imi-bas/pronature-platform
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
e0ed063a393617271019859e77aa6e1b8afa12ee
pronature-platform/.docs/server-installation.md
T
goynov e0ed063a39 installation server manual
2025-03-19 07:27:36 +02:00

194 lines
6.8 KiB
Markdown
Raw Blame History

# ProNature Server and Application Installation Manual
## Prerequisites
Ubuntu 24 Headless Server minimal installation is required.
## Installing services
### [Mongo DB Community 8+ ](https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/)
> sudo apt-get install gnupg curl
> curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \
sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg \
--dearmor
> echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
> sudo apt-get update
> sudo apt-get install -y mongodb-org
> sudo systemctl start mongod
> sudo systemctl status mongod
> sudo systemctl enable mongod
### NodeJS
> curl -fsSL https://fnm.vercel.app/install | bash
> source ~/.bashrc
> fnm use --install-if-missing 22
> node -v # should print `v22.11.0`
> npm -v # should print `10.9.0`
### Image processing using Sharp needs a specific memory manager for NodeJS:
> sudo apt install git-all
> sudo apt install gcc
> sudo apt-get install build-essential
> sudo apt-get -y install autoconf libxslt-dev xsltproc docbook-xsl
> git clone https://github.com/jemalloc/jemalloc.git
> cd jemalloc
> autoconf
> ./configure
> make dist
> sudo make install
Add this line to /etc/enviroment
`LD_PRELOAD=/usr/local/lib/libjemalloc.so.2`
Then
> export LD_PRELOAD=/usr/local/lib/libjemalloc.so.2
or
> reboot
### PM2
> npm install pm2 -g
> pm2 startup
2. NGINX. Important config - set redirect from http to https. Virtual host config example - [**nginx.`your_dl_name`.conf** ](./nginx.your_dl_name.conf)
3. PM2. Install and enable the process manager for nodejs (after NodeJS and NPM are installed). Config and run using the nonroot user.
4. SPHINX. Install in **/opt/sphinx**. Create a service using config in sphinx.service. Copy to sphinx bin/ folder and configure FTS indexes in [**sphinx.conf**](./sphinx.conf) template. Make sure all paths are available. **/opt/sphinx** should be owned by the nonroot user.
## Tools to install
1. Let's Encrypt CertBot, for certificates issuing and renewal. The certificate is installed using the following command: `certbot certonly -d your.server.name`. Use `--nginx` or `--apache` in order to have automatic renewal
1. ffmpeg - for converting video and audio content
1. ghostscript - for creating thumbnails for PDF files
1. OpenSSH Server - to be able to access the server remotely
1. UFW - Firewall, configure to allow access only on 443, 80, and 22 (if possible, only for specific hosts)
1. rsync - for backup
1. fail2ban - to protect from SSH attacks
1. postfix - in order to get CRON jobs notifications
1. mailutils - CRON jobs mail notifications
1. In order to enable web server monitoring you can install and run:
- Linux Dash using this [instruction](https://github.com/afaqurk/linux-dash). You can run it using `pm2 start ecosystem.config.js` (on https://your.server.name/host-monitor/) OR
<!-- - Netdata (`app install netdata`) and https://your.server.name/netdata/ -->
- [Netdata](https://learn.netdata.cloud/docs/installing/one-line-installer-for-all-linux-systems) - `wget -O /tmp/netdata-kickstart.sh https://my-netdata.io/kickstart.sh && sh /tmp/netdata-kickstart.sh --stable-channel`
## Set up SSH Reverse Tunel
```bash
#/etc/systemd/system/autossh-remote-tunnel.service
[Unit]
Description=AutoSSH tunnel service for SSH
After=network.target
[Service]
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -N -R 9922:localhost:22 -R 9980:localhost:9980 -R localhost:9951:192.168.200.2:5001 -R localhost:9971:192.168.200.2:7001 remote-user@remote-machine
User=pronature
[Install]
WantedBy=multi-user.target
```
Reload systemd:
> sudo systemctl daemon-reload
Start the Autossh service:
> sudo systemctl start autossh-remote-tunnel.service
Enable at boot:
> sudo systemctl enable autossh-remote-tunnel.service
Check status with:
> sudo systemctl status autossh-remote-tunnel
### SSHD config on remote server (/etc/ssh/sshd_config):
> ClientAliveInterval 600
> ClientAliveCountMax 12
## Issue certificates
> certbot certonly --nginx -d pronature-disk.bg73.net
> certbot certonly --nginx -d pronature-v1.bg73.net
## NGINX server config
### Configure storage endpoint
```nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/pronature-disk.bg73.net/fullchain.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/pronature-disk.bg73.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pronature-disk.bg73.net/privkey.pem; # managed by Certbot
server_name pronature-disk.bg73.net;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://127.0.0.1:9971/;
}
client_max_body_size 500M;
}
```
### Configure dev application
```nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/pronature-v1.bg73.net/fullchain.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/pronature-v1.bg73.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pronature-v1.bg73.net/privkey.pem; # managed by Certbot
server_name pronature-v1.bg73.net;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9980/;
auth_basic "ProNature Demo Site requires auth";
auth_basic_user_file /etc/nginx/.htpasswd;
}
client_max_body_size 500M;
}
```
## Firewall, enable services:
SSH Access:
> sudo ufw allow 22
HTTP:
> sudo ufw allow 80
HTTP over SSL:
> sudo ufw allow 443
Start the FW:
> sudo ufw enable
## Set up the application
> git clone https://github.com/mld-bas/pronature-platform.git
> cd pronature-platform
> npm run build
> ./deploy.sh
> cd /var/node/pronature/
> npm install
Create the ecosystem file `ecosystem.config.cjs`:
```js
module.exports = {
apps : [{
name : "pronature",
script : "/var/node/pronature/backend/main.js",
cwd : "/var/node/pronature/",
instances : 2,
exec_mode : "cluster"
}]
}
```
> pm2 start ecosystem.config.cjs
> pm2 save
Reference in New Issue View Git Blame Copy Permalink