imi-bas/pronature-platform
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

manual

Browse Source
This commit is contained in:
goynov
2025-03-19 09:59:03 +02:00
parent e0ed063a39
commit ba570f935b
1 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.docs/server-installation.md
+17 -9
View File
@@ -23,7 +23,8 @@ Ubuntu 24 Headless Server minimal installation is required.
> node -v # should print `v22.11.0` > node -v # should print `v22.11.0`
> npm -v # should print `10.9.0` > npm -v # should print `10.9.0`
### Image processing using Sharp needs a specific memory manager for NodeJS: ### Memory manager for NodeJS
Image processing using Sharp needs a specific memory manager for NodeJS:
> sudo apt install git-all > sudo apt install git-all
> sudo apt install gcc > sudo apt install gcc
> sudo apt-get install build-essential > sudo apt-get install build-essential
@@ -52,12 +53,10 @@ or
2. NGINX. Important config - set redirect from http to https. Virtual host config example - [**nginx.`your_dl_name`.conf** ](./nginx.your_dl_name.conf) 2. NGINX. Important config - set redirect from http to https. Virtual host config example - [**nginx.`your_dl_name`.conf** ](./nginx.your_dl_name.conf)
3. PM2. Install and enable the process manager for nodejs (after NodeJS and NPM are installed). Config and run using the nonroot user. 3. PM2. Install and enable the process manager for nodejs (after NodeJS and NPM are installed). Config and run using the nonroot user.
4. SPHINX. Install in **/opt/sphinx**. Create a service using config in sphinx.service. Copy to sphinx bin/ folder and configure FTS indexes in [**sphinx.conf**](./sphinx.conf) template. Make sure all paths are available. **/opt/sphinx** should be owned by the nonroot user.
## Tools to install ## Tools to install
1. Let's Encrypt CertBot, for certificates issuing and renewal. The certificate is installed using the following command: `certbot certonly -d your.server.name`. Use `--nginx` or `--apache` in order to have automatic renewal 1. Let's Encrypt CertBot, for certificates issuing and renewal. The certificate is installed using the following command: `certbot certonly -d your.server.name`. Use `--nginx` or `--apache` in order to have automatic renewal
1. ffmpeg - for converting video and audio content 1. ffmpeg - for converting video and audio content
1. ghostscript - for creating thumbnails for PDF files
1. OpenSSH Server - to be able to access the server remotely 1. OpenSSH Server - to be able to access the server remotely
1. UFW - Firewall, configure to allow access only on 443, 80, and 22 (if possible, only for specific hosts) 1. UFW - Firewall, configure to allow access only on 443, 80, and 22 (if possible, only for specific hosts)
1. rsync - for backup 1. rsync - for backup
@@ -98,10 +97,19 @@ Enable at boot:
Check status with: Check status with:
> sudo systemctl status autossh-remote-tunnel > sudo systemctl status autossh-remote-tunnel
### SSHD config on remote server (/etc/ssh/sshd_config): ### SSHD config on remote server
Edit `/etc/ssh/sshd_config`
```
> ClientAliveInterval 600 > ClientAliveInterval 600
> ClientAliveCountMax 12 > ClientAliveCountMax 12
```
Check the new configuration:
> sudo sshd -t
Restart the service:
> sudo systemctl restart sshd
## Issue certificates ## Issue certificates
> certbot certonly --nginx -d pronature-disk.bg73.net > certbot certonly --nginx -d pronature-disk.bg73.net
@@ -154,18 +162,18 @@ server {
} }
``` ```
## Firewall, enable services: ## Firewall, enable services
SSH Access: SSH Access:
> sudo ufw allow 22 > sudo ufw allow 22
HTTP: HTTP:
> sudo ufw allow 80 > sudo ufw allow 80
HTTP over SSL: HTTP over SSL:
> sudo ufw allow 443 > sudo ufw allow 443
Start the FW: Start the FW:
> sudo ufw enable > sudo ufw enable
## Set up the application ## Set up the application