Skip to content

Instantly share code, notes, and snippets.

@taesup
Last active December 19, 2018 00:59
Show Gist options
  • Save taesup/c99fe2dc31a4ad29830ee2c26e7ea064 to your computer and use it in GitHub Desktop.
Save taesup/c99fe2dc31a4ad29830ee2c26e7ea064 to your computer and use it in GitHub Desktop.
Depolying on S3 for devleague

S3 Deployment for DevLeague

{username} = your username
{ip} = your DO droplet ip address
{repo} = your repo address
{email} = your email

Pre-reqs

Generate an SSH key for your laptop (if does not exists yet)
Add your SSH key to your agent
ssh-add -K // for mac
ssh-add {path to your id_rsa.pub file}
Go to https://aws.amazon.com/
Sign up for an account

Uploading your SSH Key

Services -> EC2 -> (sidebar) Network & Security -> (sidebar) Key Pairs
Choose 'Import Key Pair' from the top navigation
Give your key pair a descriptive name
Either use the file input to upload your public key (.pub)
OR copy and paste the contents of your public key into the text area

AWS

Services -> EC2 -> Launch Instance
On Step 1, Choose (Ubuntu Server 16.04 LTS HVM, SSD)
On Step 2, t2.micro (Free tier)
On Step 3, leave all defaults
On Step 4, set size to 20 GB
On Step 5, don't add any tags
On Step 6, name the security group something descriptive
On Step 6, add HTTP and HTTPS ports
Notice that this EC2 is open to the world
Click Launch
Choose your SSH key from (Uploading your SSH Key)
Wait till the instance is fully launched
Name your EC2 instance something descriptive
Get public IP of new EC2 instance

GETTING ON YOUR SERVER

ssh ubuntu@{ip}
Enter yes to prompt

CREATE USER

sudo adduser {username} and follow prompts
Make sure to set a password

SET SSH KEY FOR NEW USER

sudo mkdir /home/{username}/.ssh
cd /home/{username}/.ssh
sudo touch authorized_keys
sudo vi authorized_keys
Paste your .ssh/id_rsa.pub key from your laptop into this file
:wq to leave vim
cd .. to leave .ssh folder
sudo chown -R {username}:{username} .ssh
exit

SMOKE TEST NEW ACCOUNT

ssh {username}@{ip}
exit

MAKE NEW ACCOUNT A SUDOER

ssh ubuntu@{ip} // Get back in as root
sudo usermod -aG sudo {username}
su - {username} // switch to new account
sudo ls -lah /root // smoke test sudo capabilities

RE-ENTER AS NEW ACCOUNT

exit
exit
ssh {username}@{ip}

curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash
source .bashrc // restart terminal
nvm install —-lts // install latest LTS node version
node —-version // smoke test node

INSTALL REDIS, NGINX

sudo apt update
sudo apt install redis-server
redis-cli // smoke test reds
sudo apt install nginx
nginx -v // smoke test nginx

INSTALL PG

sudo apt install postgresql
sudo apt install postgresql-contrib
sudo -u postgres createuser --interactive
createdb {username}
psql
\q to exit psql
exit this should leave your server .

CREATE .ssh config file

On your laptop, go to ~/.ssh
touch config
vi config

Host {ssh-name}
  Hostname {ip}
  Port 22
  User {username}
  ForwardAgent yes
  IdentityFile {.pub-file}

:wq
ssh {ssh-name}

GRAB PROJECT FROM GITHUB

cd /home/{username}
mkdir projects
cd projects
git clone {repo}

CONFIGURE PROJECT AND DB

Configure the config file and db database and tables as needed
Running nodemon server.js should bring up a working server on port X
Still won’t be able to hit the server until nginx is running smoothly

NGINX

cd /etc/nginx/sites-available
sudo touch {name}
sudo vi {name}

Paste in this:

server {
  listen 80;

  server_name {ip};

  client_max_body_size 100m;
  client_body_timeout 120s; # Default is 60, May need to be increased for very large uploads

  location / {
      proxy_pass http://localhost:8080;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
  }
}

sudo cp {name} ../sites-enabled/
sudo nginx -t // smoke test the new config file we made
sudo service nginx reload
Smoke test by going to your {ip}

INSTALL PM2

npm install -g pm2 // this installs pm2 as a global
pm2 start server.js --name {appName}
pm2 list // to list running processes

Domain

You'll be given a domain by Jesse Update your nginx config to handle that new domain Test your nginx file Smoke test the new domain

Let's Encrypt (Free SSL Cert)

// Installing Let's Encrypt PAA repository, Please ENTER to accept adding this repo
sudo add-apt-repository ppa:certbot/certbot

// Update repositories
sudo apt-get update

// Installing Let's Encrypt
sudo apt-get install python-certbot-nginx

// Running certbot
sudo certbot --nginx -d ${domain} -d www.${domain}

// Ensure that option 2 is selected for Redirecting traffic .

// This will automatically update your Nginx files, and create a cronjob in /etc/cron.d/certbot

Firewall

sudo ufw enable
sudo ufw default deny incoming
sudo ufw allow 80
sudo ufw allow 443

SSH Hardening

Port 2222
PermitRootLogin no
PasswordAuthentication no
sudo ufw allow 2222
sudo ufw deny 22
sudo service sshd restart

Auto upgrades

sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment