74 lines
2.7 KiB
Markdown
74 lines
2.7 KiB
Markdown
**Create an SSH key for local computer**
|
|
|
|
ssh-keygen -t rsa -C "your_email@example.com"
|
|
|
|
Copy the new key to clipboard:
|
|
* Windows: clip < id_rsa.pub
|
|
* Linux: sudo apt-get install xclip
|
|
xclip -sel clip < ~/.ssh/id_rsa.pub
|
|
* Mac: pbcopy < ~/.ssh/id_rsa.pub
|
|
* Manual Copy: cat ~/.ssh/id_rsa.pub
|
|
|
|
Add the SSH key to the drop creation screen.
|
|
|
|
|
|
1. Create a new user to replace root user
|
|
1. # adduser bob
|
|
2. # usermod -aG sudo bob
|
|
3. # su - bob
|
|
4. $ mkdir ~/.ssh
|
|
5. $ chmod 700 ~/.ssh
|
|
6. $ nano ~/.ssh/authorized_keys
|
|
7. Add the copied SSH key and save.
|
|
8. $ chmod 600 ~/.ssh/authorized_keys #Restrict access to authroized keys.
|
|
2. Setup the Firewall
|
|
1. $ sudo ufw allow OpenSSH.
|
|
2. $ sudo ufw enable
|
|
3. Add Nginx & Configure
|
|
1. $ sudo apt-get update
|
|
2. $ sudo apt-get install nginx
|
|
3. sudo ufw allow 'Nginx Full'
|
|
4. $ sudo ufw app list
|
|
1. Nginx Full: Opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic)
|
|
2. Nginx Http: Opens only port 80 (normal, unencrypted web traffic)
|
|
3. Nginx Https: Opens only port 443 (TLS/SSL encrypted traffic)
|
|
5. Should now be able to go to IP and see nginx responding with a blank page.
|
|
4. Install Certbot
|
|
1. $ sudo add-apt-repository ppa:certbot/certbot
|
|
2. $ sudo apt-get update
|
|
3. $ sudo apt install python-certbot-nginx
|
|
4. $ sudo nano /etc/nginx/sites-available/default
|
|
5. Find the existing server_name line and replace the underscore with your domain name:
|
|
...
|
|
server_name example.com www.example.com;
|
|
...
|
|
6. $ sudo nginx -t //Verify syntax.
|
|
7. $ sudo systemctl reload nginx
|
|
5. Generate Certificate
|
|
1. $ sudo certbot --nginx -d example.com -d www.example.com //Follow prompts.
|
|
2. $ sudo certbot renew --dry-run //Dry run to test auto renewal.
|
|
6. Install NodeJs
|
|
1. $ curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
|
|
2. $ sudo apt install nodejs
|
|
3. $ node --version
|
|
7. Clone Source Code
|
|
1. $ git clone git@bitbucket.org:snaptsoft/bodyshop.git //Requires SSH setup.
|
|
2. $ cd bodyshop && npm install //Install all server dependencies.
|
|
8. Setup PM2
|
|
1. $ npm install pm2 -g
|
|
2. $ pm2 start server.js
|
|
3. $ pm2 startup ubuntu //Ensure it starts when server does.
|
|
9. Alter Nginx config
|
|
1. sudo nano /etc/nginx/sites-available/default
|
|
2. Add Appropriate server names to the file. www. and non-www.
|
|
3. Add the following inside the location block:
|
|
proxy_pass http://localhost:{{YOUR-APP-PORT-IN-YOUR-CODE}};
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
proxy_cache_bypass $http_upgrade;
|
|
|
|
|
|
|