- Create droplet with Ubuntu using special digitalocean key for root access.
- SSH as root with digitalocean key
- update and upgrade everything in apt
-
create 'web' user
- use strong password
- add to www_data & sudo groups
-
generate secure key for web user
- create a new domain folder in keys directory and move there
- ssh-keygen -a 100 -t ed25519 -f ./id_ed25519 -C ''
- generate a 99 character password of letters & numbers (no symbols)
- copy pubkey and add public key to authorized_keys
- add an entry for site in local ~/.ssh/config
-
edit /etc/ssh/sshd_config
- PermitRootLogin no
- PubkeyAuthentication yes
- restart ssh service
- test ssh login with web user. don't move forward until this works
-
apt install make
-
reboot server
-
install dotfiles for web user
-
reconnect ssh with prooper login
- apt install the following packages:
build-essential nginx
- Remove any certbot things that might be installed:
sudo apt-get remove certbot
- Install certbot via snap
sudo snap install --classic certbot
-
Install Node from NodeSource
-
Configure "global" install of npm without sudo
mkdir "${HOME}/.npm-packages"
npm config set prefix "${HOME}/.npm-packages"
- Ensure the bash startup scripts have the following
NPM_PACKAGES="${HOME}/.npm-packages"
export PATH="$PATH:$NPM_PACKAGES/bin"
# Preserve MANPATH if you already defined it somewhere in your config.
# Otherwise, fall back to `manpath` so we can inherit from `/etc/manpath`.
export MANPATH="${MANPATH-$(manpath)}:$NPM_PACKAGES/share/man"
-
Create /etc/nginx/sites-available/production and stage configs
- dupe files from another server
- comment out references to pem files for lets encrypt
- update domains in config
- update domain in pem file paths
- ensure DNS is set up for domain & staging
-
Run
sudo certbot --nginx
and follow prompts -
Uncomment paths to cert files if needed in server config and reload nginx
- install git-lfs dependencies
curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | sudo bash
- apt install the following packages:
git-lfs
- Install pm2:
npm install pm2@latest -g
- generate ssh key for system to be used as deploy key (no passphrase)
- clone repository into each directory (serva & servb)
- symlink makefile and pm2 configuration to home folder of web user
- run
make stage
(and maybemake production
) to get the basics up - set up pm2 to restart on reboot:
pm2 startup
and then run the command it outputs