pilotak/VPS: iptables+node+pm2.md

## VPS: iptables+node+pm2.md

      
    Raw
  

              VPS: iptables+node+pm2.md
            
          
    If you have an access as a root to your Ubuntu 16.04 VPS you should setup another user giving him sudo access
Create user

adduser pavel # my user is called "pavel"; enter password and leave all the rest
usermod -aG sudo pavel
nano /etc/ssh/sshd_config # disable root access
# find 
    PermitRootLogin # change value to: no
# add
    AllowUsers pavel

su - pavel # switch to user
SSH keys (optional)

mkdir ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys
    # now paste your public key
chmod 600 ~/.ssh/authorized_keys

sudo nano /etc/ssh/sshd_config
# find and change to no
PasswordAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys
sudo systemctl reload sshd
By default all ports are open, we should apply basic rules to IPTABLES
IPTABLES

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT # enable SSH port
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT # enable :80 port
sudo iptables -I INPUT 1 -i lo -j ACCEPT # enable internal loopback
sudo iptables -A INPUT -j DROP
To save IPTABLES:

sudo apt-get update
sudo apt-get install iptables-persistent
To add/edit new rule:

sudo nano /etc/iptables/rules.v4
sudo iptables-restore < /etc/iptables/rules.v4
Install node.js using manager

sudo apt-get install build-essential libssl-dev
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.1/install.sh | bash
source ~/.profile
nvm install 7.6.0
sudo apt-get install libcap2-bin
sudo setcap 'cap_net_bind_service=+ep' `which node` # give permissions to port :80
Install PM2

npm install pm2 -g
pm2 startup # this will give you command to run