Nodejs project server deployment and publishing, HTTPS configuration
February 2, 2024
by Pam Clark
No Comments
ssh
Configure the public key and key to log in to the server. No password is required. Check whether the public key and key exist
Command + D exit the user sudo rm -f XXX to delete a file
// Connect to SSH ubuntu@ip addressCopy the code
// Give root a password sudo passwd root // then switch to root su rootCopy the code
Gpasswd -a shoukailiang sudo // shoukailiang sudo // sudo visudo Add shoukailiang belowCopy the code
CTRL +X save shift+Y Enter exit
SKL user su SKL or sudo su shoukailiang can be accessed from root
Sudo service SSH restartCopy the code
// Generate public and private keys ssh-keygen -t rsa -c "[email protected]"Copy the code
// Configuration file Modify default port sudo vi /etc/ssh/sshd_configCopy the code
The server cannot be connected after the port is changed
SSH: connect to host IP address port 22: Connection refused
At this point, the virtual input port number is required
SSH -p 8888 ubuntu@ip address (8888 is just changed port)
Sudo apt-get install vim openssl build-essential libssl-dev wget curl git / / find a lot of NVM https://github.com/creationix/nvm installation scriptCopy the code
The curl – o – raw.githubusercontent.com/creationix/… | bash
If NVM is not a command after installation, open a command window
View the globally installed package NPM list -g-depth 0
Create app.js as follows
Create sudo vi app.js
var http=require('http');
var server=http.createServer(function (req,res) {
res.writeHead(200, {'Content-Type':'text/plain'})
res.end('Hello SKL\n');
})
server.listen(8081);
console.log('Server running at http://ip);
Copy the code
You can then access 127.0.0.1:8081 in your browser
-c: packaging -v: displays the process-f-x: unpack the file. -z: compress the file to a.tar.gz formatCopy the code
// Decompress tar -xvf japan.tar tar -zxvf japan.tar // decompress tar -xvf japan.tarCopy the code
Configure domain name access to the server
cd/etc/nginx/conf.d sudo mv shoukailiang-cn-8081.conf www-shoukailiang-cn-3000.conf modify the configuration file to upstream blog{server 127.0.0.1:3000; }# NGINX Server Instance,PORT 80
server {
listen 80;
server_name www.shoukailiang.cn;
# Proxy to the Node instance
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true; proxy_pass http://blog; proxy_redirect off; }} // Restart nginx sudo nginx-s reload
Copy the code
Get a firewall
Sudo apt-get update && sudo apt-get upgrade sudo iptables -f sudo vi /etc/iptables.up.rules ------------------------------------------ *filterAllow all established connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Allow all outgoing traffic
-A OUTPUT -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
# ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# allow ssh port login
-A INPUT -p tcp -m state --state NEW --dport 8888 -j ACCEPT
# MongoDB connection
-A INPUT -s 127.0.0.1 -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -d 127.0.0.1 -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT
# 3000 port
-A INPUT -s 127.0.0.1 -p tcp --destination-port 3000 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -d127.0.0.1 -p TCP --source-port 3000-m state --state ESTABLISHED -j ACCEPT# 9093 port
-A INPUT -s 127.0.0.1 -p tcp --destination-port 9093 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -d 127.0.0.1 -p tcp --source-port 9093 -m state --state ESTABLISHED -j ACCEPT
Record rejected requests
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied:" --log-level 7
# drop incoming sensitive connections
-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 150 -j DROP
# reject all other inbound-A INPUT -j REJECT -A FORWARD -j REJECT COMMIT ------------------------------------------- sudo iptables-restore </etc/iptables.up.rules // Loading rules sudo ufw status // Checking the firewall status sudo Ufwenable// Activate sudo vi /etc/network/if- up. D/iptables / / let his boot automatically start -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --#! /bin/sh
iptables-restore /etc/iptables.up.rulea
-----------------------------------------------------
sudo chmod +x /etc/network/if-up.d/iptables
Error: Invalid host header is invalidCopy the code
/ / the react in the config webpackDevServer. Config. Adding a jsdisableHostCheck: trueCopy the code
HTTPS configuration
// Apply for a certificate on Tencent Cloud (see the document for details: https://cloud.tencent.com/document/product/400/4143) / / download certificate uploaded to the server / / modify the configuration file {upstream blog server 127.0.0.1:3000; }# NGINX Server Instance,PORT 80
server {
listen 80;
server_name www.shoukailiang.cn;
# rewrite ^(.*) https://$host$1 permanent;return 301 https://www.shoukailiang.cn$request_uri;
}
server {
listen 443;
server_name www.shoukailiang.cn; Enter the domain name of the binding certificate
ssl on;
ssl_certificate /home/shoukailiang/https-key/1_www.shoukailiang.cn_bundle.crt;
ssl_certificate_key /home/shoukailiang/https-key/2_www.shoukailiang.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Configure according to this protocolssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE;Configure as per this suite
ssl_prefer_server_ciphers on;
# if($ssl_protocol = ""){# rewrite ^(.*) https://$host$1 permanent;#}# Proxy to the Node instance
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true; proxy_pass http://blog; proxy_redirect off; }} Test nginx restart nginxCopy the code
The node backend is started
Nohup NPM start & https://segmentfault.com/q/1010000004455598 lsof - I see the portCopy the code
