DevOps
{username} = your username
{ip} = your DO droplet ip address
{repo} = your repo address
{email} = your email
Go to DigitalOcean.com
Sign up for an account
Generate an SSH key for your laptop (if does not exists yet)
Upload SSH key to DO
Create a new droplet and choose your ssh key you just uploaded
Get IP of new Droplet
ssh root@{ip}
Enter yes to prompt
adduser {username}
and follow prompts
mkdir /home/{username}/.ssh
cd /home/{username}/.ssh
touch authorized_keys
vi authorized_keys
Paste your .ssh/id_rsa.pub key from your laptop into this file
:wq
to leave vim
cd ..
to leave .ssh folder
chown -R {username}:{username} .ssh
exit
ssh {username}@{ip}
exit
usermod -aG sudo {username}
su - {username}// switch to new account
sudo ls -lah /root` // smoke test sudo capabilities
exit
exit
`ssh {username}@{ip}
INSTALL NVM (https://github.com/creationix/nvm)
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash
source .bashrc
// restart terminal
nvm install —lts
// install latest LTS node version
node —version
// smoke test node
sudo apt install redis-server
redi-cli
// smoke test reds
sudo apt install nginx
nginx -v
// smoke test nginx
sudo apt install postgresql
sudo apt install postgresql-contrib
sudo -u postgres createuser --interactive
createdb {username}
psql
// GENERATE SSH KEY
ssh-keygen -t rsa -b 4096 -C “{email}”
// just stick with defaults
cat /home/{username}/.ssh/id_rsa.pub
// smoke test new key
Go to github.com
Go to your repo
Click on Settings -> Deploy Keys -> Add Deploy Key
Give this deploy key a name (should relate to the server)
Copy paste the id_rsa.pub from above into the field
Make sure ‘Write Access’ is unchecked
Click Add
cd ..
mkdir projects
cd projects
git clone {repo}
Configure the config file and db database and tables as needed
Running nodemon server.js
should bring up a working server on port X
Still won’t be able to hit the server until nginx is running smoothly
cd /etc/nginx/sites-available
sudo touch {name}
sudo vi {name}
Paste in this:
server {
listen 80;
server_name {ip};
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
sudo cp {name} ../sites-enabled/
sudo nginx -t
// smoke test the new config file we made
sudo service nginx reload
Smoke test by going to your {ip}
- Add user to posters db that isn’t based on system user
- PM2
- Let’s Encrypt
- Let’s Encrypt cron job
- Lockdown sshd_config file
- UFW only allow posts {80, 443, 2222}
- Setup a ssh config (on server and on laptop)
- Setup automatic updates