provision.sh

#!/bin/bash

# Download NodeJS installation script
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -

# Install required packages
sudo apt-get update
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install -y \
    nodejs \
    build-essential \
    nginx \
    software-properties-common \
    python-certbot-nginx

# Create new unprivilated user and add them to the www-data group
sudo adduser $UNPRIVILAGED_USER
sudo usermod -a -G www-data $UNPRIVILAGED_USER

# Generate SSL certificate and automatically configure nginx. This
# will enable SSL on the server. We're going to run in standalone
# mode
#certbot \
#    --standalone \
#    --agree-tos \
#    --non-interactive \
#    --email $CERTBOT_EMAIL \
#    --nginx

# Copy nginx default config
sudo mv /tmp/server/default /etc/nginx/sites-available/default
sudo systemctl restart nginx

# Move application files to home dir
sudo cp /tmp/server/* /home/web
npm install --prefix /home/web

# Install pm2
sudo npm install -g pm2

# Configure pm2
sudo pm2 start /home/web/server.js --watch
sudo pm2 startup systemd
sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u web --hp /home/web

# Setup firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

# Start UFW
sudo ufw enable

# Clean up
sudo rm /home/web/install.sh
sudo rm -rf /tmp/server

echo "Deployment Complete!"