrict to your IP range) -
Apply Firewall to Droplet
- In the "Apply to Droplets" section
- Search for your droplet name
- Select your droplet
- Click "Create Firewall"
Method 2: Using doctl CLI
First, install the doctl CLI:
# Install doctl (Linux/macOS)
# Download from: https://github.com/digitalocean/doctl/releases
# For Ubuntu/Debian:
wget https://github.com/digitalocean/doctl/releases/latest/download/doctl-1.94.0-linux-amd64.tar.gz
tar xf doctl-*.tar.gz
sudo mv doctl /usr/local/bin
# Authenticate with your API token
doctl auth init
# Enter your DigitalOcean API token when prompted
Create firewall and rules:
# Create a new firewall
doctl compute firewall create \
--name actvt-monitoring \
--inbound-rules "protocol:tcp,ports:22,address:YOUR_IP/32" \
--inbound-rules "protocol:tcp,ports:80,address:0.0.0.0/0" \
--inbound-rules "protocol:tcp,ports:4096,address:0.0.0.0/0" \
--droplet-ids YOUR_DROPLET_ID
# Alternative: Apply to existing droplets by tag
doctl compute firewall create \
--name actvt-monitoring \
--inbound-rules "protocol:tcp,ports:22,address:YOUR_IP/32" \
--inbound-rules "protocol:tcp,ports:80,address:0.0.0.0/0" \
--inbound-rules "protocol:tcp,ports:4096,address:0.0.0.0/0" \
--tag-names monitoring
Get your droplet ID if needed:
# List your droplets
doctl compute droplet list
# Get specific droplet ID
doctl compute droplet get your-droplet-name --format ID --no-header
Verify Configuration
Check that your firewall is properly configured:
# List firewalls
doctl compute firewall list
# Get firewall details
doctl compute firewall get actvt-monitoring
# Test connectivity (from your local machine)
telnet YOUR_DROPLET_IP 4096
nc -zv YOUR_DROPLET_IP 4096
Additional Security Considerations
Restrict WebSocket Access
For production environments, consider restricting port 4096:
# Update firewall to restrict WebSocket access
doctl compute firewall update actvt-monitoring \
--inbound-rules "protocol:tcp,ports:22,address:YOUR_IP/32" \
--inbound-rules "protocol:tcp,ports:80,address:0.0.0.0/0" \
--inbound-rules "protocol:tcp,ports:4096,address:YOUR_OFFICE_IP/32"
Multiple IP Ranges
To allow access from multiple IP ranges:
# Create firewall with multiple source IPs
doctl compute firewall create \
--name actvt-monitoring \
--inbound-rules "protocol:tcp,ports:22,address:YOUR_HOME_IP/32" \
--inbound-rules "protocol:tcp,ports:22,address:YOUR_OFFICE_IP/32" \
--inbound-rules "protocol:tcp,ports:80,address:0.0.0.0/0" \
--inbound-rules "protocol:tcp,ports:4096,address:YOUR_HOME_IP/32" \
--inbound-rules "protocol:tcp,ports:4096,address:YOUR_OFFICE_IP/32" \
--droplet-ids YOUR_DROPLET_ID
Using Tags for Management
Apply firewall rules to droplets using tags:
# Tag your droplet
doctl compute droplet tag YOUR_DROPLET_ID --tag-names monitoring
# Create firewall that applies to tagged droplets
doctl compute firewall create \
--name actvt-monitoring \
--inbound-rules "protocol:tcp,ports:22,address:YOUR_IP/32" \
--inbound-rules "protocol:tcp,ports:80,address:0.0.0.0/0" \
--inbound-rules "protocol:tcp,ports:4096,address:0.0.0.0/0" \
--tag-names monitoring
For troubleshooting connectivity, see the Troubleshooting Guide.