diff --git a/.docs/server-installation.md b/.docs/server-installation.md index 78c28a2..33a1913 100644 --- a/.docs/server-installation.md +++ b/.docs/server-installation.md @@ -23,7 +23,8 @@ Ubuntu 24 Headless Server minimal installation is required. > node -v # should print `v22.11.0` > npm -v # should print `10.9.0` -### Image processing using Sharp needs a specific memory manager for NodeJS: +### Memory manager for NodeJS +Image processing using Sharp needs a specific memory manager for NodeJS: > sudo apt install git-all > sudo apt install gcc > sudo apt-get install build-essential @@ -52,12 +53,10 @@ or 2. NGINX. Important config - set redirect from http to https. Virtual host config example - [**nginx.`your_dl_name`.conf** ](./nginx.your_dl_name.conf) 3. PM2. Install and enable the process manager for nodejs (after NodeJS and NPM are installed). Config and run using the nonroot user. -4. SPHINX. Install in **/opt/sphinx**. Create a service using config in sphinx.service. Copy to sphinx bin/ folder and configure FTS indexes in [**sphinx.conf**](./sphinx.conf) template. Make sure all paths are available. **/opt/sphinx** should be owned by the nonroot user. ## Tools to install 1. Let's Encrypt CertBot, for certificates issuing and renewal. The certificate is installed using the following command: `certbot certonly -d your.server.name`. Use `--nginx` or `--apache` in order to have automatic renewal 1. ffmpeg - for converting video and audio content -1. ghostscript - for creating thumbnails for PDF files 1. OpenSSH Server - to be able to access the server remotely 1. UFW - Firewall, configure to allow access only on 443, 80, and 22 (if possible, only for specific hosts) 1. rsync - for backup @@ -98,10 +97,19 @@ Enable at boot: Check status with: > sudo systemctl status autossh-remote-tunnel -### SSHD config on remote server (/etc/ssh/sshd_config): +### SSHD config on remote server +Edit `/etc/ssh/sshd_config` +``` > ClientAliveInterval 600 > ClientAliveCountMax 12 +``` + +Check the new configuration: +> sudo sshd -t + +Restart the service: +> sudo systemctl restart sshd ## Issue certificates > certbot certonly --nginx -d pronature-disk.bg73.net @@ -154,18 +162,18 @@ server { } ``` -## Firewall, enable services: +## Firewall, enable services -SSH Access: +SSH Access: > sudo ufw allow 22 -HTTP: +HTTP: > sudo ufw allow 80 -HTTP over SSL: +HTTP over SSL: > sudo ufw allow 443 -Start the FW: +Start the FW: > sudo ufw enable ## Set up the application