# ProNature Server and Application Installation Manual ## Prerequisites Ubuntu 24 Headless Server minimal installation is required. ## Installing services ### [Mongo DB Community 8+ ](https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/) > sudo apt-get install gnupg curl > curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \ sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg \ --dearmor > echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list > sudo apt-get update > sudo apt-get install -y mongodb-org > sudo systemctl start mongod > sudo systemctl status mongod > sudo systemctl enable mongod ### NodeJS > curl -fsSL https://fnm.vercel.app/install | bash > source ~/.bashrc > fnm use --install-if-missing 22 > node -v # should print `v22.11.0` > npm -v # should print `10.9.0` ### Image processing using Sharp needs a specific memory manager for NodeJS: > sudo apt install git-all > sudo apt install gcc > sudo apt-get install build-essential > sudo apt-get -y install autoconf libxslt-dev xsltproc docbook-xsl > git clone https://github.com/jemalloc/jemalloc.git > cd jemalloc > autoconf > ./configure > make dist > sudo make install Add this line to /etc/enviroment `LD_PRELOAD=/usr/local/lib/libjemalloc.so.2` Then > export LD_PRELOAD=/usr/local/lib/libjemalloc.so.2 or > reboot ### PM2 > npm install pm2 -g > pm2 startup 2. NGINX. Important config - set redirect from http to https. Virtual host config example - [**nginx.`your_dl_name`.conf** ](./nginx.your_dl_name.conf) 3. PM2. Install and enable the process manager for nodejs (after NodeJS and NPM are installed). Config and run using the nonroot user. 4. SPHINX. Install in **/opt/sphinx**. Create a service using config in sphinx.service. Copy to sphinx bin/ folder and configure FTS indexes in [**sphinx.conf**](./sphinx.conf) template. Make sure all paths are available. **/opt/sphinx** should be owned by the nonroot user. ## Tools to install 1. Let's Encrypt CertBot, for certificates issuing and renewal. The certificate is installed using the following command: `certbot certonly -d your.server.name`. Use `--nginx` or `--apache` in order to have automatic renewal 1. ffmpeg - for converting video and audio content 1. ghostscript - for creating thumbnails for PDF files 1. OpenSSH Server - to be able to access the server remotely 1. UFW - Firewall, configure to allow access only on 443, 80, and 22 (if possible, only for specific hosts) 1. rsync - for backup 1. fail2ban - to protect from SSH attacks 1. postfix - in order to get CRON jobs notifications 1. mailutils - CRON jobs mail notifications 1. In order to enable web server monitoring you can install and run: - Linux Dash using this [instruction](https://github.com/afaqurk/linux-dash). You can run it using `pm2 start ecosystem.config.js` (on https://your.server.name/host-monitor/) OR - [Netdata](https://learn.netdata.cloud/docs/installing/one-line-installer-for-all-linux-systems) - `wget -O /tmp/netdata-kickstart.sh https://my-netdata.io/kickstart.sh && sh /tmp/netdata-kickstart.sh --stable-channel` ## Set up SSH Reverse Tunel ```bash #/etc/systemd/system/autossh-remote-tunnel.service [Unit] Description=AutoSSH tunnel service for SSH After=network.target [Service] Environment="AUTOSSH_GATETIME=0" ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -N -R 9922:localhost:22 -R 9980:localhost:9980 -R localhost:9951:192.168.200.2:5001 -R localhost:9971:192.168.200.2:7001 remote-user@remote-machine User=pronature [Install] WantedBy=multi-user.target ``` Reload systemd: > sudo systemctl daemon-reload Start the Autossh service: > sudo systemctl start autossh-remote-tunnel.service Enable at boot: > sudo systemctl enable autossh-remote-tunnel.service Check status with: > sudo systemctl status autossh-remote-tunnel ### SSHD config on remote server (/etc/ssh/sshd_config): > ClientAliveInterval 600 > ClientAliveCountMax 12 ## Issue certificates > certbot certonly --nginx -d pronature-disk.bg73.net > certbot certonly --nginx -d pronature-v1.bg73.net ## NGINX server config ### Configure storage endpoint ```nginx server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/letsencrypt/live/pronature-disk.bg73.net/fullchain.pem; # managed by Certbot ssl_trusted_certificate /etc/letsencrypt/live/pronature-disk.bg73.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pronature-disk.bg73.net/privkey.pem; # managed by Certbot server_name pronature-disk.bg73.net; location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass https://127.0.0.1:9971/; } client_max_body_size 500M; } ``` ### Configure dev application ```nginx server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/letsencrypt/live/pronature-v1.bg73.net/fullchain.pem; # managed by Certbot ssl_trusted_certificate /etc/letsencrypt/live/pronature-v1.bg73.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pronature-v1.bg73.net/privkey.pem; # managed by Certbot server_name pronature-v1.bg73.net; location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:9980/; auth_basic "ProNature Demo Site requires auth"; auth_basic_user_file /etc/nginx/.htpasswd; } client_max_body_size 500M; } ``` ## Firewall, enable services: SSH Access: > sudo ufw allow 22 HTTP: > sudo ufw allow 80 HTTP over SSL: > sudo ufw allow 443 Start the FW: > sudo ufw enable ## Set up the application > git clone https://github.com/mld-bas/pronature-platform.git > cd pronature-platform > npm run build > ./deploy.sh > cd /var/node/pronature/ > npm install Create the ecosystem file `ecosystem.config.cjs`: ```js module.exports = { apps : [{ name : "pronature", script : "/var/node/pronature/backend/main.js", cwd : "/var/node/pronature/", instances : 2, exec_mode : "cluster" }] } ``` > pm2 start ecosystem.config.cjs > pm2 save