We've gotten a lot of benefit from install scripts for digital ocean but haven't always used best practices or followed them up with maintenance and upgrade practices.
We should avoid running as root on any machine used for more than wiki. Configuring nginx is one solution. A quick hack with ssh is another. stack overflow
sudo ssh $USERNAME@localhost -L 80:localhost:3000 -N