nginx ssl
I'm putting this page here mainly just for my reference.
-
Run service on pm2
-
Create new file
sudo touch /etc/nginx/sites-available/tendril.cc:
server {
listen 80;
listen [::]:80;
server_name site.com www.site.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
- run these commands on command line:
sudo ln -sf /etc/nginx/sites-available/site.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
sudo apt update && sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d site.com -d www.site.com
OR - Serve a folder directly with nginx
server {
listen 80;
listen [::]:80;
server_name site.com www.site.com;
root /home/mysite/www;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Also, if you want to create a new locked down user for your static site on your vps:
# === ON YOUR MAC ===
# Generate an SSH key pair for this site
ssh-keygen -t ed25519 -f ~/.ssh/mysite -C "deploy@mysite"
# === ON YOUR VPS ===
# Create dedicated user
sudo adduser --disabled-password mysite
# Create web root
sudo mkdir -p /home/mysite/www
sudo chown mysite:mysite /home/mysite/www
# Set up SSH key auth
sudo mkdir -p /home/mysite/.ssh
sudo chmod 700 /home/mysite/.ssh
sudo touch /home/mysite/.ssh/authorized_keys
sudo chmod 600 /home/mysite/.ssh/authorized_keys
sudo chown -R mysite:mysite /home/mysite/.ssh
# Paste your public key (copy output of: cat ~/.ssh/mysite.pub on your Mac)
echo "YOUR_PUBLIC_KEY_HERE" | sudo tee /home/mysite/.ssh/authorized_keys
# Lock down home directory
sudo chmod 750 /home/mysite
# === DEPLOY FROM YOUR MAC ===
rsync -avz --delete -e "ssh -i ~/.ssh/mysite" ./public/ mysite@your-server:/home/mysite/www/