Last active
May 5, 2023 12:06
-
-
Save cgtarmenta/2565afbf8d332b4f5d625c6344f04adf to your computer and use it in GitHub Desktop.
NodeJS deployment helpers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Example of PM2 ecosystem file, working with nvm environment | |
| // on a AWS EC2 instance running ubuntu | |
| const HOST = ''; | |
| const REPONAME = ''; | |
| module.exports = { | |
| apps: [ | |
| { | |
| name : 'DEVICES:API', | |
| script : 'server.js', | |
| ignore_watch : ['node_modules','logs'], | |
| exec_mode : 'cluster_mode', | |
| instances : 2, | |
| watch : true, | |
| merge_logs : true, | |
| env : { | |
| 'NODE_ENV' : 'production', | |
| 'UV_THREADPOOL_SIZE' : '10' | |
| } | |
| } | |
| ], | |
| deploy: { | |
| production: { | |
| key : '~/.ssh/id_rsa', | |
| user : 'ubuntu', | |
| host : `${HOST}`, | |
| ref : 'origin/master', | |
| repo : `git@github.com:TadeoArmenta/${REPONAME}.git`, | |
| path : `/home/ubuntu/${REPONAME}`, | |
| // fix the problem with nvm | |
| 'pre-deploy': 'bash $HOME/.nvm/nvm.sh', | |
| 'post-deploy': `source ~/.profile && \ | |
| yarn && \ | |
| pm2 reload ecosystem.config.js --env production && \ | |
| pm2 save && \ | |
| sudo cp nginx-deploy.conf /etc/nginx/sites-available/${REPONAME}.conf \ | |
| sudo ln -s /etc/nginx/sites-available/vayyup.conf /etc/nginx/sites-enable/${HOST} \ | |
| sudo nginx restart` | |
| } | |
| } | |
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Handly bash script to get ssl certs, and keep them valid | |
| # using wildcard certs | |
| # Setting variables to run | |
| DOMAIN="yourdomainname.com" | |
| CLOUDFLARE_MAIL="contact@tadeoarmenta.com" | |
| CLOUDFLARE_API_KEY="1087g384565h71c806b257ja0699a01c713c4" | |
| RANDOMLEVEL4=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 6 | head -n 1) | |
| apt update | |
| sudo snap install core; sudo snap refresh core | |
| # make some cleaning for previous testings | |
| rm -r -f certbot 2>&1 >/dev/null | |
| rm -r -f cloudflare.ini renewcert 2>&1 >/dev/null | |
| sudo snap install --classic certbot | |
| sudo ln -s /snap/bin/certbot /usr/bin/certbot | |
| sudo snap set certbot trust-plugin-with-root=ok | |
| sudo snap install certbot-dns-cloudflare | |
| echo "dns_cloudflare_email="$CLOUDFLARE_MAIL > cloudflare.ini | |
| echo "dns_cloudflare_api_key="$CLOUDFLARE_API_KEY >> cloudflare.ini | |
| chmod 600 cloudflare.ini | |
| echo "#!/bin/bash" > renewcert | |
| # echo "source /root/certbot/venv/bin/activate" >> renewcert | |
| echo "certbot renew" >> renewcert | |
| chmod +x renewcert | |
| ln /root/renewcert /etc/cron.weekly/renewcert | |
| certbot certonly \ | |
| --agree-tos --email $CLOUDFLARE_MAIL --noninteractive \ | |
| --server "https://acme-v02.api.letsencrypt.org/directory" \ | |
| --dns-cloudflare \ | |
| --dns-cloudflare-credentials "/root/cloudflare.ini" \ | |
| -d $DOMAIN -d "*."$DOMAIN -d $RANDOMLEVEL4".discard."$DOMAIN |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A very simple configuration file, to deploy a NodeJs API | |
| # With a sugar for socket.io | |
| #POWERED BY TadeoARmenta <constact@tadeoarmenta.com> | |
| upstream api_stream { | |
| server 127.0.0.1:4040 weight=1; | |
| } | |
| server { | |
| listen 80; | |
| return 301 https://$host$request_uri; | |
| } | |
| ## API Server | |
| server { | |
| listen 443 ssl http2; | |
| ssl_certificate /etc/letsencrypt/live/yourhostname.com/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/yourhostname.com/privkey.pem; | |
| ssl_protocols TLSv1.2; | |
| ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL; | |
| root /home/ubuntu; | |
| access_log /var/log/nginx/api_access.log; | |
| error_log /var/log/nginx/api_error.log; | |
| location /socket.io/ { | |
| proxy_http_version 1.1; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection 'upgrade'; | |
| proxy_set_header Host $host; | |
| proxy_cache_bypass $http_upgrade; | |
| proxy_set_header 'Access-Control-Allow-Origin' $http_origin; | |
| proxy_set_header 'Access-Control-Allow-Credentials' true; | |
| proxy_pass https://api_stream; | |
| } | |
| location ^~ / { | |
| proxy_http_version 1.1; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection 'upgrade'; | |
| proxy_set_header Host $host; | |
| proxy_cache_bypass $http_upgrade; | |
| proxy_set_header content-type "application/json"; | |
| proxy_connect_timeout 300; | |
| proxy_send_timeout 300; | |
| proxy_read_timeout 300; | |
| send_timeout 300; | |
| proxy_pass https://api_stream/; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment