How to create your first DigitalOcean droplet
- Add new domain e.g: example.com without the www
- Set A records for example.com
HOSTNAME WILL DIRECT TO
@ droplet-ip
* droplet-ip
www droplet-ip
test droplet-ip
More at How to set up a host name with digitalocean
$ ssh root@droplet-ip
$ passwd
$ ufw allow 22
$ ufw enable
I will ask:
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
sudo add-apt-repository ppa:nginx/stable
sudo apt-get update
$ apt install nginx-full
$ ufw status
You will see:
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
List available options
$ sudo ufw app list
You will see:
Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
As you can see, there are three profiles available for Nginx:
Nginx Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic) Nginx HTTP: This profile opens only port 80 (normal, unencrypted web traffic) Nginx HTTPS: This profile opens only port 443 (TLS/SSL encrypted traffic)
Because the SSL is not set yet, we will add Nginx Full profile to accept not Https request.
Add Nginx Full and OpenSSH
$ ufw allow 'Nginx Full'
$ ufw allow OpenSSH
Check again $ ufw status
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
More at: how to install nginx on ubuntu 16 04 - Adjust the firewall How to setup a firewall with ufw on an ubuntu and debian cloud server
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
Certbot can automatically configure SSL for Nginx, but it needs to be able to find the correct server block in your config. It does this by looking for a server_name directive that matches the domain you're requesting a certificate for.
If you're starting out with a fresh Nginx install, you can update the default config file. Open it with nano or your favorite text editor.
$ sudo nano /etc/nginx/sites-available/default
Find the existing server_name line and replace the underscore, _, with your domain name:
. . .
server_name example.com www.example.com test.example.com;
. . .
You can save and close the file by hitting Ctrl-X, followed by Y, and then Enter to confirm.
Then, verify the syntax of your configuration edits.
$ sudo nginx -t
If you get any errors, reopen the file and check for typos, then test it again.
Once your configuration's syntax is correct, reload Nginx to load the new configuration.
$ sudo service nginx restart
$ sudo systemctl reload nginx
More at: How to secure nginx with let s encrypt on ubuntu 16-04 - Setting up nginx
Hot issue: certbot/certbot#5405 (comment)
Unfortunately, Let's Encrypt has stopped offering the mechanism that Certbot's Apache and Nginx plugins use to prove you control a domain due to a security issue. See https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188 for more info.
So to get SSL Certificate run this:
$ sudo certbot --authenticator standalone --installer nginx --pre-hook "service nginx stop" --post-hook "service nginx start"
- Next it will ask for your email, "Enter email address (used for urgent renewal and security notices)"
- Then ask to agree to Terms of Service. R: A
- Then ask to share your email with the Electronic Frontier Foundation. R: Y
- Then it will ask for which names would you like to activate HTTPS for? R: 1,2,3
- Then it will ask for whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. R: 2
Then you will see
Congratulations! You have successfully enabled https://example.com, https://test.example.com, and https://www.example.com
At this point, you can see your site browser bar https://www.example.com, with https SSL.
First, you need to install the NodeSource PPA in order to get access to its contents. Make sure you're in your home directory, and use curl to retrieve the installation script for the Node.js 6.x archives:
$ cd ~
$ curl -sL https://deb.nodesource.com/setup_6.x -o nodesource_setup.sh
$ sudo bash nodesource_setup.sh
The PPA will be added to your configuration and your local package cache will be updated automatically. After running the setup script from nodesource, you can install the Node.js package in the same way that you did above:
$ sudo apt-get install nodejs
The nodejs package contains the nodejs binary as well as npm, so you don't need to install npm separately. However, in order for some npm packages to work (such as those that require compiling code from source), you will need to install the build-essential package:
$ sudo apt-get install build-essential
cd /var/www/html/
Create a file: $ nano index.js and save the next code:
#!/usr/bin/env nodejs
var http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello World\n');
}).listen(8080, 'localhost');
console.log('Server running at http://localhost:8080/');
Install PM2 - which is a process manager for Node.js applications. PM2 provides an easy way to manage and daemonize applications (run them in the background as a service).
# Install latest PM2 version
$ sudo npm install pm2@latest -g
The first thing you will want to do is use the pm2 start command to run your application, hello.js, in the background:
$ pm2 start index.js
The startup subcommand generates and configures a startup script to launch PM2 and its managed processes on server boots:
$ pm2 startup systemd
More at https://github.com/Unitech/pm2
Open the file for editing:
$ sudo nano /etc/nginx/sites-available/default
Replace the contents of that block with the following configuration. If your application is set to listen on a different port, update the highlighted portion to the correct port number.
. . .
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
**Before: **
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
After:
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
Make sure you didn't introduce any syntax errors by typing:
$ sudo nginx -t
Next, restart Nginx:
$ sudo systemctl restart nginx
More at how to set up a node js application for production on ubuntu 16 04
Go to https://tools.pingdom.com, enter the domain: https://www.example.com, You will get Performance grade of B 83, To solve this, you need Specify a Vary: Accept-Encoding header.
Open the file nginx.conf
$ nano /etc/nginx/nginx.conf
Uncomment and add <gunzip on;> <gzip_static on;>
gzip_vary on;
gunzip on;
gzip_static on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml$
You can save and close the file by hitting Ctrl-X, followed by Y, and then Enter to confirm.
Make sure you didn't introduce any syntax errors by typing:
$ sudo nginx -t
Next, restart Nginx:
$ sudo systemctl restart nginx
Test again: https://tools.pingdom.com, You should have Performance grade of A 100.
More at Set vary accept encoding header nginx
Congratulations! You now have your Node.js application running behind an Nginx reverse proxy on an Ubuntu 16.04 server. This reverse proxy setup is flexible enough to provide your users access to other applications or static web content that you want to share. Good luck with your Node.js development!
Now that you know how to manage the service itself, you should take a few minutes to familiarize yourself with a few important directories and files.
/var/www/html: The actual web content, which by default only consists of the default Nginx page you saw earlier, is served out of the /var/www/html directory. This can be changed by altering Nginx configuration files.
-
/etc/nginx:The Nginx configuration directory. All of the Nginx configuration files reside here. -
/etc/nginx/nginx.conf:The main Nginx configuration file. This can be modified to make changes to the
-
/etc/nginx/sites-available/:The directory where per-site "server blocks" can be stored. Nginx will not use the configuration files found in this directory unless they are linked to the sites-enabled directory (see below). Typically, all server block configuration is done in this directory, and then enabled by linking to the other directory. -
/etc/nginx/sites-enabled/:The directory where enabled per-site "server blocks" are stored. Typically, these are created by linking to configuration files found in the sites-available directory. -
/etc/nginx/snippets:This directory contains configuration fragments that can be included elsewhere in the Nginx configuration. Potentially repeatable configuration segments are good candidates for refactoring into snippets.
-
/var/log/nginx/access.log:Every request to your web server is recorded in this log file unless Nginx is configured to do otherwise. -
/var/log/nginx/error.log:Any Nginx errors will be recorded in this log.
More at How to install nginx on ubuntu 16.04 - Get familiar with important nginx files and directories
$ adduser newuser
$ usermod -a -G sudo newuser
(optional) Specifying Explicit User Privileges
$ visudo
add this new line newuser ALL=(ALL:ALL) ALL, and save.
root ALL=(ALL:ALL) ALL
newuser ALL=(ALL:ALL) ALL
You can save and close the file by hitting Ctrl-X, followed by Y, and then Enter to confirm.
More at: How to add and delete users on ubuntu 16 04 Initial server setup with ubuntu 16-04
Generate ssh key in the server
Copy cat ~/.ssh/id_rsa.pub
Add to github ssh keys. https://github.com/settings/keys
git clone git@github.com:repository-name.git .
The folder must be empty.
Take into account the dot at the end of the line, git clone git@github.com:repository-name.git ., That is for clone in the same folder, e.g you are in /www/html, then clone the repository as I say previously, and all the files will be there without repository folder name.
Everytime you modified the process that run as deamon e.g: server/app.js, index.js. You have to stop, delete an start again the deamon to see the changes.
$ pm2 list # List all processes started with PM2
$ pm2 stop 0 # Stop process with id 0
$ pm2 stop all # Stop all apps
$ pm2 delete 0 # Delete app with id 0
$ pm2 start app.js # Start, Daemonize and auto-restart application (Node)
More at https://github.com/Unitech/pm2#commands-overview
When you update the repository in github, to update the server files, only do git pull, you will see the last changes.