spaksa/SSL enabled Node.js server setup

## SSL enabled Node.js server setup
# SSH
ssh root@SERVER_IP -p 22

# Add user
adduser username

# Root privileges
gpasswd -a username sudo

# Install nano
sudo apt-get update
sudo apt-get install -y nano

# Configue SSH Daemon
nano /etc/ssh/sshd_config
  PermitRootLogin no
  Port 2734

# Restart SSH service
sudo service ssh restart

# Firewall
sudo ufw allow 2734/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Confirm firewall exceptions
sudo ufw show added

# Enable Firewall
sudo ufw enable

# Check SWAP file
sudo swapon -s

# Create SWAP file
sudo dd if=/dev/zero of=/swapfile bs=8M count=1000
sudo mkswap /swapfile
sudo swapon /swapfile

# Install Node.js
sudo apt-get install -y nodejs
sudo apt-get install -y npm

# Check node version
node -v

# Install n
sudo npm i -g n

# Install stable version of Node.js
sudo n stable

# Install Nginx
sudo apt-get install -y nginx

# Restart Nginx on reboot
sudo update-rc.d nginx defaults

# Install MySql 5.6
sudo apt-get install -y mysql-server-5.6

# Configure MySql
sudo mysql_secure_installation

# Initialize MySql data directory
sudo mysql_install_db

# Login to MySql
mysql -u root -p

# Create MySql user
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';

# Grant all priviliges to new user
GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';

# Flush privileges
FLUSH PRIVILEGES

# Install Redis
sudo apt-get install -y redis-server

# Install Git
sudo apt-get install -y git

# Configure git
git config --global user.name "Name Lastname"
git config --global user.email "email@example.com"

# Install LetsEncrypt
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help

# Install Ruby
sudo apt-get install -y curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties
sudo apt-get install -y libgdbm-dev libncurses5-dev automake libtool bison libffi-dev
curl -L https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
rvm install 2.1.2
rvm use 2.1.2 --default
ruby -v

# Install Compass
gem install compass

# Install pm2
sudo npm i -g pm2

# Configure pm2
pm2 startup ubuntu

# Setup reverse proxy for Node.js application
sudo vi /etc/nginx/sites-available/default

# Replace contents with:
server {
    listen 80;

    server_name example.com;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

# Restart nginx
sudo service nginx restart

# Generate SSL certificate
cd ~/letsencrypt
./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

# Diffie Hellman group
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

# Setup configure SSL for Nginx
sudo nano /etc/nginx/sites-available/default

# Change
listen 443 ssl;

# Add
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;

# Create new server block
server {
  listen 80;
  server_name example.com www.example.com;
  return 301 https://$host$request_uri;
}

# Reload Nginx
sudo service nginx reload

# Securing
sudo nano /etc/nginx/nginx.conf
  server tokens off;
sudo service nginx reload
	# SSH
	ssh root@SERVER_IP -p 22

	# Add user
	adduser username

	# Root privileges
	gpasswd -a username sudo

	# Install nano
	sudo apt-get update
	sudo apt-get install -y nano

	# Configue SSH Daemon
	nano /etc/ssh/sshd_config
	PermitRootLogin no
	Port 2734

	# Restart SSH service
	sudo service ssh restart

	# Firewall
	sudo ufw allow 2734/tcp
	sudo ufw allow 80/tcp
	sudo ufw allow 443/tcp

	# Confirm firewall exceptions
	sudo ufw show added

	# Enable Firewall
	sudo ufw enable

	# Check SWAP file
	sudo swapon -s

	# Create SWAP file
	sudo dd if=/dev/zero of=/swapfile bs=8M count=1000
	sudo mkswap /swapfile
	sudo swapon /swapfile

	# Install Node.js
	sudo apt-get install -y nodejs
	sudo apt-get install -y npm

	# Check node version
	node -v

	# Install n
	sudo npm i -g n

	# Install stable version of Node.js
	sudo n stable

	# Install Nginx
	sudo apt-get install -y nginx

	# Restart Nginx on reboot
	sudo update-rc.d nginx defaults

	# Install MySql 5.6
	sudo apt-get install -y mysql-server-5.6

	# Configure MySql
	sudo mysql_secure_installation

	# Initialize MySql data directory
	sudo mysql_install_db

	# Login to MySql
	mysql -u root -p

	# Create MySql user
	CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';

	# Grant all priviliges to new user
	GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';

	# Flush privileges
	FLUSH PRIVILEGES

	# Install Redis
	sudo apt-get install -y redis-server

	# Install Git
	sudo apt-get install -y git

	# Configure git
	git config --global user.name "Name Lastname"
	git config --global user.email "email@example.com"

	# Install LetsEncrypt
	git clone https://github.com/letsencrypt/letsencrypt
	cd letsencrypt
	./letsencrypt-auto --help

	# Install Ruby
	sudo apt-get install -y curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties
	sudo apt-get install -y libgdbm-dev libncurses5-dev automake libtool bison libffi-dev
	curl -L https://get.rvm.io \| bash -s stable
	source ~/.rvm/scripts/rvm
	echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
	rvm install 2.1.2
	rvm use 2.1.2 --default
	ruby -v

	# Install Compass
	gem install compass

	# Install pm2
	sudo npm i -g pm2

	# Configure pm2
	pm2 startup ubuntu

	# Setup reverse proxy for Node.js application
	sudo vi /etc/nginx/sites-available/default

	# Replace contents with:
	server {
	listen 80;

	server_name example.com;

	location / {
	proxy_pass http://127.0.0.1:3000;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	}
	}

	# Restart nginx
	sudo service nginx restart

	# Generate SSL certificate
	cd ~/letsencrypt
	./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

	# Diffie Hellman group
	sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

	# Setup configure SSL for Nginx
	sudo nano /etc/nginx/sites-available/default

	# Change
	listen 443 ssl;

	# Add
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_stapling on;
	ssl_stapling_verify on;
	add_header Strict-Transport-Security max-age=15768000;

	# Create new server block
	server {
	listen 80;
	server_name example.com www.example.com;
	return 301 https://$host$request_uri;
	}

	# Reload Nginx
	sudo service nginx reload

	# Securing
	sudo nano /etc/nginx/nginx.conf
	server tokens off;
	sudo service nginx reload