Skip to content

Latest commit

 

History

History
148 lines (116 loc) · 2.68 KB

ubuntu-setup.md

File metadata and controls

148 lines (116 loc) · 2.68 KB
Raw

digitalocean ubuntu

we will be opening ports later, so lets first add ssh to the firewall to avoid being locked out 

ufw enable
ufw allow 22

create a certificate for the domain with certbot (lets encrypt) https://certbot.eff.org/instructions 

snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot certonly --standalone
certbot renew --dry-run

Note

If you want a certificate for a subdomain, create it normall (ask a certificate for the subdomain, ie: muzee.nirush.me) And after that run: certbot --expand -d SUBDOMAIN.YOURDOMAIN,YOURDOMAIN (ie: ... -d muzee.nirush.me,nirush.me) source

alias python 

vim ~/.bashrc, and add :

- alias python='python3'
- alias pip='python3 -m pip'
  source ~/.bashrc

get pip and venv 

apt install python3-pip -y
apt install python3-venv -y

setup server dir and app dir 

mkdir /home/server
mkdir /home/app

setup venv 

cd /home/server
python -m venv .venv
source .venv/bin/activate

install websockets (and other things if needed) 

pip install websockets

when running serve() in websockets, this needs to be the ssl parameter: 

ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ssl_context.load_cert_chain("/etc/letsencrypt/live/<DOMAIN>/fullchain.pem",
                            "/etc/letsencrypt/live/<DOMAIN>/privkey.pem")

also a good time to open the websocket server port (whatever you chose it to be) 

ufw allow <PORT>

set up the nginx website 

apt install nginx
apt install nginx-extras
vim /etc/nginx/sites-available/<DOMAIN>

put this in the file 

server {
  listen 80;
  server_name donate-idf.com www.donate-idf.com;

  location / {
  return 301 https://$host$request_uri;
    }
}

server {
  listen 443 ssl;
  server_name donate-idf.com www.donate-idf.com;
  
  ssl_certificate /etc/letsencrypt/live/<DOMAIN>/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/<DOMAIN>/privkey.pem;
  
  # Add any additional SSL configuration options here, e.g., SSL protocols and ciphers.
  
  location / {
    root /home/app;  # Set the root directory to /home/app
    index index.html;  # Specify the default file (e.g., index.html)
  }
}

ln -s /etc/nginx/sites-available/<DOMAIN> /etc/nginx/sites-enabled/
nginx -t
service nginx restart

open ports (80, 443) 

ufw status
ufw allow 80/tcp
ufw allow 443/tcp