-
Notifications
You must be signed in to change notification settings - Fork 0
VM Node test
IPv4: 5.196.206.62
Virtual MAC: 02:00:00:14:05:2c
OS: Ubuntu 14.04
Installed from VM-template
mkdir /etc/nginx/ssl
cd /etc/nginx/ssl
openssl dhparam -rand . 2048 -out dhparam-2048.pem
openssl req -nodes -newkey rsa:2048 -sha256 -key donut.key -out donut-sha256.csr
Country Name (2 letter code) [AU]:FR State or Province Name (full name) [Some-State]:Paris Locality Name (eg, city) []:Paris Organization Name (eg, company) [Internet Widgits Pty Ltd]:DONUT SYSTEMS SAS Organizational Unit Name (eg, section) []:DONUT SYSTEMS SAS Common Name (e.g. server FQDN or YOUR name) []:*.donut.me Email Address []:hello@donut.me Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
SSL certification response has been saved to /etc/nginx/ssl/donut-sha256.crt
wget https://www.gandi.net/static/CAs/GandiStandardSSLCA2.pem
cat USERTrustRSAAddTrustCA.crt | openssl x509 -inform DER -outform PEM > USERTrustRSAAddTrustCA.pem
cat /etc/nginx/ssl/donut-sha256.crt /etc/nginx/ssl/GandiStandardSSLCA2.pem /etc/nginx/ssl/USERTrustRSAAddTrustCA.pem > /etc/nginx/ssl/donut-sha256.pem
openssl req -nodes -newkey rsa:2048 -sha256 -key donut.key -out ws.test.donut-sha256.csr
Country Name (2 letter code) [AU]:FR State or Province Name (full name) [Some-State]:Paris Locality Name (eg, city) []:Paris Organization Name (eg, company) [Internet Widgits Pty Ltd]:DONUT SYSTEMS SAS Organizational Unit Name (eg, section) []:DONUT SYSTEMS SAS Common Name (e.g. server FQDN or YOUR name) []:ws.test.donut.me Email Address []:hello@donut.me Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
SSL certification response has been saved to /etc/nginx/ssl/ws.test.donut-sha256.crt
cat /etc/nginx/ssl/ws.test.donut-sha256.crt /etc/nginx/ssl/GandiStandardSSLCA2.pem /etc/nginx/ssl/USERTrustRSAAddTrustCA.pem > ws.test.donut-sha256.pem
Install nginx (as root):
apt-get install nginx
vi /etc/nginx/nginx.conf
user www-data;
worker_processes 6;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Request optimisation
##
open_file_cache max=50000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
reset_timedout_connection on;
client_body_buffer_size 16K;
client_header_buffer_size 4k;
client_max_body_size 2m;
large_client_header_buffers 4 64k;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 10;
send_timeout 10;
##
# DDOS Protection
##
#Connexions maximum par ip
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 20;
#Nombre de requêtes/s maximum par ip
limit_req_zone $binary_remote_addr zone=allips:10m rate=50r/s;
limit_req zone=allips burst=200 nodelay;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
vi /etc/nginx/donut-error.conf
error_page 403 @donut403;
error_page 404 @donut404;
error_page 500 @donut500;
error_page 501 @donut501;
error_page 502 @donut502;
error_page 503 @donut503;
error_page 504 @donut504;
location @donut403 {
root /home/donut/app/server;
try_files /403.html =403;
}
location @donut404 {
root /home/donut/app/server;
try_files /404.html =404;
}
location @donut500 {
root /home/donut/app/server;
try_files /50x.html =500;
}
location @donut501 {
root /home/donut/app/server;
try_files /50x.html =501;
}
location @donut502 {
root /home/donut/app/server;
try_files /50x.html =502;
}
location @donut503 {
root /home/donut/app/server;
try_files /50x.html =503;
}
location @donut504 {
root /home/donut/app/server;
try_files /50x.html =504;
}
vi /etc/nginx/donut-gzip.conf
gzip on; gzip_min_length 1100; gzip_buffers 16 32k; gzip_types text/plain application/x-javascript text/xml text/css; gzip_comp_level 6; gzip_proxied any; gzip_vary on;
vi /etc/nginx/donut-ssl.conf
ssl on; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/ssl/GandiStandardSSLCA2.pem; ssl_certificate /etc/nginx/ssl/donut-sha256.pem; ssl_certificate_key /etc/nginx/ssl/donut.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; ssl_session_timeout 24h; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/nginx/ssl/dhparam-2048.pem;
vi /etc/nginx/sites-available/donut.conf
# donut
upstream io_nodes {
ip_hash;
server test.donut.me:3050;
server test.donut.me:3051;
}
server {
listen 80;
server_name redirtest.donut.me;
rewrite ^(.*) https://test.donut.me$request_uri permanent;
}
server {
listen 80;
server_name test.donut.me;
rewrite ^(.*) https://test.donut.me$request_uri permanent;
}
server {
listen 443;
server_name test.donut.me;
location /socket.io {
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://io_nodes;
proxy_intercept_errors on;
}
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://test.donut.me:3000;
proxy_intercept_errors on;
}
include donut-gzip.conf;
include donut-ssl.conf;
include donut-error.conf;
}
sudo apt-get install mongodb-clients
$ sudo apt update
$ sudo apt upgrade
$ curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
$ sudo apt-get install nodejs
$ sudo npm update -g npm
$ sudo npm install pm2 -g
$ pm2 update
$ npm -v
3.3.6
$ pm2 -v
0.15.7
$ pm2 install pm2-redis
$ pm2 install pm2-mongodb
$ sudo apt install nodejs
$ sudo npm install -g npm
$ sudo npm install -g pm2
$ su donut
$ pm2 updatePM2
$ pm2 install pm2-redis
$ pm2 install pm2-mongodb
$ node -v
v4.2.3
$ npm -v
3.5.2
$ pm2 -v
0.15.10