6.8 KiB
ProNature Server and Application Installation Manual
Prerequisites
Ubuntu 24 Headless Server minimal installation is required.
Installing services
Mongo DB Community 8+
sudo apt-get install gnupg curl
curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc |
sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg
--dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
sudo apt-get update
sudo apt-get install -y mongodb-org sudo systemctl start mongod
sudo systemctl status mongod sudo systemctl enable mongod
NodeJS
curl -fsSL https://fnm.vercel.app/install | bash
source ~/.bashrc
fnm use --install-if-missing 22
node -v # should printv22.11.0
npm -v # should print10.9.0
Image processing using Sharp needs a specific memory manager for NodeJS:
sudo apt install git-all
sudo apt install gcc
sudo apt-get install build-essential
sudo apt-get -y install autoconf libxslt-dev xsltproc docbook-xsl
git clone https://github.com/jemalloc/jemalloc.git
cd jemalloc
autoconf
./configure
make dist
sudo make install
Add this line to /etc/enviroment
LD_PRELOAD=/usr/local/lib/libjemalloc.so.2
Then
export LD_PRELOAD=/usr/local/lib/libjemalloc.so.2
or
reboot
PM2
npm install pm2 -g
pm2 startup
- NGINX. Important config - set redirect from http to https. Virtual host config example - nginx.
your_dl_name.conf - PM2. Install and enable the process manager for nodejs (after NodeJS and NPM are installed). Config and run using the nonroot user.
- SPHINX. Install in /opt/sphinx. Create a service using config in sphinx.service. Copy to sphinx bin/ folder and configure FTS indexes in sphinx.conf template. Make sure all paths are available. /opt/sphinx should be owned by the nonroot user.
Tools to install
- Let's Encrypt CertBot, for certificates issuing and renewal. The certificate is installed using the following command:
certbot certonly -d your.server.name. Use--nginxor--apachein order to have automatic renewal - ffmpeg - for converting video and audio content
- ghostscript - for creating thumbnails for PDF files
- OpenSSH Server - to be able to access the server remotely
- UFW - Firewall, configure to allow access only on 443, 80, and 22 (if possible, only for specific hosts)
- rsync - for backup
- fail2ban - to protect from SSH attacks
- postfix - in order to get CRON jobs notifications
- mailutils - CRON jobs mail notifications
- In order to enable web server monitoring you can install and run:
- Linux Dash using this instruction. You can run it using
pm2 start ecosystem.config.js(on https://your.server.name/host-monitor/) OR
- Netdata -
wget -O /tmp/netdata-kickstart.sh https://my-netdata.io/kickstart.sh && sh /tmp/netdata-kickstart.sh --stable-channel
- Linux Dash using this instruction. You can run it using
Set up SSH Reverse Tunel
#/etc/systemd/system/autossh-remote-tunnel.service
[Unit]
Description=AutoSSH tunnel service for SSH
After=network.target
[Service]
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -N -R 9922:localhost:22 -R 9980:localhost:9980 -R localhost:9951:192.168.200.2:5001 -R localhost:9971:192.168.200.2:7001 remote-user@remote-machine
User=pronature
[Install]
WantedBy=multi-user.target
Reload systemd:
sudo systemctl daemon-reload
Start the Autossh service:
sudo systemctl start autossh-remote-tunnel.service
Enable at boot:
sudo systemctl enable autossh-remote-tunnel.service
Check status with:
sudo systemctl status autossh-remote-tunnel
SSHD config on remote server (/etc/ssh/sshd_config):
ClientAliveInterval 600
ClientAliveCountMax 12
Issue certificates
certbot certonly --nginx -d pronature-disk.bg73.net
certbot certonly --nginx -d pronature-v1.bg73.net
NGINX server config
Configure storage endpoint
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/pronature-disk.bg73.net/fullchain.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/pronature-disk.bg73.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pronature-disk.bg73.net/privkey.pem; # managed by Certbot
server_name pronature-disk.bg73.net;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://127.0.0.1:9971/;
}
client_max_body_size 500M;
}
Configure dev application
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/pronature-v1.bg73.net/fullchain.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/pronature-v1.bg73.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pronature-v1.bg73.net/privkey.pem; # managed by Certbot
server_name pronature-v1.bg73.net;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9980/;
auth_basic "ProNature Demo Site requires auth";
auth_basic_user_file /etc/nginx/.htpasswd;
}
client_max_body_size 500M;
}
Firewall, enable services:
SSH Access:
sudo ufw allow 22
HTTP:
sudo ufw allow 80
HTTP over SSL:
sudo ufw allow 443
Start the FW:
sudo ufw enable
Set up the application
git clone https://github.com/mld-bas/pronature-platform.git
cd pronature-platform
npm run build
./deploy.sh
cd /var/node/pronature/
npm install
Create the ecosystem file ecosystem.config.cjs:
module.exports = {
apps : [{
name : "pronature",
script : "/var/node/pronature/backend/main.js",
cwd : "/var/node/pronature/",
instances : 2,
exec_mode : "cluster"
}]
}
pm2 start ecosystem.config.cjs
pm2 save