nginx_aws.md

Node.js Deployment

Steps to deploy a Node.js app to DigitalOcean using PM2, NGINX as a reverse proxy and an SSL from LetsEncrypt

1. Create Free AWS Account

Create free AWS Account at https://aws.amazon.com/

2. Create and Lauch an EC2 instance and SSH into machine

I would be creating a t2.medium ubuntu machine for this demo.

3. Install Node and NPM

curl -sL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt install nodejs

node --version

4. Clone your project from Github

git clone https://github.com/piyushgargdev-01/short-url-nodejs

5. Install dependencies and test app

sudo npm i pm2 -g
pm2 start index

# Other pm2 commands
pm2 show app
pm2 status
pm2 restart app
pm2 stop app
pm2 logs (Show log stream)
pm2 flush (Clear logs)

# To make sure app starts when reboot
pm2 startup ubuntu

6. Setup Firewall

sudo ufw enable
sudo ufw status
sudo ufw allow ssh (Port 22)
sudo ufw allow http (Port 80)
sudo ufw allow https (Port 443)

7. Install NGINX and configure

sudo apt install nginx

sudo nano /etc/nginx/sites-available/default

Add the following to the location part of the server block

    server_name yourdomain.com www.yourdomain.com;

    location / {
        proxy_pass http://localhost:8001; #whatever port your app runs on
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

# Check NGINX config
sudo nginx -t

# Restart NGINX
sudo nginx -s reload

8. Add SSL with LetsEncrypt

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

# Only valid for 90 days, test the renewal process with
certbot renew --dry-run

$sudo certbot --nginx -d pixtech.work.gd -d www.pixtech.work.gd Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for pixtech.work.gd and www.pixtech.work.gd

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: pixtech.work.gd Type: dns Detail: DNS problem: server failure at resolver looking up CAA for work.gd

Domain: www.pixtech.work.gd Type: dns Detail: DNS problem: server failure at resolver looking up CAA for work.gd

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet. -when i run the last command in this github ,I got this error.please help me to resolve this issue.

It seems like Certbot is having trouble authenticating your domains due to a DNS issue. The error message indicates that there is a problem with the DNS server's ability to look up the Certification Authority Authorization (CAA) records for the domains work.gd, pixtech.work.gd, and www.pixtech.work.gd.
give your error prompt to chatgpt if doesn't work then stackoverflow if still doesn't then youtube.

how i could encrypt SSL for an ip address?

just chatGPT and u will get all the command. just look it up and be cautious

Here is ultimate solution 👍

After step 7 you need to add this step:

Reset everything, uninstall, and install.

sudo apt remove nginx
sudo aptinstall nginx

​
Create a file in the /etc/nginx/conf.d directory named domain‑name.conf (so in our example, www.example.com.conf).
Run sudo nano /etc/nginx/conf.d/<domain‑name>.conf command

server {
	listen        80;
	server_name <yourdomain.com>;
	location / {
		proxy_pass         http://localhost:3000;
		proxy_http_version 1.1;
		proxy_set_header   Upgrade $http_upgrade;
		proxy_set_header   Host $host;
		proxy_cache_bypass $http_upgrade;
		proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header   X-Forwarded-Proto $scheme;
	}
}

​
Save the file, then run this command to verify the syntax of your configuration and restart NGINX.
sudo nginx -t && sudo nginx -s reload

now you can go with step 8

Thanks me later 🥇

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com when i do this my site goes down and shows, 404 Not Found nginx/1.18.0 (Ubuntu) please help

Actually it is not working because in the inbound rule...you might didnt open port 443- which is for https!!!

(Hopefully that will solve the issue)

Can we use only ec2 public (static) ip address instead of domain name ? and yes then what will be the process ?

Can we use only ec2 public (static) ip address instead of domain name ? and yes then what will be the process ?

well it is possible. but, How you're gonna use it..

if you're making an app only for yourself i think then it will be fine. as even on free hosting platforms, they provide you a url for your app. as it is very hard to remember the ip address of the server. if you can remember that. then, you're good.

use freenom you'll get a domain name for free.

freenom is always display domain not available ? any alternate option

there are plenty's of domain available. join a hackathon which is sponsored by xyz. you'll a domain there, there are plenty of ways man. do google you'll get one for sure

Hello everyone , recently I deployed nodejs application from these steps. I faced an issue after setting up ssl.. that my nginx was not able to read the certificate from certbort so i ended up giving read access to whole certbot folder under etc after it nginx was able to read the certificate but my domain was not working so I come to know that I have to add securtiy group for port 443 which is default for https and port 80 is http only. this security step is for those who is using aws ec2 or cloud machines to run the app.

root@ubuntu-s-1vcpu-1gb-blr1-01:~# sudo certbot --nginx -d backend.theswaap.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for backend.theswaap.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: backend.theswaap.com
Type: unauthorized
Detail: 2a02:4780:11:1361:0:3136:f07e:8: Invalid response from http://backend.theswaap.com/.well-known/acme-challenge/noL8OaEETm5_RhI0zcMyQ7hhRZ_XbGi8ee0fWiPdw-o: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

yourdomain

Yes it relly happen

I'm able to run my website on http, not https. Doesnt work at all for me ...
If there's any supportive discord ... im up to ... my discord username : hiyer63