This is a complete guide to setup a webserver and deploy website code from this repository on a cloud server (VPS).

Create a new VPS running the latest or LTS version of Ubuntu. SSH into the new server as root and create a group and account specifically for running the server. Add the new user to the sudoers group. Create home directory and change ownership to new user Logout of root and ssh back in as the new user.

  groupadd nodeserver
  adduser nodeserver
  adduser nodeserver nodeserver
  adduser nodeserver sudo

Install Git, NodeJS, NPM, and Forever (using global flag to install into the npm directory). Add symlink to node because Forever process uses that binary. Need to change owner of /usr/local in order to install npm packages without requiring sudo.

  sudo apt-get update
  
  sudo apt-get install nodejs
  sudo ln -s /usr/bin/nodejs /usr/bin/node
  
  sudo apt-get install npm
  sudo apt-get install git
  
  sudo chown -R nodeserver:nodeserver /usr/local
  npm install forever -g

SSH into the server using the nodeserver account and configure git.

  git config --global user.name "ProdWebServer"
  git config --global user.email "[email protected]"

Back on the server, create a directory to house the web code.

  sudo mkdir /www

Clone the github repository for the first time. Each subsequent time a pull command will be used to update the current version of the code to the one found in the repository.

  sudo git clone https://github.com/vberbenetz/CantangoHome.git
  sudo chown -R nodeserver:nodeserver /www

SSH into the server using the nodeserver account.

Disable root login by changing the PermitRootLogin line to a value of no in the /etc/ssh/sshd_config file.

Configure the firewall to only accept on SSH (22) and HTTP ports (80 and forward to 3000 where node is running). Add rule for inter-process communication on the server, as well as forwarding port 80 to 3000 for nodejs.

  sudo iptables -I INPUT 1 -i lo -j ACCEPT                (allow inter-process communication)
  sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
  sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT      (SSH)
  sudo iptables -A INPUT -p tcp --sport 22 -j ACCEPT      (SSH)
  sudo iptables -A INPUT -p tcp --sport 53 -j ACCEPT      (DNS)
  sudo iptables -A INPUT -p udp --sport 53 -j ACCEPT      (DNS)
  sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT      (HTTP)
  sudo iptables -A INPUT -p tcp --dport 3000 -j ACCEPT    (Node Server)
  sudo iptables -A INPUT -p tcp --dport 19991 -j ACCEPT   (Github Webhook For New Post)

Install iptable-persistent package to save these rules permanently.

  sudo apt-get update
  sudo apt-get install iptables-persistent

Add the last rule to drop all other packets, and save the changes.

  sudo iptables -P INPUT DROP
  sudo service iptables-persistent save

Note: When pulling a release from github, the INPUT packets will need to be accepted temporarily. When completed, swtich back to dropping packets as above.

  sudo iptables -P INPUT ACCEPT

Next, add the following lines to the /etc/rc.local file (edit as root). 2 lines are added to navigate to and autostart the webserver script upon a server restart.

  cd /www/CantangoHome
  sudo -u nodeserver /www/CantangoHome/start.sh

Once the file is saved, reboot the server to start up the node web server and to verify that the autostart procedure works. Navigate to the IP in a browser to verify that it is up and working.

Navigate to the domain registrar's personal settings page in a browser (198.173.236.231/stats). Login with the credentials provided by the registrar when domain was purchased. On this page, navigate to Account Management > Domain Services, then choose Edit Zone File from the drop down beside the domain. Change values of all the A Records to the new IP address of the VPS hosting the site's code.