Skip to content

Instantly share code, notes, and snippets.

@debojyoti

debojyoti/ubuntu-nginx-ssl-pm2-setup.md

Last active January 11, 2024 09:47
Show Gist options
  • Save debojyoti/2bc5ceb5e6e813bda6d38d8905ec8a07 to your computer and use it in GitHub Desktop.
Save debojyoti/2bc5ceb5e6e813bda6d38d8905ec8a07 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ubuntu-nginx-ssl-pm2-setup.md

Setup NGINX, SSL with custom domain on an ubuntu instance

Step-1: Setup NGINX

1.1: Install NGINX

sudo apt-get install nginx

1.2: Update NGINX's configuration

sudo nano /etc/nginx/sites-enabled/default

Here is the content

server {
  listen 80 default_server;  
  listen [::]:80 default_server;
  client_max_body_size 1000M;
  root /var/www/html;
  
  index index.html index.htm index.nginx-debian.html;

  server_name YOUR_DOMAIN_GOES_HERE;

  location / {
    proxy_pass http://localhost:7001; #whatever port your app runs on
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}

1.3: Restart NGINX

sudo systemctl restart nginx

Step-2: Update firewall

2.1: Check status first

sudo ufw status

Output:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Nginx HTTP                 ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

If not active, activate it by running

sudo ufw enable

2.2: Allow HTTPS

To additionally let in HTTPS traffic, we can allow the Nginx Full profile and then delete the redundant Nginx HTTP profile allowance:

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

2.3: Check status again

sudo ufw status

Output:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

Step-3: Setup SSL

3.1: Install certbot

sudo apt-get update

sudo apt-get install software-properties-common

sudo add-apt-repository ppa:certbot/certbot

sudo apt-get update

sudo apt-get install python3-certbot-nginx

3.2: Generate the certificate

sudo certbot --nginx -d YOUR_DOMAIN_WITHOUT_SUBDOMAIN_PART -d YOUR_DOMAIN_WITH_SUBDOMAIN_PART

For example: sudo certbot — nginx -d myawesomewebsite.com -d service.myawesomewebsite.com

Note: The YOUR_DOMAIN_WITH_SUBDOMAIN_PART is optional

3.3: Update NGINX config

First backup the previous config file

cd /etc/nginx/conf.d
sudo cp default.conf default.conf.bak

Now update the config file

sudo nano default.conf

Step-4: Setup node

4.1: Install node

curl -fsSL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install -y nodejs
sudo apt install npm

Step-5: Setup pm2

5.1: Install pm2

sudo npm install pm2 -g

5.2: Start pm2

Now choose the project's root directory and start the initiator script with pm2

pm2 start index.js

5.3: Monitor pm2 status

pm2 monit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment