Skip to content

Instantly share code, notes, and snippets.

@douyw
Forked from tomysmile/01-ubuntu-16.04-setup.md
Created January 5, 2017 09:41
Show Gist options
  • Save douyw/d9e7fc2654194469417ff7148d02c9f3 to your computer and use it in GitHub Desktop.
Save douyw/d9e7fc2654194469417ff7148d02c9f3 to your computer and use it in GitHub Desktop.
Ubuntu 16.04 Setup in Digital Ocean

Initial Server Setup with Ubuntu 16.04

Update Packages

$ sudo apt-get update

Add Swap

Create a Swap File

The quicker way of getting the same file is by using the fallocate program. This command creates a file of a preallocated size instantly, without actually having to write dummy contents.

We can create a 4 Gigabyte file by typing:

sudo fallocate -l 4G /swapfile

The prompt will be returned to you almost immediately. We can verify that the correct amount of space was reserved by typing:

ls -lh /swapfile

-rw-r--r-- 1 root root 4.0G Apr 28 17:19 /swapfile

As you can see, our file is created with the correct amount of space set aside.

Enabling the Swap File

Right now, our file is created, but our system does not know that this is supposed to be used for swap. We need to tell our system to format this file as swap and then enable it.

Before we do that though, we need to adjust the permissions on our file so that it isn't readable by anyone besides root. Allowing other users to read or write to this file would be a huge security risk. We can lock down the permissions by typing:

sudo chmod 600 /swapfile

Verify that the file has the correct permissions by typing:

ls -lh /swapfile

-rw------- 1 root root 4.0G Apr 28 17:19 /swapfile

As you can see, only the columns for the root user have the read and write flags enabled.

Now that our file is more secure, we can tell our system to set up the swap space by typing:

sudo mkswap /swapfile


Setting up swapspace version 1, size = 4194300 KiB
no label, UUID=e2f1e9cf-c0a9-4ed4-b8ab-714b8a7d6944

Our file is now ready to be used as a swap space. We can enable this by typing:

sudo swapon /swapfile

We can verify that the procedure was successful by checking whether our system reports swap space now:

sudo swapon -s


Filename                Type        Size    Used    Priority
/swapfile              file        4194300 0      -1

We have a new swap file here. We can use the free utility again to corroborate our findings:

free -m


            total      used      free    shared    buffers    cached
Mem:          3953        101      3851          0          5        30
-/+ buffers/cache:        66      3887
Swap:        4095          0      4095

Our swap has been set up successfully and our operating system will begin to use it as necessary.

Make the Swap File Permanent

We have our swap file enabled, but when we reboot, the server will not automatically enable the file. We can change that though by modifying the fstab file.

Edit the file with root privileges in your text editor:

sudo nano /etc/fstab

At the bottom of the file, you need to add a line that will tell the operating system to automatically use the file you created:

/swapfile  none    swap    sw    0  0

Save and close the file when you are finished.

Tweak your Swap Settings

There are a few options that you can configure that will have an impact on your system's performance when dealing with swap.

The swappiness parameter configures how often your system swaps data out of RAM to the swap space. This is a value between 0 and 100 that represents a percentage.

With values close to zero, the kernel will not swap data to the disk unless absolutely necessary. Remember, interactions with the swap file are "expensive" in that they take a lot longer than interactions with RAM and they can cause a significant reduction in performance. Telling the system not to rely on the swap much will generally make your system faster.

Values that are closer to 100 will try to put more data into swap in an effort to keep more RAM space free. Depending on your applications' memory profile or what you are using your server for, this might be better in some cases.

To persist until the next reboot. We can set this value automatically at restart by adding the line to our /etc/sysctl.conf file:

sudo nano /etc/sysctl.conf

At the bottom, you can add:

vm.swappiness=10

Save and close the file when you are finished.

Another related value that you might want to modify is the vfs_cache_pressure. This setting configures how much the system will choose to cache inode and dentry information over other data.

Basically, this is access data about the filesystem. This is generally very costly to look up and very frequently requested, so it's an excellent thing for your system to cache. You can see the current value by querying the proc filesystem again:

cat /proc/sys/vm/vfs_cache_pressure


100

Again, this is only valid for our current session. We can change that by adding it to our configuration file like we did with our swappiness setting:

sudo nano /etc/sysctl.conf

At the bottom, add the line that specifies your new value:

vm.vfs_cache_pressure = 50

Save and close the file when you are finished.

Root Login

To log into your server, you will need to know your server's public IP address. You will also need the password or, if you installed an SSH key for authentication, the private key for the "root" user's account. If you have not already logged into your server, you may want to follow the first tutorial in this series, How to Connect to Your Droplet with SSH, which covers this process in detail.

If you are not already connected to your server, go ahead and log in as the root user using the following command (substitute the highlighted word with your server's public IP address):

ssh root@SERVER_IP_ADDRESS

Complete the login process by accepting the warning about host authenticity, if it appears, then providing your root authentication (password or private key). If it is your first time logging into the server with a password, you will also be prompted to change the root password.

Create a New User

Once you are logged in as root, we're prepared to add the new user account that we will use to log in from now on.

This example creates a new user called "tomy", but you should replace it with a username that you like:

adduser tomy

You will be asked a few questions, starting with the account password.

Enter a strong password and, optionally, fill in any of the additional information if you would like. This is not required and you can just hit ENTER in any field you wish to skip.

Root Privileges

Now, we have a new user account with regular account privileges. However, we may sometimes need to do administrative tasks.

To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as "superuser" or root privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word sudo before each command.

To add these privileges to our new user, we need to add the new user to the "sudo" group. By default, on Ubuntu 16.04, users who belong to the "sudo" group are allowed to use the sudo command.

As root, run this command to add your new user to the sudo group (substitute the highlighted word with your new user):

usermod -aG sudo sammy

Now your user can run commands with superuser privileges.

Add Public Key Authentication

If you do not already have an SSH key pair, which consists of a public and private key, you need to generate one. If you already have a key that you want to use, skip to the Copy the Public Key step.

Generate a Key Pair in Your Local Machine

To generate a new key pair, enter the following command at the terminal of your local machine (ie. your computer):

ssh-keygen

Assuming your local user is called "localuser", you will see output that looks like the following:

ssh-keygen output
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/localuser/.ssh/id_rsa):
Hit return to accept this file name and path (or enter a new name).

Next, you will be prompted for a passphrase to secure the key with. You may either enter a passphrase or leave the passphrase blank.

Copy the Public Key

After generating an SSH key pair, you will want to copy your public key to your new server. We will cover two easy ways to do this.

  • Option 1: Use ssh-copy-id

If your local machine has the ssh-copy-id script installed, you can use it to install your public key to any user that you have login credentials for.

Run the ssh-copy-id script by specifying the user and IP address of the server that you want to install the key on, like this:

ssh-copy-id tomy@SERVER_IP_ADDRESS

After providing your password at the prompt, your public key will be added to the remote user's .ssh/authorized_keys file. The corresponding private key can now be used to log into the server.

  • Option 2: Manually Install the Key

Assuming you generated an SSH key pair using the previous step, use the following command at the terminal of your local machine to print your public key (id_rsa.pub):

cat ~/.ssh/id_rsa.pub

This should print your public SSH key, which should look something like the following:

id_rsa.pub contents
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBGTO0tsVejssuaYR5R3Y/i73SppJAhme1dH7W2c47d4gOqB4izP0+fRLfvbz/tnXFz4iOP/H6eCV05hqUhF+KYRxt9Y8tVMrpDZR2l75o6+xSbUOMu6xN+uVF0T9XzKcxmzTmnV7Na5up3QM3DoSRYX/EP3utr2+zAqpJIfKPLdA74w7g56oYWI9blpnpzxkEd3edVJOivUkpZ4JoenWManvIaSdMTJXMy3MtlQhva+j9CgguyVbUkdzK9KKEuah+pFZvaugtebsU+bllPTB0nlXGIJk98Ie9ZtxuY3nCKneB+KjKiXrAvXUPCI9mWkYS/1rggpFmu3HbXBnWSUdf [email protected]

Select the public key, and copy it to your clipboard.

To enable the use of SSH key to authenticate as the new remote user, you must add the public key to a special file in the user's home directory.

On the server, as the root user, enter the following command to temporarily switch to the new user (substitute your own user name):

su - sammy

Now you will be in your new user's home directory.

Create a new directory called .ssh and restrict its permissions with the following commands:

mkdir ~/.ssh
chmod 700 ~/.ssh

Now open a file in .ssh called authorized_keys with a text editor. We will use nano to edit the file:

nano ~/.ssh/authorized_keys

Now insert your public key (which should be in your clipboard) by pasting it into the editor.

Hit CTRL-x to exit the file, then y to save the changes that you made, then ENTER to confirm the file name.

Now restrict the permissions of the authorized_keys file with this command:

chmod 600 ~/.ssh/authorized_keys

Type this command once to return to the root user:

exit

Now your public key is installed, and you can use SSH keys to log in as your user.

Set Up a Basic Firewall

Ubuntu 16.04 servers can use the UFW firewall to make sure only connections to certain services are allowed. We can set up a basic firewall very easily using this application.

Different applications can register their profiles with UFW upon installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service allowing us to connect to our server now, has a profile registered with UFW.

You can see this by typing:

sudo ufw app list

Output
Available applications:
  OpenSSH

We need to make sure that the firewall allows SSH connections so that we can log back in next time. We can allow these connections by typing:

sudo ufw allow OpenSSH

Afterwards, we can enable the firewall by typing:

sudo ufw enable

Type "y" and press ENTER to proceed. You can see that SSH connections are still allowed by typing:

sudo ufw status

Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)

If you install and configure additional services, you will need to adjust the firewall settings to allow acceptable traffic in. You can learn some common UFW operations in this guide.

Missing Locale

Missing locales are generated with locale-gen:

locale-gen en_US.UTF-8

Add to your /etc/environment :

LC_ALL=en_US.UTF-8

logout or reboot the machine to take effect.

Preparing for Development

$ sudo apt-get install libkrb5-dev build-essential

Language Runtimes and Development Tools

Python 3.5

Ubuntu 16.04 comes by default with Python 3.5.1 installed as the python3 binary. Python 2 is still installable using the python package:

sudo apt-get install python

This may be necessary to support existing code which hasn't yet been ported.

Users of the Vim editor should note that the default builds of Vim now use Python 3, which may break plugins that rely on Python 2.

Python 2.7 (minimal)

sudo apt-get install python2.7-minimal

Go 1.6

Go 1.6 was released earlier this year, and is packaged for Ubuntu 16.04.

PHP 7

Ubuntu 16.04's PHP packages now default to v7.0. PHP 7 offers major performance improvements over its predecessors, along with new features such as scalar type declarations for function parameters and return values. It also deprecates some legacy features and removes a number of extensions. If you are developing or deploying PHP 5 software, code changes or upgrades to newer releases may be necessary before you migrate your application.

See Getting Ready for PHP 7 and the official PHP migration guide for a detailed list of changes.

How To Install Node.js on Ubuntu 16.04

How To Install Using a PPA

An alternative that can get you a more recent version of Node.js is to add a PPA (personal package archive) maintained by NodeSource. This will have more up-to-date versions of Node.js than the official Ubuntu repositories, and allows you to choose between Node.js v4.x (the long-term support version, supported until April of 2017) and v6.x (the current version, which will actively receive new features until it transitions to long-term support).

First, you need to install the PPA in order to get access to its contents. Make sure you're in your home directory, and use curl to retrieve the installation script for your preferred version, making sure to replace 6.x with the correct version string:

for v4.x.x

curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
sudo apt-get install -y nodejs

Alternatively, for v6.x.x

curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
sudo apt-get install -y nodejs

The nodejs package contains the nodejs binary as well as npm, so you don't need to install npm separately. However, in order for some npm packages to work (such as those that require compiling code from source), you will need to install the build-essential package:

sudo apt-get install build-essential

How To Install the Distro-Stable Version for Ubuntu

Ubuntu 16.04 contains a version of Node.js in its default repositories that can be used to easily provide a consistent experience across multiple systems. At the time of writing, the version in the repositories is v4.2.6. This will not be the latest version, but it should be quite stable, and should be sufficient for quick experimentation with the language.

In order to get this version, we just have to use the apt package manager. We should refresh our local package index first, and then install from the repositories:

sudo apt-get update
sudo apt-get install nodejs

If the package in the repositories suits your needs, this is all that you need to do to get set up with Node.js. In most cases, you'll also want to also install npm, which is the Node.js package manager. You can do this by typing:

sudo apt-get install npm

This will allow you to easily install modules and packages to use with Node.js.

Because of a conflict with another package, the executable from the Ubuntu repositories is called nodejs instead of node. Keep this in mind as you are running software.

How To Install Using NVM

An alternative to installing Node.js through apt is to use a specially designed tool called nvm, which stands for "Node.js version manager".

Using nvm, you can install multiple, self-contained versions of Node.js which will allow you to control your environment easier. It will give you on-demand access to the newest versions of Node.js, but will also allow you to target previous releases that your app may depend on.

To start off, we'll need to get the software packages from our Ubuntu repositories that will allow us to build source packages. The nvm script will leverage these tools to build the necessary components:

sudo apt-get update
sudo apt-get install build-essential libssl-dev

Once the prerequisite packages are installed, you can pull down the nvm installation script from the project's GitHub page. The version number may be different, but in general, you can download it with curl:

curl -sL https://raw.githubusercontent.com/creationix/nvm/v0.31.0/install.sh -o install_nvm.sh

And inspect the installation script with nano:

nano install_nvm.sh

Run the script with bash:

bash install_nvm.sh

It will install the software into a subdirectory of your home directory at ~/.nvm. It will also add the necessary lines to your ~/.profile file to use the file.

To gain access to the nvm functionality, you'll need to log out and log back in again, or you can source the ~/.profile file so that your current session knows about the changes:

source ~/.profile

Now that you have nvm installed, you can install isolated Node.js versions.

To find out the versions of Node.js that are available for installation, you can type:

nvm ls-remote

Output
...
         v5.8.0
         v5.9.0
         v5.9.1
        v5.10.0
        v5.10.1
        v5.11.0
         v6.0.0

As you can see, the newest version at the time of this writing is v6.0.0. You can install that by typing:

nvm install 6.0.0

Usually, nvm will switch to use the most recently installed version. You can explicitly tell nvm to use the version we just downloaded by typing:

nvm use 6.0.0

When you install Node.js using nvm, the executable is called node. You can see the version currently being used by the shell by typing:

node -v

Output
v6.0.0

If you have multiple Node.js versions, you can see what is installed by typing:

nvm ls

If you wish to default one of the versions, you can type:

nvm alias default 6.0.0

This version will be automatically selected when a new session spawns. You can also reference it by the alias like this:

nvm use default

Each version of Node.js will keep track of its own packages and has npm available to manage these.

You can have npm install packages to the Node.js project's ./node_modules directory by using the normal format. For example, for the express module:

npm install express

If you'd like to install it globally (making it available to the other projects using the same Node.js version), you can add the -g flag:

npm install -g express

This will install the package in:

~/.nvm/node_version/lib/node_modules/package_name

Installing globally will let you run the commands from the command line, but you'll have to link the package into your local sphere to require it from within a program:

npm link express

You can learn more about the options available to you with nvm by typing:

nvm help

How to Install MongoDB on Ubuntu 16.04

Prerequisites

To follow this tutorial, you will need:

One Ubuntu 16.04 Droplet set up by following this initial server setup tutorial, including a sudo non-root user

Step 1 — Adding the MongoDB Repository

MongoDB is already included in Ubuntu package repositories, but the official MongoDB repository provides most up-to-date version and is the recommended way of installing the software. In this step, we will add this official repository to our server.

Ubuntu ensures the authenticity of software packages by verifying that they are signed with GPG keys, so we first have to import they key for the official MongoDB repository.

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

After successfully importing the key, you will see:

Output
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

Next, we have to add the MongoDB repository details so apt will know where to download the packages from.

Issue the following command to create a list file for MongoDB.

echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list

After adding the repository details, we need to update the packages list.

sudo apt-get update

Step 2 — Installing and Verifying MongoDB

Now we can install the MongoDB package itself.

sudo apt-get install -y --allow-unauthenticated mongodb-org

Note: MongoDB packages we are using do not meet signature strength standards that Ubuntu 16.04 expects and must be installed with additional --allow-unauthenticated switch.

This command will install several packages containing latest stable version of MongoDB along with helpful management tools for the MongoDB server.

In order to properly launch MongoDB as a service on Ubuntu 16.04, we additionally need to create a unit file describing the service. A unit file tells systemd how to manage a resource. The most common unit type is a service, which determines how to start or stop the service, when should it be automatically started at boot, and whether it is dependent on other software to run.

We'll create a unit file to manage the MongoDB service. Create a configuration file named mongodb.service in the /etc/systemd/system directory using nano or your favorite text editor.

sudo nano /etc/systemd/system/mongodb.service

Paste in the following contents, then save and close the file (/etc/systemd/system/mongodb.service).

[Unit]
Description=High-performance, schema-free document-oriented database
After=network.target
Documentation=https://docs.mongodb.org/manual

[Service]
User=mongodb
Group=mongodb
ExecStart=/usr/bin/mongod --quiet --config /etc/mongod.conf

[Install]
WantedBy=multi-user.target

This file has a simple structure:

  • The Unit section contains the overview (e.g. a human-readable description for MongoDB service) as well as dependencies that must be satisfied before the service is started. In our case, MongoDB depends on networking already being available, hence network.target here.

  • The Service section how the service should be started. The User directive specifies that the server will be run under the mongodb user, and the ExecStart directive defines the startup command for MongoDB server.

  • The last section, Install, tells systemd when the service should be automatically started. The multi-user.target is a standard system startup sequence, which means the server will be automatically started during boot.

Next, start the newly created service with systemctl.

sudo systemctl start mongodb

While there is no output to this command, you can also use systemctl to check that the service has started properly.

sudo systemctl status mongodb

Output
● mongodb.service - High-performance, schema-free document-oriented database
   Loaded: loaded (/etc/systemd/system/mongodb.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2016-04-25 14:57:20 EDT; 1min 30s ago
 Main PID: 4093 (mongod)
    Tasks: 16 (limit: 512)
   Memory: 47.1M
      CPU: 1.224s
   CGroup: /system.slice/mongodb.service
           └─4093 /usr/bin/mongod --quiet --config /etc/mongod.conf

The last step is to enable automatically starting MongoDB when the system starts.

sudo systemctl enable mongodb

Now check that mongodb has been started on port 27017 with the netstat command.

netstat -plntu

The MongoDB server now configured and running, and you can manage the MongoDB service using the systemctl command (e.g. sudo systemctl mongodb stop, sudo systemctl mongodb start).

Step 3 — Adjusting the Firewall (Optional)

Assuming you have followed the initial server setup tutorial instructions to enable the firewall on your server, MongoDB server will be inaccessible from the internet.

If you intend to use the MongoDB server only locally with applications running on the same server, it is a recommended and secure setting. However, if you would like to be able to connect to your MongoDB server from the internet, we have to allow the incoming connections in ufw.

To allow access to MongoDB on its default port 27017 from everywhere, you could use sudo ufw allow 27017. However, enabling internet access to MongoDB server on a default installation gives unrestricted access to the whole database server.

in most cases, MongoDB should be accessed only from certain trusted locations, such as another server hosting an application. To accomplish this task, you can allow access on MongoDB's default port while specifying the IP address of another server that will be explicitly allowed to connect.

sudo ufw allow from your_other_server_ip/32 to any port 27017  

You can verify the change in firewall settings with ufw.

sudo ufw status

You should see traffic to 27017 port allowed in the output.If you have decided to allow only a certain IP address to connect to MongoDB server, the IP address of the allowed location will be listed instead of Anywhere in the output.

Output
Status: active

To                         Action      From
--                         ------      ----
27017                      ALLOW       Anywhere
OpenSSH                    ALLOW       Anywhere
27017 (v6)                 ALLOW       Anywhere (v6)
OpenSSH (v6)               ALLOW       Anywhere (v6)

More advanced firewall settings for restricting access to services are described in UFW Essentials: Common Firewall Rules and Commands.

Configure MongoDB username and password

Step 1 - Open mongo shell

Before you set up a username and password for MongoDB, you need to open the mongodb shell on your server. You can login by typing:

mongo

If you get error Failed global initialization: BadValue Invalid or no user locale set. Please ensure LANG and/or LC_* environment variables are set correctly, try the command:

export LC_ALL=C
mongo

Step 2 - Switch to the database admin

Once you`re in the MongoDB shell, switch to the database named admin:

use admin

Step 3 - Create the root user

Create the root user with this command :

db.createUser({user:"admin", pwd:"admin123", roles:[{role:"root", db:"admin"}]});

Desc: Create user admin with password admin123 and have the permission/role as root and the database is admin.

Step 4 - Enable mongodb authentication

Edit the mongodb service file '/etc/systemd/system/mongod.service' with your editor.

sudo nano /etc/systemd/system/mongodb.service

On the 'ExecStart' line 9, add the new option '--auth'. ExecStart=/usr/bin/mongod --quiet --auth --config /etc/mongod.conf Save and exit.

Reload the systemd service:

sudo systemctl daemon-reload

Step 5 - Restart MongoDB and try to connect

Now restart MongoDB and connect with the user created.

sudo systemctl restart mongodb

and connect to the mongodb shell with this command:

mongo -u admin -p admin123 --authenticationDatabase admin

Conclusion

You can find more in-depth instructions regarding MongoDB installation and configuration in these DigitalOcean community articles.

How To Host Multiple Node.js Applications On a Single VPS with nginx, forever, and crontab

Running Your Node.js Application with Forever

Forever is a simple command line tool for ensuring that a Node.js application runs continuously (i.e. forever). This means if your app encounters an error and crashes, forever will take care of this issue and restart it for you.

Simply install forever globally and forever can be used in a matter of seconds:

npm install forever -g

To start a script with forever you need to follow these steps:

Navigate to your Node.js application:

cd /path/to/your/node/app/

forever start --spinSleepTime 10000 main.js

Where --spinSleepTime 10000 refers to the minimum uptime (in milliseconds) between launches of a crashing script. This command will work for almost all cases.

Now point your browser to http://[your-vps-ip]:[port] and see your app running.

Map a Domain To Your Node.js Application

Now you'll need to add a DNS record in your DigitalOcean control panel to map your domain name to your droplet (VPS).

The steps to follow are:

  • Login at DigitalOcean.com
  • Click on the 'DNS' section in the left sidebar
  • Add a domain by clicking on the 'Add Domain' button, select your VPS of choice and enter the domain name you registered in the 'Name' field
  • Copy the Nameservers provided by DigitalOcean (e.g. NS1.DIGITALOCEAN.COM.) and add each one to the DNS records in the control panel of your domain registrar. Note: changes will not be immediate, since DNS can take up to 24 hours to propagate.

Install NGINX

sudo apt-get update
sudo apt-get install nginx

Adjust the Firewall

Before we can test Nginx, we need to reconfigure our firewall software to allow access to the service. Nginx registers itself as a service with ufw, our firewall, upon installation. This makes it rather easy to allow Nginx access.

We can list the applications configurations that ufw knows how to work with by typing:

sudo ufw app list

You should get a listing of the application profiles:

Output
Available applications:
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH

As you can see, there are three profiles available for Nginx:

Nginx Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic) Nginx HTTP: This profile opens only port 80 (normal, unencrypted web traffic) Nginx HTTPS: This profile opens only port 443 (TLS/SSL encrypted traffic) It is recommended that you enable the most restrictive profile that will still allow the traffic you've configured. Since we haven't configured SSL for our server yet, in this guide, we will only need to allow traffic on port 80.

You can enable this by typing:

sudo ufw allow 'Nginx HTTP'

You can verify the change by typing:

sudo ufw status

You should see HTTP traffic allowed in the displayed output:

Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Nginx HTTP                 ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

Check your Web Server

At the end of the installation process, Ubuntu 16.04 starts Nginx. The web server should already be up and running.

We can check with the systemd init system to make sure the service is running by typing:

systemctl status nginx
Output
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2016-04-18 16:14:00 EDT; 4min 2s ago
 Main PID: 12857 (nginx)
   CGroup: /system.slice/nginx.service
           ├─12857 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
           └─12858 nginx: worker process

As you can see above, the service appears to have started successfully. However, the best way to test this is to actually request a page from Nginx.

You can access the default Nginx landing page to confirm that the software is running properly. You can access this through your server's domain name or IP address.

Map a Domain To a Service Running on Your VPS with nginx

In this section, you'll learn how to set up a reverse proxy with nginx in a few simple steps.

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/test.com

Open the new file with sudo privileges in your editor:

sudo nano /etc/nginx/sites-available/test.com

When you are finished, your file will likely look something like this:

server {
    listen 80;

    server_name your-domain.com;

    location / {
        proxy_pass http://localhost:{YOUR_PORT};
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

When you are finished, save and close the file.

Now that we have our server block files, we need to enable them. We can do this by creating symbolic links from these files to the sites-enabled directory, which Nginx reads from during startup.

We can create these links by typing:

sudo ln -s /etc/nginx/sites-available/test.com /etc/nginx/sites-enabled/

Note: to be able to reference multiple domains for one Node.js app (like www.example.com and example.com) you need to add the following code to the file /etc/nginx/nginx.conf in the http section:

server_names_hash_bucket_size 64;

If the DNS changes are propagated, you can point your web browser to your domain and you should see your application running, accessible from the internet.

Next, test to make sure that there are no syntax errors in any of your Nginx files:

sudo nginx -t

If no problems were found, restart Nginx to enable your changes:

sudo systemctl restart nginx

Nginx should now be serving both of your domain names.

Restarting Your Node.js App at Reboot

Forever is good when it comes to keeping your application running when it crashes etc. but what happens when the VPS gets rebooted?

This is where a simple cronjob can prevent your application and your users from unexpected downtimes.

Create a file called starter.sh in your application's home folder and copy the following code:

#!/bin/sh

if [ $(ps -e -o uid,cmd | grep $UID | grep node | grep -v grep | wc -l | tr -s "\n") -eq 0 ]
then
        export PATH=/usr/local/bin:$PATH
        forever start --sourceDir /path/to/your/node/app main.js >> /path/to/log.txt 2>&1
fi

where main.js should be replaced with your application's main script.

This useful snippet has been taken from here

To start this script at each reboot you need to edit the crontab with this command:

crontab -e

and append the following code to this file

@reboot /path/to/starter.sh

Now set the absolute path to your starter.sh file.

Tip: Navigate where your starter.sh file is located and print the current directory with pwd.

Repeat the steps above for each of your domains/services.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment