motorscript.com

Cheat-sheet: Nuxt.js Deployment with Git

Published:
    Download form data
  • Domain Name:
  • IP Address:
  • User on Server :
  • User Password : Regenerate Copy
  • SSH Port :
  • Project Name :
  • Use Firebase as CDN?
  • Manage multiple node versions on server with NVM?

Create a sudo user

useradd -m user
echo user:i9Hpd0t3N8T2Dp5| chpasswd
usermod -aG sudo user
chsh --shell /bin/bash user
su - user

Add user to /etc/ssh/sshd_config AllowUsers configuration line if AllowUsers is used to allow specific user logins via SSH.

Refer to Security: Hardening SSH on Linux Server for SSH Hardening cheatsheet.

Install node

curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
sudo apt-get install -y nodejs

Install yarn and pm2

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt update && sudo apt install yarn
sudo yarn global add pm2
pm2 startup

Create pm2.json file in project root.

{
  "apps": [
    {
      "name": "awecode",
      "instances": "max",
      "exec_mode": "cluster",
      "script": "npm",
      "args": "start",
      "cwd": "/home/user/app/",
      "env": {
        "HOST": "127.0.0.1",
        "PORT": "3000",
        "NODE_ENV": "production"
      }
    }
  ]
}

Setup pushing via Git

cd
mkdir repo.git app conf logs
cd repo.git
git init --bare
git --bare update-server-info
git config core.bare false
git config receive.denycurrentbranch ignore
git config core.worktree /home/user/app

cat > hooks/post-receive <<EOF
#!/bin/bash
git checkout -f
cd /home/user/app
yarn
yarn build \
&& pm2 restart pm2.json
EOF

chmod +x hooks/post-receive
cd
Add this bare repo as a remote on local. 
git remote add server [email protected]:/home/user/repo.git/
ssh-copy-id [email protected]
git push server --all

Install and configure nginx

sudo apt-get install nginx
vim ~/conf/nginx.conf
#Redirect www to non-www
server {
    server_name www.awecode.com;
    return 301 $scheme://awecode.com$request_uri;
}

server {
    listen 80;
    listen [::]:80;
    index index.html;
    server_name awecode.com;

    #access_log /home/user/logs/nginx.access.log;
    #error_log /home/user/logs/nginx.error.log;

    location /sitemap.xml {
      alias /home/user/sitemap.xml;
    }

    location / {
      proxy_pass http://localhost:3000;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
      proxy_redirect off;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Soft-link our configuration to nginx conf directory 

sudo ln -s /home/user/conf/nginx.conf /etc/nginx/sites-enabled/awecode.conf

Obtain SSL certificate with Certbot

apt install certbot python-certbot-nginx
certbot --nginx

Check configuration and restart nginx

nginx -t
systemctl restart nginx