Last active
September 29, 2023 13:28
-
-
Save Dan-Q/24d3c05a0e3050835f9bdf6ac21b2113 to your computer and use it in GitHub Desktop.
Configuration script for a basic setup of FoundryVTT on Debian 12. See https://danq.me/easy-foundryvtt for a full explanation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Foundry + Nginx install script for Debian 12 | |
# -------------------------------------------- | |
# Perequisites: | |
# - unzip - used to decompress Foundry once downloaded | |
# - nodejs - required to run Foundry | |
# - nvm - used to install pm2 | |
# - ufw - firewall: used to ensure that connections can only be made to Foundry via Nginx, among other benefits | |
# - nginx - provides HTTPS frontend to Foundry | |
# - certbot - gets free SSL certificate, used by Nginx | |
# - pm2 - manages Foundry process, keeps it running in background | |
apt update | |
apt upgrade | |
apt install -y unzip nodejs nvm ufw nginx certbot | |
npm install -g pm2 | |
# Firewall: | |
# - SSH - so we can log in and configure the server (like we're doing now!) | |
# - HTTP - easier for web browsers to get redirected to HTTPS | |
# - HTTPS - this is where we actually serve the application | |
ufw allow ssh | |
ufw allow http | |
ufw allow https | |
ufw enable | |
# Domain name: | |
# This is used to get your SSL cert and configure Nginx: change it to the domain/subdomain (which must have a DNS A-record pointing at this server)! | |
DOMAIN=vtt.danq.me | |
# Nginx: | |
# 1. Get a free SSL certificate | |
certbot certonly --agree-tos --register-unsafely-without-email --rsa-key-size 4096 --webroot -w /var/www/html -d $DOMAIN | |
# 2. Configure Nginx to auto-restart when the certificate auto-renews | |
printf "#!/bin/bash\nservice nginx restart\n" > /etc/letsencrypt/renewal-hooks/post/restart-nginx.sh | |
chmod +x /etc/letsencrypt/renewal-hooks/post/restart-nginx.sh | |
# 3. Configure Nginx to proxy traffic to Foundry: | |
set +H | |
printf "server {\n listen 80;\n listen [::]:80;\n server_name $DOMAIN;\n\n # Redirect everything except /.well-known/* (used for ACME) to HTTPS\n root /var/www/html/;\n if (\$request_uri !~ \"^/.well-known/\") {\n return 301 https://\$host\$request_uri;\n }\n}\n\nserver {\n listen 443 ssl http2;\n listen [::]:443 ssl http2;\n server_name $DOMAIN;\n\n ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;\n\n client_max_body_size 300M;\n\n location / {\n # Set proxy headers\n proxy_set_header Host \$host;\n proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto \$scheme;\n\n # These are important to support WebSockets\n proxy_set_header Upgrade \$http_upgrade;\n proxy_set_header Connection \"Upgrade\";\n\n proxy_pass http://127.0.0.1:30000/;\n }\n}\n" > /etc/nginx/sites-available/foundry | |
ln -sf /etc/nginx/sites-available/foundry /etc/nginx/sites-enabled/foundry | |
# 4. Restart Nginx to pick up the new configration | |
service nginx restart | |
# FoundryVTT: | |
# 1. Make a place to store Foundry and its data: | |
mkdir {vtt,data} | |
cd vtt | |
# 2. Download and decompress it | |
# Get the "<url from website>" from your Foundry account. | |
wget -O foundryvtt.zip "<url from website>" | |
unzip foundryvtt.zip | |
rm foundryvtt.zip | |
# 3. Configure PM2 to run Foundry and keep it running: | |
pm2 start --name "Foundry" node -- resources/app/main.js --dataPath=/root/data | |
# 4. Watch the logs for a bit to check Foundry is behaving: | |
# (press CTRL-C to stop watching the logs once you're happy) | |
pm2 logs 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment