we will be opening ports later, so lets first add ssh to the firewall to avoid being locked out
ufw enable
ufw allow 22
create a certificate for the domain with certbot (lets encrypt) https://certbot.eff.org/instructions
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot certonly --standalone
certbot renew --dry-run
Note
If you want a certificate for a subdomain, create it normall (ask a certificate for the subdomain, ie: muzee.nirush.me)
And after that run: certbot --expand -d SUBDOMAIN.YOURDOMAIN,YOURDOMAIN
(ie: ... -d muzee.nirush.me,nirush.me) source
alias python
vim ~/.bashrc, and add :
- alias python='python3'
- alias pip='python3 -m pip'
source ~/.bashrc
get pip and venv
apt install python3-pip -y
apt install python3-venv -y
setup server dir and app dir
mkdir /home/server
mkdir /home/app
setup venv
cd /home/server
python -m venv .venv
source .venv/bin/activate
install websockets (and other things if needed)
pip install websockets
when running serve() in websockets, this needs to be the ssl parameter:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ssl_context.load_cert_chain("/etc/letsencrypt/live/<DOMAIN>/fullchain.pem",
"/etc/letsencrypt/live/<DOMAIN>/privkey.pem")
also a good time to open the websocket server port (whatever you chose it to be)
ufw allow <PORT>
set up the nginx website
apt install nginx
apt install nginx-extras
vim /etc/nginx/sites-available/<DOMAIN>
put this in the file
server {
listen 80;
server_name donate-idf.com www.donate-idf.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name donate-idf.com www.donate-idf.com;
ssl_certificate /etc/letsencrypt/live/<DOMAIN>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<DOMAIN>/privkey.pem;
# Add any additional SSL configuration options here, e.g., SSL protocols and ciphers.
location / {
root /home/app; # Set the root directory to /home/app
index index.html; # Specify the default file (e.g., index.html)
}
}
ln -s /etc/nginx/sites-available/<DOMAIN> /etc/nginx/sites-enabled/
nginx -t
service nginx restart
open ports (80, 443)
ufw status
ufw allow 80/tcp
ufw allow 443/tcp