Skip to content

Instantly share code, notes, and snippets.

@piyushgarg-dev
Last active October 29, 2024 13:07
Show Gist options
  • Save piyushgarg-dev/8b14c87c8ff4d626ecbc747b6b9fc57f to your computer and use it in GitHub Desktop.
Save piyushgarg-dev/8b14c87c8ff4d626ecbc747b6b9fc57f to your computer and use it in GitHub Desktop.

Node.js Deployment

Steps to deploy a Node.js app to DigitalOcean using PM2, NGINX as a reverse proxy and an SSL from LetsEncrypt

1. Create Free AWS Account

Create free AWS Account at https://aws.amazon.com/

2. Create and Lauch an EC2 instance and SSH into machine

I would be creating a t2.medium ubuntu machine for this demo.

3. Install Node and NPM

curl -sL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt install nodejs

node --version

4. Clone your project from Github

git clone https://github.com/piyushgargdev-01/short-url-nodejs

5. Install dependencies and test app

sudo npm i pm2 -g
pm2 start index

# Other pm2 commands
pm2 show app
pm2 status
pm2 restart app
pm2 stop app
pm2 logs (Show log stream)
pm2 flush (Clear logs)

# To make sure app starts when reboot
pm2 startup ubuntu

6. Setup Firewall

sudo ufw enable
sudo ufw status
sudo ufw allow ssh (Port 22)
sudo ufw allow http (Port 80)
sudo ufw allow https (Port 443)

7. Install NGINX and configure

sudo apt install nginx

sudo nano /etc/nginx/sites-available/default

Add the following to the location part of the server block

    server_name yourdomain.com www.yourdomain.com;

    location / {
        proxy_pass http://localhost:8001; #whatever port your app runs on
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
# Check NGINX config
sudo nginx -t

# Restart NGINX
sudo nginx -s reload

8. Add SSL with LetsEncrypt

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

# Only valid for 90 days, test the renewal process with
certbot renew --dry-run
@msi-end
Copy link

msi-end commented Jan 2, 2024

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com when i do this my site goes down and shows, 404 Not Found nginx/1.18.0 (Ubuntu) please help

at the place of your 'yourdomain.com' insert your Domain name

@apurvjha123
Copy link

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com when i do this my site goes down and shows, 404 Not Found nginx/1.18.0 (Ubuntu) please help

at the place of your 'yourdomain.com' insert your Domain name

i know that and did it

@msi-end
Copy link

msi-end commented Jan 2, 2024

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com when i do this my site goes down and shows, 404 Not Found nginx/1.18.0 (Ubuntu) please help

Check the logs for any errors or issues during the renewal process
sudo cat /var/log/letsencrypt/letsencrypt.log
if there is not any error then restart the NGINX .
sudo service nginx restart

@anuragdas2001
Copy link

502 Bad Gateway
nginx/1.18.0 (Ubuntu)
I am getting this error in place of welcome to nginx

@prnv404
Copy link

prnv404 commented Jan 3, 2024

@anuragdas2001 check your node app running or not

@apurvjha123
Copy link

Alright so, It was Working fine from 2+ months but suddenly the site was down and when i went to its IPv4 port it shows 502 Bad Gateway

nginx/1.18.0 (Ubuntu) and whatever i try i get this. So here is detail explanation of my error

hostinger hosting :-
image

This is the error I get
image

this is when i apporved certbot
image

this the pm2 log after the nginx error
image

when i do sudo cat /var/log/letsencrypt/letsencrypt.log , this seems fine
image

and this is my projects index.js

const express = require('express');
const app = express();
require('dotenv').config();
const port = 8000;
const cors = require('cors');
const fileUpload = require('express-fileupload');
const controller = require('./routes/routes.control');
const register = require('./routes/routes.register');
const mongoose = require("mongoose");
const path = require('path');
const cookieParser = require('cookie-parser');
app.use(cookieParser());

// MongoDB Connection
mongoose
.connect(process.env.MONGOOSE_SECRET_KRY)
.then(() => console.log("DB connection successful!"))
.catch((error) => console.log(error));

app.use(cors({
origin: true,
credentials: true
}));

app.use(express.json());
app.use(fileUpload());

// Redirect www to non-www
app.use((req, res, next) => {
if (req.headers.host.startsWith('www.')) {
const newHost = req.headers.host.slice(4);
return res.redirect(301, ${req.protocol}://${newHost}${req.originalUrl});
}
next();
});

app.use('/apis', controller);
app.use('/registers', register);

if (process.env.NODE_ENV === 'production') {
app.use(express.static(path.join(__dirname, 'build')));

app.get('*', (req, res) =>
res.sendFile(path.resolve(__dirname, 'build', 'index.html'))
);
} else {
app.get('/', (req, res) => res.send('Please set to production'));
}

app.get('/hello', (req, res) => {
res.send('Hello World!');
});

app.listen(process.env.PORT || port, () => {
console.log(Example app listening on port ${port});
});

Please someone help, thanks !

@msi-end
Copy link

msi-end commented Jan 4, 2024

Hey dear your site (https://chit-chat.tech/) is working fine .

image

Also working fine with http://65.1.84.246:8000/
image

I think your port 80 is not working properly .
Run netstat -tulpn and saw nginx not binding to port 80 for IPv4 or not.
Make sure the sites-available file with the default_server is actually enabled.
nginx -t to check linkage .
sudo ufw status to check all ports .

@apurvjha123
Copy link

ya it is working in other browser but not in chrome, please help me i have been struck in this more 2 months,

it is connected to port 80
image

sites-available file with the default
image

image

this is error log
image
listen 80
image

it will be great help . Thanks!

@Adityavikram3112
Copy link

I ran the "sudo certbot --nginx -d assistanza.com" command but I keep on running into the following error :
image
image
Do help me out not able to find much online

@agaur79
Copy link

agaur79 commented Jan 8, 2024

@piyushgarg-dev - Thanks for summarizing this in detail, really appreciate you making this document.
I would to add one point that made me a little bit of struggle, I hope this will help other people.

We need to enable the HTTPS port 443 in the AWS security group so that it is accessible to the outside world.
It took me a lot of time to figure it out.

@sharmaofficial
Copy link

@agaur79 Exactly, I stuck there too, thanks for the comment

@Sandesh003
Copy link

ya it is working in other browser but not in chrome, please help me i have been struck in this more 2 months,

it is connected to port 80 image

sites-available file with the default image

image

this is error log image listen 80 image

it will be great help . Thanks!

You can check this ufw settings.
Also do read that warning before enabling the ufw
https://github.com/Sandesh003/NodeJs-Nginx-ReverseProxy-CertBot-Socket-Configurations?tab=readme-ov-file#nginx-setup-

@Sandesh003
Copy link

I ran the "sudo certbot --nginx -d assistanza.com" command but I keep on running into the following error : image image Do help me out not able to find much online

Could you check the version of Ubuntu and run the command accordingly?
https://github.com/Sandesh003/NodeJs-Nginx-ReverseProxy-CertBot-Socket-Configurations?tab=readme-ov-file#certbot-configurations-

@himanshurkt96
Copy link

image

It is showing me this error .How to resolve ?

@anand-shete
Copy link

image

It is showing me this error .How to resolve ?

Brother u are not ugin lastest nodejs version
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo bash -
sudo apt-get install -y nodejs

This will work surely

@anand-shete
Copy link

ya it is working in other browser but not in chrome, please help me i have been struck in this more 2 months,

it is connected to port 80 image

sites-available file with the default image

image

this is error log image listen 80 image

it will be great help . Thanks!

Yes have u got the soluttion i am haing the EXACT same problem please help brother

@anand-shete
Copy link

ya it is working in other browser but not in chrome, please help me i have been struck in this more 2 months,

it is connected to port 80 image

sites-available file with the default image

image

this is error log image listen 80 image

it will be great help . Thanks!

Yes YES YES YES YES IT WORKED USE THIS !!!!
I USED CHAT GRP TO GENERATE THIS THIS WORKS
root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name 13.201.252.83;

    location / {
alias /home/ubuntu/url-shortner;
try_files $uri $uri/ =404;

}

location /login {
proxy_pass http://localhost:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}

@ravi-n4s
Copy link

ravi-n4s commented May 5, 2024

if your machine SELinux (security enhanced linux), need to adjust the SELinux policies to allow Nginix to make the connection

Check the current SELinux policy for Nginx:
sudo getsebool -a | grep httpd

If httpd_can_network_connect is off, you can turn it on using the following command:
sudo setsebool -P httpd_can_network_connect 1

This command will allow Nginx to make network connections

@Anju12345hub
Copy link

Anju12345hub commented May 6, 2024

$sudo certbot --nginx -d pixtech.work.gd -d www.pixtech.work.gd
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for pixtech.work.gd and www.pixtech.work.gd

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: pixtech.work.gd
Type: dns
Detail: DNS problem: server failure at resolver looking up CAA for work.gd

Domain: www.pixtech.work.gd
Type: dns
Detail: DNS problem: server failure at resolver looking up CAA for work.gd

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
-when i run the last command in this github ,I got this error.please help me to resolve this issue.

@umakant8732
Copy link

how i could encrypt SSL for an ip address?

@anand-shete
Copy link

anand-shete commented May 7, 2024

$sudo certbot --nginx -d pixtech.work.gd -d www.pixtech.work.gd Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for pixtech.work.gd and www.pixtech.work.gd

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: pixtech.work.gd Type: dns Detail: DNS problem: server failure at resolver looking up CAA for work.gd

Domain: www.pixtech.work.gd Type: dns Detail: DNS problem: server failure at resolver looking up CAA for work.gd

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet. -when i run the last command in this github ,I got this error.please help me to resolve this issue.

It seems like Certbot is having trouble authenticating your domains due to a DNS issue. The error message indicates that there is a problem with the DNS server's ability to look up the Certification Authority Authorization (CAA) records for the domains work.gd, pixtech.work.gd, and www.pixtech.work.gd.
give your error prompt to chatgpt if doesn't work then stackoverflow if still doesn't then youtube.

@anand-shete
Copy link

how i could encrypt SSL for an ip address?

just chatGPT and u will get all the command. just look it up and be cautious

@apurvjha123
Copy link

Here is ultimate solution 👍

After step 7 you need to add this step:

Reset everything, uninstall, and install.

sudo apt remove nginx
sudo aptinstall nginx


Create a file in the /etc/nginx/conf.d directory named domain‑name.conf (so in our example, www.example.com.conf).
Run sudo nano /etc/nginx/conf.d/<domain‑name>.conf command

server {
	listen        80;
	server_name <yourdomain.com>;
	location / {
		proxy_pass         http://localhost:3000;
		proxy_http_version 1.1;
		proxy_set_header   Upgrade $http_upgrade;
		proxy_set_header   Host $host;
		proxy_cache_bypass $http_upgrade;
		proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header   X-Forwarded-Proto $scheme;
	}
}


Save the file, then run this command to verify the syntax of your configuration and restart NGINX.
sudo nginx -t && sudo nginx -s reload

now you can go with step 8

Thanks me later 🥇

@rounakraj03
Copy link

rounakraj03 commented Jun 12, 2024

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com when i do this my site goes down and shows, 404 Not Found nginx/1.18.0 (Ubuntu) please help

Actually it is not working because in the inbound rule...you might didnt open port 443- which is for https!!!

(Hopefully that will solve the issue)

@KetanCapriTech
Copy link

Can we use only ec2 public (static) ip address instead of domain name ? and yes then what will be the process ?

@myselfprincee
Copy link

Can we use only ec2 public (static) ip address instead of domain name ? and yes then what will be the process ?

well it is possible. but, How you're gonna use it..

if you're making an app only for yourself i think then it will be fine. as even on free hosting platforms, they provide you a url for your app. as it is very hard to remember the ip address of the server. if you can remember that. then, you're good.

use freenom you'll get a domain name for free.

@KetanCapriTech
Copy link

freenom is always display domain not available ? any alternate option

@myselfprincee
Copy link

there are plenty's of domain available. join a hackathon which is sponsored by xyz. you'll a domain there, there are plenty of ways man. do google you'll get one for sure

@deepak725
Copy link

Hello everyone , recently I deployed nodejs application from these steps. I faced an issue after setting up ssl.. that my nginx was not able to read the certificate from certbort so i ended up giving read access to whole certbot folder under etc after it nginx was able to read the certificate but my domain was not working so I come to know that I have to add securtiy group for port 443 which is default for https and port 80 is http only. this security step is for those who is using aws ec2 or cloud machines to run the app.

@21485A5401
Copy link

root@ubuntu-s-1vcpu-1gb-blr1-01:~# sudo certbot --nginx -d backend.theswaap.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for backend.theswaap.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: backend.theswaap.com
Type: unauthorized
Detail: 2a02:4780:11:1361:0:3136:f07e:8: Invalid response from http://backend.theswaap.com/.well-known/acme-challenge/noL8OaEETm5_RhI0zcMyQ7hhRZ_XbGi8ee0fWiPdw-o: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment