imi-bas/pronature-platform
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
e264956831cf2c3635abeda294811a8a8844fde2
pronature-platform/.docs/server-installation.md
T
goynov e264956831 manuals, deploy, docs
2024-11-29 19:13:53 +02:00

2.9 KiB
Raw Blame History

Server and Application Installation

Services to install

Mongo DB Community 8+

sudo apt-get install gnupg curl
curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc |
sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg
--dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-8.0.list
sudo apt-get update
sudo apt-get install -y mongodb-org sudo systemctl start mongod
sudo systemctl status mongod sudo systemctl enable mongod

NodeJS

curl -fsSL https://fnm.vercel.app/install | bash
source ~/.bashrc
fnm use --install-if-missing 22
node -v # should print v22.11.0
npm -v # should print 10.9.0

PM2

npm install pm2 -g
pm2 startup

  1. NGINX. Important config - set redirect from http to https. Virtual host config example - nginx.your_dl_name.conf
  2. PM2. Install and enable the process manager for nodejs (after NodeJS and NPM are installed). Config and run using the nonroot user.
  3. SPHINX. Install in /opt/sphinx. Create a service using config in sphinx.service. Copy to sphinx bin/ folder and configure FTS indexes in sphinx.conf template. Make sure all paths are available. /opt/sphinx should be owned by the nonroot user.

Tools to install

  1. NodeJS and NPM (currently Node v16, NPM v8)
  2. Mongo DB tools
  3. Let's Encrypt CertBot, for certificates issuing and renewal. The certificate is installed using the following command: certbot certonly -d your.server.name. Use --nginx or --apache in order to have automatic renewal
  4. ffmpeg - for converting video and audio content
  5. ghostscript - for creating thumbnails for PDF files
  6. OpenSSH Server - to be able to access the server remotely
  7. UFW - Firewall, configure to allow access only on 443, 80, and 22 (if possible, only for specific hosts)
  8. rsync - for backup
  9. fail2ban - to protect from SSH attacks
  10. postfix - in order to get CRON jobs notifications
  11. mailutils - CRON jobs mail notifications
  12. In order to enable web server monitoring you can install and run:
    • Netdata - wget -O /tmp/netdata-kickstart.sh https://my-netdata.io/kickstart.sh && sh /tmp/netdata-kickstart.sh --stable-channel
Reference in New Issue View Git Blame Copy Permalink