配置 nodeJS 生产环境

1_80dr8k3pK371Wzi0UG064A

Server configuration

  • system add new user
  • new user set password
  • add new user wheel group
  • config new user rsa_pub.key
  • system Disable root login and password login
  • config data Disk

Environment configuration

nodejs

  • add new version nodeJS repo

    curl -sL https://rpm.nodesource.com/setup_12.x | bash

  • install nodeJS

    sudo dnf install nodejs -y

  • npm config taobao registry

    npm config set registry https://registry.npm.taobao.org

mysql

install mysql

  • install mysql-server 

    sudo dnf install mysql-server -y

  • start mysqld

    sudo systemctl start mysqld

  • enable mysqld

    sudo systemctl enable mysqld

  • config mysqld

    mysql_secure_installation

create database

  • login mysql

    mysql -uroot -p

  • create user

    create user 'user'@'%' identified by 'password';

  • create database

    create database 数据库;

  • user grant database

    grant all privileges on 数据库.* to 'user'@'%';

nginx

  • install nginx

    sudo dnf install nginx -y

  • enable nginx 

    sudo systemctl enable nginx

  • start nginx 

    sudo systemctl start nginx

https

docker

  • install docker repo

     sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

  • install docker-ce

    sudo dnf install docker-ce -y

  • start docker

    sudo systemctl start docker

  • enable docker

    sudo systemctl enable docker

certbot

  • docker pull certbot

    sudo docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" -p 80:80 certbot/certbot certonly

    docker pull 之前停掉之前 nginx server
    设置邮箱,域名

  • config options-ssl-nginx.conf

    sudo vi /etc/letsencrypt/options-ssl-nginx.conf

    options-ssl-nginx.conf

    ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
    
ssl_session_tickets off;
    
ssl_protocols TLSv1.2 TLSv1.3;
    
ssl_prefer_server_ciphers off;
    
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

  • 生成 ssl-dhparams.pem

    sudo openssl dbparam -out ssl-dhparams.pem 2048

nginx proxy

nginx conf

sudo vi /etc/nginx/conf.d/domain-name.conf

domain-name.conf

server {
    listen 80;
    server_name domain-name;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name 域名;

    ssl_certificate /etc/letsencrypt/live/domain-name/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain-name/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_set_header  X-Forwarded-Host $host;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  Host $http_host;
        proxy_set_header  Upgrade $http_upgrade;
        proxy_set_header  Connection "upgrade";
        proxy_redirect    off;
        expires           off;
        sendfile          off;
        proxy_pass        http://127.0.0.1:3000;
    }
}

pm2

  • install pm2

    sudo npm install pm2 --global

  • 启动项目

    pm2 start index.js --name node-app

相关文章

发布者

rockts

喜欢技术,乐于开源! 乐可开源,想改变的也只有世界!

发表评论

电子邮件地址不会被公开。

This site uses Akismet to reduce spam. Learn how your comment data is processed.