How to Deploy a Node.js App on DigitalOcean: Droplet + Nginx + PM2 + SSL in 2026

Managed platforms like Vercel and Railway are fantastic for quick deploys, but there comes a point where you want raw control: custom ports, long-running background jobs, WebSocket servers, or simply a fixed monthly bill that doesn't spike at scale. That's where a DigitalOcean Droplet shines.

This guide walks you through spinning up a /month Droplet, deploying a Node.js app, putting Nginx in front of it, keeping it alive with PM2, and securing it with a free Let's Encrypt SSL certificate — all from scratch.

New to DigitalOcean? Use this referral link to get 00 in free credit for 60 days — enough to run this entire setup for months at zero cost.

---

1. Create Your Droplet

Log in to DigitalOcean and click Create → Droplets. For most Node.js apps, the following specs are plenty to start:

• OS: Ubuntu 24.04 LTS
• Plan: Basic Shared CPU — /month (1 vCPU, 1 GB RAM, 25 GB SSD)
• Region: Choose the closest to your users
• Authentication: SSH key (strongly preferred over password)

Add your SSH key during creation so you can log in immediately without a password prompt.

2. Initial Server Setup

SSH into your new Droplet as root:

ssh root@YOUR_DROPLET_IP

Create a non-root sudo user and switch to it:

adduser deploy
usermod -aG sudo deploy
rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy
su - deploy

Update packages:

sudo apt update && sudo apt upgrade -y

3. Install Node.js via NVM

Using NVM keeps you flexible — swap Node versions without touching system packages:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
source ~/.bashrc
nvm install --lts
node -v   # should print v22.x or later

4. Clone and Build Your App

Pull your code onto the server. If you use a private repo, set up a deploy key or a personal access token first.

cd /var/www
sudo mkdir myapp && sudo chown deploy:deploy myapp
git clone https://github.com/yourname/myapp.git myapp
cd myapp
npm ci --omit=dev
# For Next.js:
npm run build

Create a .env file with your production environment variables:

cp .env.example .env
nano .env   # fill in DATABASE_URL, JWT_SECRET, etc.

5. Keep It Running with PM2

PM2 is the standard process manager for Node.js in production. It handles crashes, restarts on reboot, and gives you clean log management.

npm install -g pm2

# For a plain Express/Fastify app:
pm2 start src/index.js --name myapp

# For Next.js:
pm2 start npm --name myapp -- start

# Save the process list and enable startup on reboot:
pm2 save
pm2 startup systemd -u deploy --hp /home/deploy

Run the pm2 startup command it prints (starts with sudo env PATH=...).

Verify everything is green:

pm2 status
pm2 logs myapp --lines 50

6. Install and Configure Nginx

Nginx acts as a reverse proxy, terminates SSL, and serves static assets efficiently:

sudo apt install nginx -y
sudo systemctl enable nginx

Create a site config:

sudo nano /etc/nginx/sites-available/myapp

Paste this, replacing yourdomain.com and the upstream port:

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;

    location / {
        proxy_pass         http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade ;
        proxy_set_header   Connection 'upgrade';
        proxy_set_header   Host ;
        proxy_cache_bypass ;
        proxy_set_header   X-Real-IP ;
        proxy_set_header   X-Forwarded-For ;
        proxy_set_header   X-Forwarded-Proto ;
    }
}

Enable the site and test:

sudo ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Point your domain's A record to the Droplet IP, then confirm http://yourdomain.com loads your app.

7. Free SSL with Certbot

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Certbot auto-edits your Nginx config to redirect HTTP → HTTPS and installs a cron job to renew the certificate before it expires. You get a valid cert in about 30 seconds.

Test auto-renewal:

sudo certbot renew --dry-run

8. Basic Firewall

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable
sudo ufw status

Only ports 22, 80, and 443 are exposed. Your Node process on port 3000 is never directly reachable from the internet.

9. Zero-Downtime Deployments

For future deploys, this one-liner pulls the latest code and restarts gracefully:

cd /var/www/myapp   && git pull   && npm ci --omit=dev   && npm run build   && pm2 reload myapp --update-env

PM2's reload command performs a rolling restart — the old process keeps serving requests until the new one is ready. Zero downtime without Kubernetes.

10. Monitoring and Logs

A few quick commands to keep in your toolkit:

• pm2 monit — real-time CPU/memory dashboard in the terminal
• pm2 logs myapp — stream live application logs
• sudo tail -f /var/log/nginx/error.log — Nginx errors
• htop — system overview

DigitalOcean also provides Droplet Metrics in the dashboard (CPU, bandwidth, disk I/O) and optional Managed Monitoring alerts — useful for getting paged when CPU spikes.

---

Cost Reality Check

Droplet	vCPU	RAM	Monthly
Basic	1	1 GB
Basic	1	2 GB	2
Basic	2	4 GB	4
General Purpose	2	8 GB	3

For most side projects and early-stage products, the or 2 tier handles hundreds of concurrent users comfortably. You can vertically scale in one click from the dashboard — no re-provisioning required.

If you haven't created an account yet, grab 00 in free DigitalOcean credit to run this entire stack at zero cost while you're getting started.

---

Wrapping Up

In under an hour you've gone from an empty Droplet to a production-ready deployment pipeline:

• ✅ Node.js app running in production mode
• ✅ PM2 keeping it alive across crashes and reboots
• ✅ Nginx proxying with WebSocket support
• ✅ HTTPS with auto-renewing Let's Encrypt certificate
• ✅ UFW firewall locking down unnecessary ports

This stack has powered startups to millions of users. It's not glamorous, but it's rock-solid, cheap, and gives you full control. Once you outgrow a single Droplet, DigitalOcean's Load Balancers, Managed Databases, and Spaces (object storage) slot right in — no platform migration needed.