Getting Started with DigitalOcean

Welcome to DigitalOcean

DigitalOcean is a cloud infrastructure provider that has earned a loyal following among developers, startups, and small-to-medium businesses by prioritizing simplicity, transparent pricing, and an outstanding developer experience. Founded in 2011, DigitalOcean has grown from a simple virtual server provider into a comprehensive cloud platform offering compute, storage, managed databases, Kubernetes, serverless functions, and a full-featured Platform-as-a-Service (PaaS) called App Platform.

What sets DigitalOcean apart from hyperscale providers like AWS, Azure, and GCP is its focus on making cloud computing accessible. The control panel is clean and intuitive, the API is well-documented and consistent, pricing is flat and predictable (no surprise bills), and the community tutorials are among the best in the industry. If you are a developer who wants to deploy and manage infrastructure without a steep learning curve, DigitalOcean is an excellent choice.

This guide walks you through creating your DigitalOcean account, understanding the core concepts (Droplets, Projects, VPCs, regions), deploying your first resources, and setting up essential monitoring and security. Every step includes both control panel instructions and CLI commands using doctl, DigitalOcean's official command-line tool.

Creating Your Account

Visit cloud.digitalocean.com and sign up with your email address, Google account, or GitHub account. GitHub sign-up is popular among developers because it enables seamless integration with repositories for App Platform deployments later. You will need to provide a credit card or PayPal account for identity verification, but you will not be charged during the free trial period.

Installing doctl

The doctl CLI is the primary way to interact with DigitalOcean from your terminal. Install it using your package manager of choice:

# macOS with Homebrew
brew install doctl

# Ubuntu/Debian
sudo snap install doctl

# Windows with Scoop
scoop install doctl

# Verify installation
doctl version

Authenticating doctl

Generate a personal access token from the DigitalOcean control panel under API > Tokens/Keys. Then authenticate:

# Authenticate with your API token
doctl auth init

# Verify authentication
doctl account get

The doctl auth init command prompts for your token and stores it securely in your local configuration. You can manage multiple contexts (personal, work, client) using doctl auth init --context work and switch between them with doctl auth switch --context work.

Understanding DigitalOcean Concepts

Regions and Datacenters

DigitalOcean operates datacenters in multiple regions worldwide. Each region is identified by a slug like nyc3 (New York 3), sfo3(San Francisco 3), ams3 (Amsterdam 3), sgp1 (Singapore 1), lon1 (London 1), fra1 (Frankfurt 1), tor1(Toronto 1), blr1 (Bangalore 1), and syd1 (Sydney 1). Not all services are available in every region, so check availability before choosing your deployment region.

# List all available regions
doctl compute region list

# List available Droplet sizes in a specific region
doctl compute size list --output json | jq '.[].regions[]' | sort -u

Projects

Projects are organizational containers that group related resources together. Every DigitalOcean account has a default project, but you should create purpose-specific projects for each application or environment. Projects help you track costs, manage access, and keep your control panel organized. A resource can only belong to one project at a time.

# Create a new project
doctl projects create --name "Production App" \
  --purpose "Service or API" \
  --environment "Production" \
  --description "Production web application resources"

# List all projects
doctl projects list

# Move resources to a project
doctl projects resources assign <project-id> \
  --resource=do:droplet:<droplet-id>

VPCs (Virtual Private Clouds)

Every DigitalOcean region has a default VPC, and all resources created in that region are automatically placed in it. VPCs provide private networking between your resources using RFC 1918 addresses. Traffic within a VPC never traverses the public internet, reducing latency and improving security. You can create custom VPCs with specific IP ranges for network isolation between environments.

# Create a custom VPC
doctl vpcs create --name "prod-vpc" \
  --region nyc3 \
  --ip-range "10.10.0.0/16" \
  --description "Production network"

# List VPCs
doctl vpcs list

Deploying Your First Droplet

Droplets are DigitalOcean's virtual machines. They come in several types: Basic (shared CPU, good for development and light workloads), General Purpose (dedicated CPU, balanced for production), CPU-Optimized (dedicated CPU, high clock speed for compute-intensive tasks), Memory-Optimized (high RAM-to-CPU ratio for databases and caching), and Storage-Optimized (NVMe SSD storage for data-intensive applications).

# List available sizes
doctl compute size list

# Create a Droplet
doctl compute droplet create web-01 \
  --region nyc3 \
  --size s-2vcpu-4gb \
  --image ubuntu-24-04-x64 \
  --ssh-keys <ssh-key-fingerprint> \
  --vpc-uuid <vpc-uuid> \
  --tag-names "web,production" \
  --enable-monitoring \
  --enable-backups \
  --wait

# List your Droplets
doctl compute droplet list

Setting Up Cloud Firewalls

Cloud Firewalls are DigitalOcean's network-level firewall service. They filter traffic before it reaches your Droplets, providing an additional layer of security beyond OS-level firewalls like ufw or iptables. Cloud Firewalls are applied to Droplets by ID or tag, making it easy to manage rules across fleets of servers.

# Create a firewall allowing HTTP, HTTPS, and SSH
doctl compute firewall create \
  --name "web-firewall" \
  --inbound-rules "protocol:tcp,ports:80,address:0.0.0.0/0,address:::/0 protocol:tcp,ports:443,address:0.0.0.0/0,address:::/0 protocol:tcp,ports:22,address:10.10.0.0/16" \
  --outbound-rules "protocol:tcp,ports:all,address:0.0.0.0/0,address:::/0 protocol:udp,ports:all,address:0.0.0.0/0,address:::/0 protocol:icmp,address:0.0.0.0/0,address:::/0" \
  --tag-names "web"

# List firewalls
doctl compute firewall list

Notice that SSH access is restricted to the VPC CIDR range (10.10.0.0/16) rather than the entire internet. This is a security best practice. Access your Droplets via a bastion host or VPN, never expose SSH to 0.0.0.0/0 in production environments.

Enabling Monitoring

DigitalOcean provides built-in monitoring for all Droplets at no extra cost. When you create a Droplet with the --enable-monitoring flag, the monitoring agent is installed automatically, collecting CPU, memory, disk, and network metrics. You can then create alert policies that notify you via email or Slack when thresholds are breached.

# Create a CPU alert
doctl monitoring alert create \
  --type "v1/insights/droplet/cpu" \
  --compare GreaterThan \
  --value 80 \
  --window 5m \
  --entities <droplet-id> \
  --emails "ops@example.com" \
  --description "High CPU on web Droplet"

Setting Up Spaces Object Storage

Spaces is DigitalOcean's S3-compatible object storage service. It provides simple, scalable storage for static assets, backups, logs, and media files. Spaces includes 250 GB of storage and 1 TB of outbound transfer for $5/month, with additional storage at $0.02/GB and bandwidth at $0.01/GB.

# Create a Space
doctl compute cdn create --origin <space-name>.<region>.digitaloceanspaces.com \
  --domain cdn.example.com \
  --certificate-id <cert-id> \
  --ttl 3600

# Using s3cmd for file operations (Spaces is S3-compatible)
s3cmd put index.html s3://my-space/
s3cmd ls s3://my-space/

Using Managed Databases

DigitalOcean Managed Databases provide fully managed PostgreSQL, MySQL, Redis, MongoDB, and Kafka clusters. They include automated backups, failover, and software updates with no manual administration required. All database clusters are deployed inside your VPC for security, and you can restrict access using trusted sources (specific Droplets, Kubernetes clusters, or IP addresses).

# Create a PostgreSQL cluster
doctl databases create prod-pg \
  --engine pg \
  --version 16 \
  --region nyc3 \
  --size db-s-2vcpu-4gb \
  --num-nodes 2 \
  --private-network-uuid <vpc-uuid>

# Add a trusted source (Droplet)
doctl databases firewalls append <db-id> \
  --rule db_type:droplet,value:<droplet-id>

# Create a connection pool
doctl databases pool create <db-id> \
  --name app-pool \
  --mode transaction \
  --size 20 \
  --db defaultdb \
  --user doadmin

Next Steps

With your account set up, doctl configured, and your first resources deployed, you are ready to explore the full DigitalOcean platform. Here are recommended next steps based on your use case:

• Web applications: Deploy with App Platform for zero-ops PaaS, or use Droplets with a Load Balancer for more control.
• Containerized workloads: Set up DigitalOcean Kubernetes (DOKS) for orchestration with the Container Registry for image storage.
• Static sites and CDN: Use Spaces with the built-in CDN for global content delivery at minimal cost.
• APIs and microservices: Combine App Platform services with managed databases and Functions for event-driven processing.
• Cost optimization: Use reserved Droplets for steady-state workloads (up to 20% savings) and right-size database clusters based on actual usage.