Ubuntu Server Setup Steps

Steps to setup a Node.js App to AWS Ubuntu server using, NVM, PM2, NGINX as a reverse proxy and SSL from LetsEncript

1. Create an Ubuntu server on AWS with EC2

2. Creating sudoers user (don’t use root)

   • do update first sudo apt-get update
   • https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart
   • https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html

3. Prevent root user login via SSH and change the SSH port

   • Open and edit /etc/ssh/sshd_config:

      PermitRootLogin no
      Port 10201

   • Restart SSH service

4. Install ZSH (Optional)

   1. Connect to your EC2 instance
   2. Install zsh : sudo apt-get update && sudo apt-get install zsh
   3. Edit your passwd configuration file to tell which shell to use for user ubuntu : sudo vim /etc/passwd
   4. Look for ubuntu user, and replace bin/bash by bin/zsh
   5. Install OhMyZsh : sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
   6. Disconnect from your instance and reconnect it.

5. Install NVM https://github.com/nvm-sh/nvm

6. Install Node.js using NVM

   nvm install node                      #Install the latest available version
   nvm use node                          #Use the latest version
   nvm install --lts                     #Install the latest LTS version
   nvm use --lts                         #Use the latest LTS version

7. Install Yarn (optional) https://yarnpkg.com/getting-started/install

8. Create SSH key https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent

9. Add SSH key to Github https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account

10. Clone your project from Github through SSH

    git@github.com:yourproject.git

11. Add Environmental Variables (if apply)

12. Install dependencies and test app

    cd yourproject
    npm install
    npm start (or whatever your start command)
    # stop app
    ctrl+C

13. Setup PM2 process manager to keep your app running https://pm2.keymetrics.io/docs/usage/quick-start/

    sudo npm i pm2 -g
    pm2 start app (or whatever your file name)
    
    # Other pm2 commands
    pm2 show app
    pm2 status
    pm2 restart app
    pm2 stop app
    pm2 logs (Show log stream)
    pm2 flush (Clear logs)
    
    # To make sure app starts when reboot
    pm2 startup ubuntu

    You should now be able to access your app using your IP and port. Now we want to setup a firewall blocking that port and setup NGINX as a reverse proxy so we can access it directly using port 80 (http)

14. Setup ufw firewall

    sudo ufw enable
    sudo ufw status
    sudo ufw allow ssh (Port 22)
    sudo ufw allow http (Port 80)
    sudo ufw allow https (Port 443)

15. Install NGINX and configure https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04

    sudo apt install nginx
    
    sudo nano /etc/nginx/sites-available/default

    Add the following to the location part of the server block

    server_name yourdomain.com www.yourdomain.com;
    
    location / {
    	proxy_pass http://localhost:5000; #whatever port your app runs on
    	proxy_http_version 1.1;
    	proxy_set_header Upgrade $http_upgrade;
    	proxy_set_header Connection 'upgrade';
    	proxy_set_header Host $host;
    	proxy_cache_bypass $http_upgrade;
    }
    

    # Check NGINX config
    sudo nginx -t
    
    # Restart NGINX
    sudo service nginx restart

16. Add domain DNS configuration

    • Add an A record for @ and for www to your server IP address

17. Add SSL with LetsEncrypt

    sudo add-apt-repository ppa:certbot/certbot
    sudo apt-get update
    sudo apt-get install python-certbot-nginx
    sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
    
    # Only valid for 90 days, test the renewal process with
    certbot renew --dry-run