The Definitive Guide to Setting up a MikroTik CHR VPS with DigitalOcean
What is a MikroTik Cloud Hosted Router (CHR) and Why Use it with DigitalOcean?
MikroTik Cloud Hosted Router (CHR) is a powerful and cost-effective solution for businesses looking to manage their network and internet traffic. It is an ideal way to connect to DigitalOcean, a cloud hosting provider, and take advantage of its scalability, performance, and security features. With CHR, businesses can easily configure their networks in minutes with a few simple clicks. Furthermore, they can access the full range of DigitalOcean services such as storage and load balancing. With CHR’s flexibility and ease of use, businesses can quickly connect private networks to public clouds without the need for expensive hardware or complicated configurations. This makes it an attractive choice for businesses looking to save time and money while ensuring reliable network performance.
Consider the list below which shows the items you may need to complete this setup successfully:
1) The WinBox network configuration utility
2) A web browser, Google Chrome, Firefox, Internet Explorer, or Safari
3) The Mikrotik cloud-hosted router
4) A digital ocean cloud account
5) An SSH client such as Putty for Windows or the macOS / Linux terminal app
Below is a brief overview of the steps outlined in this tutorial:
1) Go to mikrotik.com and download the Cloud Hosted Router RAW disk image file.
2) Extract the RAW file to get the IMG file and upload it to Digital Ocean
3) Start a new droplet, select a region, an authentication method, and more
4) Open an SSH connection to the IP address assigned to the CHR and set an admin password
5) Create a new user account, configure brute-force login protection and purchase a CHR license.
1. Go to mikrotik.com and download the Cloud Hosted Router RAW disk image file
Open a new browser tab and go to mikrotik.com. Click the Software tab, scroll down, and expand the Cloud Hosted Router section. Click the Download icon for Raw disk image on the 7.8 Stable column to start the download process.
2. Extract the RAW file to get the IMG file and upload it to Digital Ocean
When the download completes, go into your downloads folder, right-click on the Mikrotik RAW image file and click Extract. You may need to install a file extraction program such as unzip or WinRAR. Sign into your digital ocean account and click Images and click the Custom Images tab. Click Upload Image, select the Mikrotik IMG file, and click Open.
An Upload Image popup window will be displayed with additional settings that need configuring. Set Distribution to Unknown and choose a data center region from the available options. Click Upload to add the image to your Digital Ocean Images library. Click More on the image, and click Start a droplet.
3. Start a new droplet, select a region, an authentication method, and more
Choose a region to deploy the droplet and select a data center from the chosen region. Verify that the CHR custom image is selected and select a droplet type. For the complete beginner, you can choose the Basic type and set CPU options to Regular. Select a pricing plan from the available options.
Enter a name for the SSH key file and press enter. A new public and private key pair file will be created in the/Users/your-username/.ssh/id_rsa directory. Open the file and copy its contents to your clipboard. Paste the contents on the Add public SSH key field and click Create Droplet.
4. Open an SSH connection to the IP address assigned to the CHR and set an admin password
5. Create a new user account, configure brute-force login protection and purchase a CHR license.
We recommend that you create a new user account, configure brute-force login protection and purchase a CHR license. Run the command below to create a new user account on the Mikrotik Cloud Hosted Router:
To increase the security of your CHR and block brute-force attacks on service ports such as FTP, disable all un-necessary IP services by running commands:
brute-force login protection
To further protect the Cloud Hosted Router from brute-force attacks, run the commands below to prevent FTP attacks. The brute-forcing IP address will be added to a block list to prevent it from ever accessing the router: