10x Developer
Search…
Digital Ocean
Use this link to register Digital Ocean with $10 credit.

Droplet Setup (Ubuntu) for Node.js App (Meteor etc)

Optional:

change editor to use vi sudo update-alternatives --config editor

References:

If you want nginx support:

More security setup from this linux workstation checklist:

MongoDB

automatic backup

1
#!/bin/bash
2
3
MONGO_DATABASE="USE_YOUR_APP_NAME"
4
APP_NAME="USE_YOUR_APP_NAME"
5
6
MONGO_HOST="127.0.0.1"
7
MONGO_PORT="27017"
8
TIMESTAMP=`date +%F-%H%M`
9
MONGODUMP_PATH="/usr/local/bin/mongodump"
10
BACKUPS_DIR="./backups/$APP_NAME"
11
BACKUP_NAME="$APP_NAME-$TIMESTAMP"
12
13
# mongo admin --eval "printjson(db.fsyncLock())"
14
# $MONGODUMP_PATH -h $MONGO_HOST:$MONGO_PORT -d $MONGO_DATABASE
15
$MONGODUMP_PATH -d $MONGO_DATABASE
16
# mongo admin --eval "printjson(db.fsyncUnlock())"
17
18
mkdir -p $BACKUPS_DIR
19
mv dump $BACKUP_NAME
20
tar -zcvf $BACKUPS_DIR/$BACKUP_NAME.tgz $BACKUP_NAME
21
rm -rf $BACKUP_NAME
Copied!
crontab:
1
# run every day at 12am
2
00 00 * * * path/backup_mongodb.sh
Copied!

How to manually backup or restore

1
mongodump -d dbname
2
#or
3
mongodump --port 3001 --username meteor
4
mongorestore --port 3001 -d meteor FOLDER_THAT_HAS_BSON_FILES
Copied!

Oplog

How to enable oplog if the db is already in use?
ref:

SSL

How to check?

Or use ssl-cert-check on server (reference):
1
sudo ssl-cert-check -c /etc/letsencrypt/live/yourdomain.tld/cert.pem
Copied!

(LATEST 2021) With Mup you don't need to do manual setup SSL anymore

Setup SSL using mupx and Let’s Encrypt

Steps

Make sure A record is already updated for your domain first
SSH to server:
1
# ssh to your server
2
git clone https://github.com/letsencrypt/letsencrypt
3
./letsencrypt-auto certonly --standalone --agree-tos --email YOUR_EMAIL -d YOURDOMAIN.COM -d www.YOURDOMAIN.COM
Copied!
The following 4 files will be generated in the archive folder: /etc/letsencrypt/archive/YOURDOMAIN.COM (Note the ones in /etc/letsencrypt/live/YOURDOMAIN.COM is symlinked to archive folder)
    cert1.pem
    chain1.pem
    fullchain1.pem
    privkey1.pem
Now we want to copy those files to your local machine:
1
# compress them on server first
2
sudo tar -cvvf letsencrypt_YYYY_MM_DD.tar /etc/letsencrypt/archive/YOURDOMAIN.COM
3
# then on your local terminal, use scp to get the above file, copy to home folder
4
scp -P 22 [email protected]:/home/USER/letsencrypt_YYYY_MM_DD.tar ~
5
# or
Copied!
Put the downloaded two files (fullchain.pem and privkey.pem) in your local folder where mup can access (see mup.json)
Update mup.json
1
“ROOT_URL”: “https://yourdomain.com",
2
...
3
"ssl": {
4
"certificate": "PATH_TO/fullchain.pem", // this is a bundle of certificates
5
"key": "PATH_TO/privkey.pem", // this is the private key of the certificate
6
"port": 443 // 443 is the default value and it's the standard HTTPS port
7
},
Copied!
Don't forget to add force-ssl package: meteor add force-ssl

Renew automatically

NOTE this will NOT work because the server has to be stopped
Let’s Encrypt expires 90 days, so we create cron job to automatically update:
1
30 2 * * 1 /home/USER/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
Copied!

To renew manually

1
# on dev machine, stop server:
2
mupx stop
3
# on server
4
/home/USER/letsencrypt/letsencrypt-auto renew
5
# above command will generate new files (cert2.pem etc), get the files to local machine
6
# by doing the same steps above: 'sudo tar -cvvf ...' (see above)
7
mupx setup
8
mupx deploy
Copied!
Key points:
    You need to stop server before running renew.
    if cert is expired, you need to run mpux setup again
    if you run letsencrypt renew, new files will be generated (such as cert2.pem)
      cert.pem: Your domain's certificate
      chain.pem: The Let's Encrypt chain certificate
      fullchain.pem: cert.pem and chain.pem combined
      privkey.pem: Your certificate's private key

Reference:

Additional:
Last modified 8mo ago