Schwesi Design Blog Post

Virtual Private Servers (VPS) are growing in popularity as a hosting solution in the last few months. There is good reason for this trend. Virtual Private Servers combine many advantages of shared hosting and dedicated servers. Some of the main advantages over other hosting solutions are scalability, performance, efficiency and reliability. One other big advantage is the dedicated resource part, which basically means that you get the server all to yourself. The downside of this is that you have to do the setup all by yourself as well, which might be a little trickier. It is not rocket science though!

1 VPS Connection

After purchasing the VPS we can connect to it using the following command:

ssh root@ip-address

SSH (Secure Shell) is a cryptographic network protocol, which enables a secure connection over an unsecure network. The ssh command makes connecting to the VPS easy, simply by using the username and the IPv4 address of the VPS (which will be provided by the VPS provider). Afterwards you will be prompted for the root password (also provided by the VPS provider). In this case we connect as a root user, since there is no other user to connect. However, connecting to anything as a root user on a regular basis is never a good idea, since there are a myriad of security risks, which can be significantly minimized by using a user with less privileges. So let’s create another, less privileged user to do the regular administrative work.

2 User Creation

Creating the user is simple. While being connected to the VPS type:

adduser username

In order for this user to be of any use, it should be added to the sudo group.

usermod -aG sudo username

Now we could simply log onto the server by using the new username ssh username@ipaddress. However, only using a password to authenticate the user is not recommended. Nowadays the recommended standard is using key authentication.

3 Key Generation

Public key authentication adds even more security to the login process by requiring not only a password but a private key file, which resides on the user’s computer. Keyfiles can be generated by simply typing ssh-keygen in a terminal window on the host machine. This will create a private and public key file pair by default in the .ssh folder. In case you would like to give the key a more meaningful name you should alter the last part of the suggested file path. Afterwards you should enter a secure password, which will be used to access the key files. Now we can connect to the machine using the new user and new key file using the following command:

ssh username@ipaddress –i path/to/the/keyfolder

By providing the ‘–i’ flag it is possible to provide the path to the folder, in which the public key file resides.

4 Firewall Setup

Ubuntu 20.04 servers can use the UFW firewall to make sure only connections to certain services are allowed. To list all the services, which are currently allowed to connect to the VPS simply type:

ufw app list

We need to make sure that the firewall allows SSH connections so that we can log back in next time. We can allow these connections by typing:

ufw allow OpenSSH

Afterwards, we can enable the firewall by typing:

ufw enable -y

Typing ufw status will return the following output:

This means that the firewall blocks all traffic except SSH. However, we will want to allow further services to connect like http, https and nginx. We do this by typing:

ufw allow http
ufw allow https
ufw allow nginx

5 NGINX Setup

NGINX is a web server that can be easily used as a reverse proxy and a popular solution to host modern web applications.

/etc/nginx/sites-available/yoursitedomain.com
				
					server {
						listen 80;
						listen [::]:80;
						listen 443 http2 ssl;
						listen [::]:443 http2 ssl;
						index index.html;
						root /;
						server_name yourdomain.com;

						location / {
								proxy_pass http://localhost:3000;
								proxy_http_version 1.1;
								proxy_set_header Upgrade $http_upgrade;
								proxy_set_header Connection 'upgrade';
								proxy_set_header Host $host;
								proxy_cache_bypass $http_upgrade;
						}
					}
				
			

6 Install Let's Encrypt

Encrypting the connection between the server and the client is of utter importance. Back in the days one had to pay for a Transport Layer Security. Nowadays, however many web servers use Let's Encrypt, "a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG)". Simply execute the following commands on the VPS and the connection will be secure.

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo systemctl reload nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

7 Run nuxtjs

cd project name
npm install
npm run build

8 Install PM2

PM2 is a daemon process manager with a built-in load balancer.

To install it, we simply use npm:

npm install pm2

Afterwards we add a ecosystem.config.js file to the root directory of our project. Then we insert the following code into it:

				
				ecosystem.config.js
				module.exports = {
					apps: [
						{
							name: 'NuxtAppName',
							exec_mode: 'cluster',
							instances: 'max', // Or a number of instances
							script: './node_modules/nuxt/bin/nuxt.js',
							args: 'start'
						}
					]
				}
				
			

Run the following command to start the pm2 process, which will keep your application running.

pm2 start

Now open your domain in a browser et voilà your website should appear.

Sources

Next Post

NFTS Explained NFTs Explained
scroll to top