Deploy novel API service to Tencent cloud

After writing version 1.0 of the novel, I started to deploy it to the server, using Nginx, PM2, NVM, Git and OpenSSL.

CentOS 7.4 64-bit 1 core 2 GB 1 Mbps Node version: 8.9.0 NVM version: 0.33.11 NPM version: 5.5.1 NGINx version: 1.12.2 Git version: 2.9.5

Step 1 Add the PM2 configuration file

Create a pm2.json file in the root directory of the novel API project.

{
    "name": "novel-api"// Service name"script": "./bin/www"// Start the script"cwd": ". /"// Current working path"watch": [// Monitor the change of the directory, once the change, automatically restart"bin"."routers"]."ignore_watch": [// excluded from the monitoring directory"node_modules"."logs"."public"."log"]."watch_options": {
        "followSymlinks": false
    },
    "max_memory_restart": "1G", // Restart the application based on memory limits."error_file": "./logs/novel-apierr.log", // Error log path"out_file": "./logs/novel-api-out.log", // Common log path"env": {
        "DEBUG": "novel-api"// Environment variable parameter, debug name is novel-API, listen on port 8080"PORT": "8080"}}Copy the code

Json file to add NPM run deploy deployment command.

"deploy": "pm2 start pm2.json"
Copy the code

Common PM2 commands. Pm2 save Saves the current process list. Pm2 resurrect Specifies the list of processes saved before they were started. Pm2 restart app. Js | app_name restart process pm2 start app. Js startup process pm2 list to check the process list pm2 stop app_name | app_id stop specified application. All Stops all applications

Step 2: Purchase the server and domain name

Buying a server buy.cloud.tencent.com/cvm?tab=lit… I bought a CentOS 7.4 64-bit 1 core 2 GB 1 Mbps server. If you are just trying to deploy the process, you can choose billing by the hour. Buy domain name dnspod.cloud.tencent.com/?from=qclou… You are advised to select the domain name of.com.

Step 3 Set the subdomain name

To add a subdomain console.cloud.tencent.com/domain API begins, and then add parsing.

Step 4 Log in to the server and install software

Log in to the server and execute the following installation commands.

Install nginx

yum install -y nginx
nginx -v
Copy the code

Install the NVM

The curl - o - https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh | bash NVM - versionCopy the code

Install node, PM2, and APidOC

NVM install 8.9.0 NVM use 8.9.0 node -v NPM -v NPM install -g pm2 apidocCopy the code

Install git

yum install -y curl-devel expat-devel gettext-devel openssl-devel zlib-devel tar
yum install -y gcc-c++ perl-ExtUtils-MakeMaker
cdThe/usr/SRC wget https://www.kernel.org/pub/software/scm/git/git-2.9.5.tar.gz tar xf git - 2.9.5. Tar. GzcdGit-2.9.5 make configure make profix=/usr/git make installecho "export PATH=$PATH:/usr/git/bin" >> /etc/profile
source/etc/profile git --version // Git git config --global user.name"User name"Git config --global user.email Git config --global userCopy the code

Clone the Git repository on the server

Go to the home path and create the wwwroot folder.

cd /home && mkdir wwwroot
cd wwwroot
git clone https://github.com/lanpangzhi/novel-api.git
cd novel-api
npm install
npm run doc
npm run deploy
Copy the code

The application pM2 is launched.

Configure nginx

Start nginx.

nginx
Copy the code

http://123.206.45.87 Enter the server IP address in the browser to see that Nginx is already started.

cd /etc/nginx/conf.d
touch api.langpz.com-8080.conf
Copy the code

If one server has many servers, you are advised to use the domain name and port number as the configuration file name. Edit the api.langpz.com-8080.conf configuration file.

vi api.langpz.com-8080.conf
Copy the code

Let me copy and paste the following code.

Upstream Novel - API {server 127.0.0.1:8080; } server { listen 80; Server_name Your own domain name; location / { proxy_pass http://novel-api; proxy_set_header X-Real-IP$remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   Host             $http_host;
        proxy_set_header   X-NginX-Proxy    true; proxy_redirect off; }}Copy the code

CTRL + C enter :wq to exit and save the configuration. Then run nginx -s reload and type in your domain name in the browser to see the document, api.langpz.com

Gzip compression

cd /etc/nginx/
vi nginx.conf
Copy the code

Let me copy and paste the following code.

# # gzip compression
gzip on;
# IE6 does not enable gzip
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
# Compression level 1-9
gzip_comp_level 2;
gzip_buffers 16 8k;
gzip_http_version 1.1;
# enable compression for MIME types other than "text/ HTML"
gzip_types text/plain text/css application/json application/x-javascript application/javascript image/tiff image/x-icon application/font-woff application/vnd.ms-fontobject text/javascript;
Copy the code

CTRL + C enter :wq to exit and save the configuration. Then execute nginx -s reload. You can go to the home of stationmaster to see your compression rate tool.chinaz.com/gzips/

Hide the Nginx version number

Again, modify the nginx.conf file

Vi nginx.conf // Copy the following code# Hide the nginx version number
server_tokens off;
Copy the code

CTRL + C enter :wq to exit and save the configuration. Then execute nginx -s reload.

Configure SSL certificate HTTPS to add a small green lock to your site

I use Tencent cloud’s free certificate, which can also be generated by myself. Cloud.tencent.com/product/ssl… , using the domain free version.

Apply for the Tencent cloud SSL certificate

Download the certificate and upload it to the server

Find Tencent Cloud SSL certificate management to download the certificate.

cd /etc/nginx/
mkdir api.langpz.com
Copy the code

Then the Nginx folder inside two files uploaded to the server/inside this folder at etc/nginx/api.langpz.com. You can download FileZilla or you can download another FTP tool, or you can use the command line, so I’ve downloaded FileZilla and I’m going to use it to upload.

Enhancing HTTPS Security

First in the directory/etc/nginx/api.langpz.com, run the following code generation dhparam. Pem file

cd /etc/nginx/api.langpz.com	
openssl dhparam -out dhparam.pem 2048
Copy the code

Modifying a Configuration File

cd /etc/nginx/conf.d
touch api.langpz.com-8080.conf
Copy the code

Overwrite the api.langpz.com-8080.conf file with the following code.

Upstream Novel - API {server 127.0.0.1:8080; }Configure the shared session cache size
ssl_session_cache shared:SSL:10m;
Configure the session timeout period
ssl_session_timeout 10m;

# force jump HTTPS
server {
    listen 80;
    server_name api.langpz.com;
    return 301 https://$server_name$request_uri;
}

server {
 listen 443 ssl;
 server_name api.langpz.com;

 # certificate file
 ssl_certificate      /etc/nginx/api.langpz.com/1_api.langpz.com_bundle.crt;
 # private key file
 ssl_certificate_key  /etc/nginx/api.langpz.com/2_api.langpz.com.key;
 Set the long connection
 keepalive_timeout    70;
 Take the server algorithm first
 ssl_prefer_server_ciphers on;
 Use DH files
 ssl_dhparam /etc/nginx/api.langpz.com/dhparam.pem;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 # define algorithm
 ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA ! aNULL ! eNULL ! LOW ! 3DES ! MD5 ! EXP ! PSK ! SRP ! DSS ! RC4";
 # HSTS strategy
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 # Defend against XSS attacks
 add_header X-Xss-Protection 1;
 Disable the server from automatically resolving resource types
 add_header X-Content-Type-Options nosniff;

 
 location / {
    proxy_pass http://novel-api;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header   Host             $http_host;
    proxy_set_header   X-NginX-Proxy    true; proxy_redirect off; }}Copy the code

CTRL + C enter :wq to exit and save the configuration. Then execute nginx -s reload. You can visit api.langpz.com now. If you access HTTP, you are forced to jump to HTTPS.

SSL Security Test

Enter your domain name. Nginx was configured to enforce HTTPS security, so the result is A+.

conclusion

This kind of deployment is quite troublesome. After deployment, IT is found that PM2 also has deployment function. When 2.0 is reconstructed with KOa.js, PM2 is deployed and docker generates image.

My blog and Github, like to diandian star, thank you.

github.com/lanpangzhi

blog.langpz.com

reference

Nginx.org/en/docs/ github.com/creationix/… www.thinkjs.org/zh-cn/doc/3… www.cnblogs.com/chyingp/p/p… www.runoob.com/git/git-ins… Nginx.rails365.net/chapters/in… www.cnblogs.com/nuccch/p/76… Aotu. IO/notes / 2016 /…