adduser sami
- sudo su sami, whoami, usermod -aG wheel sami(make user local admin)
apt-get update
apt-get upgrade
apt-get dist-upgrade
apt install nodejs
apt install npm
sudo su sami
cd ~
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
vim .ssh/authorized_keys --> paste the key generated by DO on root user(from the same location)
chmod 600 .ssh/authorized_keys
Give new user admin privilages:
usermod -aG sudo sami
npm install -g pm2
(as root)
pm2 start --name someprocessname simple-node-app/main.js
`pm2 startup systemd -u sami --hp /home/sami` - as root / pm2 unstartup systemd
`pm2 save` - as sami
`shutdown -r now` - as root
netstat -tln
- view network connections
getenforce
- SELinux enforce mode - improves security: setengorce 1,setenforce 0, ls -l, ls -lZ, ps -auxZ | grep nginx
setsebool -P httpd_can_network_connect on
setsebool -P httpd_enable_homedirs on
chcon -Rt httpd_sys_content_t /home/sami/myapp/public
ls -lZ /home/sami/myapp/public
apt update
apt install nginx
ufw app list
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ufw status
systemctl status nginx
systemctl enable nginx
- authomatically start nginx when server reboots
cd ~
cd /etc/nginx/conf.d/
vim samontech.eu.conf
server {
listen 80;
listen [::]:80;
server_name samontech.eu;
# root /var/www/samontech.eu;
location / {
proxy_pass "http://localhost:3000/";
}
}
To restrict the app from being accessible with the port number add the '127.0.0.1' as second param to app.listen(3000, '127.0.0.1', console.log('Linstening on port 3000.'))
mkdir -p /var/www/samontech.eu/html
sudo chown -R $USER:$USER /var/www/samontech.eu/html
sudo chmod -R 755 /var/www
sudo nano /var/www/samontech.eu/html/index.html
sudo nano /etc/nginx/sites-available/samontech.eu
server {
listen 80;
listen [::]:80;
root /var/www/samontech.eu/html;
index index.html index.htm index.nginx-debian.html;
server_name samontech.eu www.samontech.eu;
location / {
try_files $uri $uri/ =404;
}
}
sudo ln -s /etc/nginx/sites-available/samontech.eu /etc/nginx/sites-enabled/
sudo nano /etc/nginx/nginx.conf
and add: server_names_hash_bucket_size 64;
sudo nginx -t
sudo systemctl restart nginx
SSL with certbot (as new user with privilages)[https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04]
add-apt-repository ppa:certbot/certbot
apt install python-certbot-nginx
mkdir -p /var/www/samontech.eu/html
sudo chown -R $USER:$USER /var/www/samontech.eu/html
sudo chmod -R 755 /var/www/samontech.eu
sudo nano /etc/nginx/sites-available/samontech.eu
sudo nginx -t
sudo systemctl reload nginx
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
sudo certbot --nginx -d samontech.eu -d www.samontech.eu
Verifying Certbot Auto-Renewal:
sudo certbot renew --dry-run
as root:
nano /etc/nginx/conf.d/samontech.eu.conf
--> change port number to 8080 for pm2 serve
nginx -t
systemctl restart nginx
as sami:
sudo su sami
pm2 serve -s build
sudo su sami
pm2 stop all
cd ipark-client/
git pull
npm run build
serve -s build
pm2 start 1
What We Can Do I built a PWA and published it in 3 app stores. Here’s what I learned. Progressive Web Apps on iOS are here hnpwa Progressive Web App Checklist Icons Generator Introduction to Progressive Web Apps (Push Notifications) - Part 3