Skip to content

Instantly share code, notes, and snippets.

Last active September 29, 2023 13:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Dan-Q/24d3c05a0e3050835f9bdf6ac21b2113 to your computer and use it in GitHub Desktop.
Save Dan-Q/24d3c05a0e3050835f9bdf6ac21b2113 to your computer and use it in GitHub Desktop.
Configuration script for a basic setup of FoundryVTT on Debian 12. See for a full explanation.
# Foundry + Nginx install script for Debian 12
# --------------------------------------------
# Perequisites:
# - unzip - used to decompress Foundry once downloaded
# - nodejs - required to run Foundry
# - nvm - used to install pm2
# - ufw - firewall: used to ensure that connections can only be made to Foundry via Nginx, among other benefits
# - nginx - provides HTTPS frontend to Foundry
# - certbot - gets free SSL certificate, used by Nginx
# - pm2 - manages Foundry process, keeps it running in background
apt update
apt upgrade
apt install -y unzip nodejs nvm ufw nginx certbot
npm install -g pm2
# Firewall:
# - SSH - so we can log in and configure the server (like we're doing now!)
# - HTTP - easier for web browsers to get redirected to HTTPS
# - HTTPS - this is where we actually serve the application
ufw allow ssh
ufw allow http
ufw allow https
ufw enable
# Domain name:
# This is used to get your SSL cert and configure Nginx: change it to the domain/subdomain (which must have a DNS A-record pointing at this server)!
# Nginx:
# 1. Get a free SSL certificate
certbot certonly --agree-tos --register-unsafely-without-email --rsa-key-size 4096 --webroot -w /var/www/html -d $DOMAIN
# 2. Configure Nginx to auto-restart when the certificate auto-renews
printf "#!/bin/bash\nservice nginx restart\n" > /etc/letsencrypt/renewal-hooks/post/
chmod +x /etc/letsencrypt/renewal-hooks/post/
# 3. Configure Nginx to proxy traffic to Foundry:
set +H
printf "server {\n listen 80;\n listen [::]:80;\n server_name $DOMAIN;\n\n # Redirect everything except /.well-known/* (used for ACME) to HTTPS\n root /var/www/html/;\n if (\$request_uri !~ \"^/.well-known/\") {\n return 301 https://\$host\$request_uri;\n }\n}\n\nserver {\n listen 443 ssl http2;\n listen [::]:443 ssl http2;\n server_name $DOMAIN;\n\n ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;\n\n client_max_body_size 300M;\n\n location / {\n # Set proxy headers\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto \$scheme;\n\n # These are important to support WebSockets\n proxy_set_header Upgrade \$http_upgrade;\n proxy_set_header Connection \"Upgrade\";\n\n proxy_pass;\n }\n}\n" > /etc/nginx/sites-available/foundry
ln -sf /etc/nginx/sites-available/foundry /etc/nginx/sites-enabled/foundry
# 4. Restart Nginx to pick up the new configration
service nginx restart
# FoundryVTT:
# 1. Make a place to store Foundry and its data:
mkdir {vtt,data}
cd vtt
# 2. Download and decompress it
# Get the "<url from website>" from your Foundry account.
wget -O "<url from website>"
# 3. Configure PM2 to run Foundry and keep it running:
pm2 start --name "Foundry" node -- resources/app/main.js --dataPath=/root/data
# 4. Watch the logs for a bit to check Foundry is behaving:
# (press CTRL-C to stop watching the logs once you're happy)
pm2 logs 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment