spaksa · April 24, 2016 23:20
diff --git a/SSL enabled Node.js server setup b/SSL enabled Node.js server setup
 # SSH
 ssh root@SERVER_IP -p 22

 # Add user
 adduser username

 # Root privileges
 gpasswd -a username sudo

 # Install nano
 sudo apt-get update
 sudo apt-get install -y nano

 # Configue SSH Daemon
 nano /etc/ssh/sshd_config
  PermitRootLogin no
  Port 2734

 # Restart SSH service
 sudo service ssh restart

 # Firewall
 sudo ufw allow 2734/tcp
 sudo ufw allow 80/tcp
 sudo ufw allow 443/tcp

 # Confirm firewall exceptions
 sudo ufw show added

 # Enable Firewall
 sudo ufw enable

 # Check SWAP file
 sudo swapon -s

 # Create SWAP file
 sudo dd if=/dev/zero of=/swapfile bs=8M count=1000
 sudo mkswap /swapfile
 sudo swapon /swapfile

 # Install Node.js
 sudo apt-get install -y nodejs
 sudo apt-get install -y npm

 # Check node version
 node -v

 # Install n
 sudo npm i -g n

 # Install stable version of Node.js
 sudo n stable

 # Install Nginx
 sudo apt-get install -y nginx

 # Restart Nginx on reboot
 sudo update-rc.d nginx defaults

 # Install MySql 5.6
 sudo apt-get install -y mysql-server-5.6

 # Configure MySql
 sudo mysql_secure_installation

 # Initialize MySql data directory
 sudo mysql_install_db

 # Login to MySql
 mysql -u root -p

 # Create MySql user
 CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';

 # Grant all priviliges to new user
 GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';

 # Flush privileges
 FLUSH PRIVILEGES

 # Install Redis
 sudo apt-get install -y redis-server

 # Install Git
 sudo apt-get install -y git

 # Configure git
 git config --global user.name "Name Lastname"
 git config --global user.email "[email protected]"

 # Install LetsEncrypt
 git clone https://github.com/letsencrypt/letsencrypt
 cd letsencrypt
 ./letsencrypt-auto --help

 # Install Ruby
 sudo apt-get install -y curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties
 sudo apt-get install -y libgdbm-dev libncurses5-dev automake libtool bison libffi-dev
 curl -L https://get.rvm.io | bash -s stable
 source ~/.rvm/scripts/rvm
 echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
 rvm install 2.1.2
 rvm use 2.1.2 --default
 ruby -v

 # Install Compass
 gem install compass

 # Install pm2
 sudo npm i -g pm2

 # Configure pm2
 pm2 startup ubuntu

 # Setup reverse proxy for Node.js application
 sudo vi /etc/nginx/sites-available/default

 # Replace contents with:
 server {
    listen 80;

    server_name example.com;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
 }

 # Restart nginx
 sudo service nginx restart

 # Generate SSL certificate
 cd ~/letsencrypt
 ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

 # Diffie Hellman group
 sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

 # Setup configure SSL for Nginx
 sudo nano /etc/nginx/sites-available/default

 # Change
 listen 443 ssl;

 # Add
 ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/ssl/certs/dhparam.pem;
 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:50m;
 ssl_stapling on;
 ssl_stapling_verify on;
 add_header Strict-Transport-Security max-age=15768000;

 # Create new server block
 server {
  listen 80;
  server_name example.com www.example.com;
  return 301 https://$host$request_uri;
 }

 # Reload Nginx
 sudo service nginx reload

 # Securing
 sudo nano /etc/nginx/nginx.conf
  server tokens off;
 sudo service nginx reload
	# SSH
	ssh root@SERVER_IP -p 22

	# Add user
	adduser username

	# Root privileges
	gpasswd -a username sudo

	# Install nano
	sudo apt-get update
	sudo apt-get install -y nano

	# Configue SSH Daemon
	nano /etc/ssh/sshd_config
	PermitRootLogin no
	Port 2734

	# Restart SSH service
	sudo service ssh restart

	# Firewall
	sudo ufw allow 2734/tcp
	sudo ufw allow 80/tcp
	sudo ufw allow 443/tcp

	# Confirm firewall exceptions
	sudo ufw show added

	# Enable Firewall
	sudo ufw enable

	# Check SWAP file
	sudo swapon -s

	# Create SWAP file
	sudo dd if=/dev/zero of=/swapfile bs=8M count=1000
	sudo mkswap /swapfile
	sudo swapon /swapfile

	# Install Node.js
	sudo apt-get install -y nodejs
	sudo apt-get install -y npm

	# Check node version
	node -v

	# Install n
	sudo npm i -g n

	# Install stable version of Node.js
	sudo n stable

	# Install Nginx
	sudo apt-get install -y nginx

	# Restart Nginx on reboot
	sudo update-rc.d nginx defaults

	# Install MySql 5.6
	sudo apt-get install -y mysql-server-5.6

	# Configure MySql
	sudo mysql_secure_installation

	# Initialize MySql data directory
	sudo mysql_install_db

	# Login to MySql
	mysql -u root -p

	# Create MySql user
	CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';

	# Grant all priviliges to new user
	GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';

	# Flush privileges
	FLUSH PRIVILEGES

	# Install Redis
	sudo apt-get install -y redis-server

	# Install Git
	sudo apt-get install -y git

	# Configure git
	git config --global user.name "Name Lastname"
	git config --global user.email "[email protected]"

	# Install LetsEncrypt
	git clone https://github.com/letsencrypt/letsencrypt
	cd letsencrypt
	./letsencrypt-auto --help

	# Install Ruby
	sudo apt-get install -y curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties
	sudo apt-get install -y libgdbm-dev libncurses5-dev automake libtool bison libffi-dev
	curl -L https://get.rvm.io \| bash -s stable
	source ~/.rvm/scripts/rvm
	echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
	rvm install 2.1.2
	rvm use 2.1.2 --default
	ruby -v

	# Install Compass
	gem install compass

	# Install pm2
	sudo npm i -g pm2

	# Configure pm2
	pm2 startup ubuntu

	# Setup reverse proxy for Node.js application
	sudo vi /etc/nginx/sites-available/default

	# Replace contents with:
	server {
	listen 80;

	server_name example.com;

	location / {
	proxy_pass http://127.0.0.1:3000;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	}
	}

	# Restart nginx
	sudo service nginx restart

	# Generate SSL certificate
	cd ~/letsencrypt
	./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

	# Diffie Hellman group
	sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

	# Setup configure SSL for Nginx
	sudo nano /etc/nginx/sites-available/default

	# Change
	listen 443 ssl;

	# Add
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_stapling on;
	ssl_stapling_verify on;
	add_header Strict-Transport-Security max-age=15768000;

	# Create new server block
	server {
	listen 80;
	server_name example.com www.example.com;
	return 301 https://$host$request_uri;
	}

	# Reload Nginx
	sudo service nginx reload

	# Securing
	sudo nano /etc/nginx/nginx.conf
	server tokens off;
	sudo service nginx reload